report it ............ attached is a nice script you may be able to use ...... *use at own risk* *********** REPLY SEPARATOR *********** On 23/01/00 at 21:01 Steve wrote: >Well, I'd like to start off by thanking each and every one of you on this list >for the help setting up ipchains and making me aware of portsentry and >logcheck as I have effortlessly survived my first potential attack. I woke up >this morning and headed upstate to the computer show not bothering to check my >email. When I returned I had an email from logcheck telling be that portsentry >had dumped a potential hacker into the bit bucket. I am sure most of you who >have had the pleasure of receiving such an email know the joy I felt at that >moment. Now I need some advice as to what I do next. Should I check any other >logs to make sure he didn't get in? Should I report the incident to his local >ISP. What steps do I take next? > >Thank you all again for the help! >Steve > > >BTW: Here is what I got from logcheck: > >Active System Attack Alerts >=-=-=-=-=-=-=-=-=-=-=-=-=-= >Jan 23 08:11:17 localhost portsentry[587]: attackalert: Connect from host: 1Cust249.tnt20.chi5.da.uu.net/63.20.110.249 to UDP port: 31337 >Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via wrappers with string: "ALL: 63.20.110.249" >Jan 23 08:11:17 localhost portsentry[587]: attackalert: Host 63.20.110.249 has been blocked via dropped route using command: "/sbin/ipchains -I input -s 63.20.110.249 -j DENY -l" Regards Greg Wright IT Consultant Sydney Australia -- *** Please trim any replies *** *** Please turn off HTML in your email *** *** Please don't use the list for test messages *** *** Why not read the archives? http://moongroup.com/redhat.phtml *** -- To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe" as the Subject.
