Re: how to detect hack attempts.

On Sunday, February 23, 2020 4:45:55 AM MST Tim via users wrote: > On Sun, 2020-02-23 at 09:56 +0800, Ed Greshko wrote: > > > your IPv4 address is also a Public IP address the same way the IPv6 > > address is. Directly connected to the Internet with no NAT. Also, > > your modem does not have an

Re: how to detect hack attempts.

On 2020-02-23 19:45, Tim via users wrote: > On Sun, 2020-02-23 at 09:56 +0800, Ed Greshko wrote: >> your IPv4 address is also a Public IP address the same way the IPv6 >> address is. Directly connected to the Internet with no NAT. Also, >> your modem does not have an internal Firewall. Therefore,

Re: how to detect hack attempts.

On Sun, 2020-02-23 at 09:56 +0800, Ed Greshko wrote: > your IPv4 address is also a Public IP address the same way the IPv6 > address is. Directly connected to the Internet with no NAT. Also, > your modem does not have an internal Firewall. Therefore, the > firewall on your system is vital. I'd s

Re: how to detect hack attempts. [SOLVED]

On Saturday, February 22, 2020 10:32:19 PM MST Ed Greshko wrote: > On 2020-02-23 11:44, John M. Harris Jr wrote: > > > The harm in this > > demonstrated in this thread was opening EVERY PROCESS THAT BINDS A PORT AS > > THE USER to THE ENTIRE INTERNET, on both IPv4 and IPv6. > > > Except that in

Re: how to detect hack attempts. [SOLVED]

On 2020-02-23 11:44, John M. Harris Jr wrote: > The harm in this > demonstrated in this thread was opening EVERY PROCESS THAT BINDS A PORT AS > THE > USER to THE ENTIRE INTERNET, on both IPv4 and IPv6. Except that in this thread there were no processes bound to any higher port and in LISTEN.

Re: how to detect hack attempts. [SOLVED]

On Saturday, February 22, 2020 8:38:38 PM MST Samuel Sieb wrote: > On 2/22/20 7:34 PM, John M. Harris Jr wrote: > > > On Saturday, February 22, 2020 8:17:01 PM MST Samuel Sieb wrote: > > > >> On 2/22/20 7:07 PM, John M. Harris Jr wrote: > >> > >> > >> > >>> Glad to hear it. A quick note, Fedora W

Re: how to detect hack attempts. [SOLVED]

On 2/22/20 7:34 PM, John M. Harris Jr wrote: On Saturday, February 22, 2020 8:17:01 PM MST Samuel Sieb wrote: On 2/22/20 7:07 PM, John M. Harris Jr wrote: Glad to hear it. A quick note, Fedora Workstation (what I refer to as the "GNOME Spin") may send out an update which resets your firewall t

Re: how to detect hack attempts. [SOLVED]

On Saturday, February 22, 2020 8:17:01 PM MST Samuel Sieb wrote: > On 2/22/20 7:07 PM, John M. Harris Jr wrote: > > > Glad to hear it. A quick note, Fedora Workstation (what I refer to as the > > "GNOME Spin") may send out an update which resets your firewall to their > > defaults, which would ope

Re: how to detect hack attempts. [SOLVED]

On 2/22/20 7:07 PM, John M. Harris Jr wrote: Glad to hear it. A quick note, Fedora Workstation (what I refer to as the "GNOME Spin") may send out an update which resets your firewall to their defaults, which would open you back up to attacks. I'll pass this along, and hopefully we can get a more

Re: how to detect hack attempts. [SOLVED]

On Saturday, February 22, 2020 8:03:22 PM MST home user wrote: > The original desire for a way to occasionally check for hack-in attempts > is satisfied by the 2 commands "lastb" and "last" suggested by Ed. > Other related issues came up in this thread; I trust that they've been > addressed. M

Re: how to detect hack attempts. [SOLVED]

The original desire for a way to occasionally check for hack-in attempts is satisfied by the 2 commands "lastb" and "last" suggested by Ed.  Other related issues came up in this thread; I trust that they've been addressed.  My sense is that my firewall is as it should be.  The suggestions fail2

Re: how to detect hack attempts.

On 2/22/20 4:50 PM, home user wrote: 3: virbr0: mtu 1500 qdisc noqueue state DOWN group default qlen 1000     link/ether 52:54:nn:nn:nn:nn brd ff:ff:ff:ff:ff:ff     inet 192.168.nnn.n/nn brd 192.168.nnn.nnn scope global virbr0    valid_lft forever preferred_lft forever This is the virt

Re: how to detect hack attempts.

On 2020-02-23 08:50, home user wrote: > (responding to the 2020-02-21 0759pm mountain time post by Louis) > > (Ed earlier said) > > I asked about that number since some folks are skittish > > about revealing their actual IP addresses. > > Ed knows me well! > > I'm not sure which of all them sequenc

Re: how to detect hack attempts.

(responding to the 2020-02-21 0759pm mountain time post by Louis) (Ed earlier said) > I asked about that number since some folks are skittish > about revealing their actual IP addresses. Ed knows me well! I'm not sure which of all them sequences "ip add show" displays Louis is referring to, so

Re: how to detect hack attempts.

On 2020-02-23 03:52, John M. Harris Jr wrote: > We've already confirmed, earlier in the thread, that it's on a public IP. That is only true in the context of the IPv6 address space. There is no reason why the IPv4 address can't be "private" with NAT being performed by another device within the C

Re: how to detect hack attempts.

On Saturday, February 22, 2020 5:11:49 AM MST Louis Lagendijk wrote: > On Fri, 2020-02-21 at 13:15 -0700, home user wrote: > > > (On 2020-0221 10:51pm, Ed wrote) > > > > > BTW, if you do an "ip -6 add show eno1" > > > do the numbers a358:d643 appear in the output? > > > > > > -bash.1[~]: ip -

Re: how to detect hack attempts.

(on 2020-02-21 5:11am mountain time, Louis wrote) > What kind of IPv4-address do you get? I have forgotten the command to show me that.  How do I see that? ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le.

Re: how to detect hack attempts.

My workstation was off yesterday starting soon after 1:15pm (mountain time) post, and I was out.  Now I'm back and online.  On to the posts after that... ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le..

Re: how to detect hack attempts.

On Fri, 2020-02-21 at 13:15 -0700, home user wrote: > (On 2020-0221 10:51pm, Ed wrote) > > BTW, if you do an "ip -6 add show eno1" > > do the numbers a358:d643 appear in the output? > > -bash.1[~]: ip -6 add show eno1 > 2: eno1: mtu 1500 qdisc fq_codel > state > UP group default qlen 1000 >

Re: how to detect hack attempts.

On Friday, February 21, 2020 7:17:33 PM MST Tim via users wrote: > Tim: > > >> Beyond the usual (HTTP, mail, DNS servers, etc), what is the average > >> non-admin user going to set up that listens as a server? Admin- > >> users setting up those traditional services ought to know how to > >> manag

Re: how to detect hack attempts.

Tim: >> Beyond the usual (HTTP, mail, DNS servers, etc), what is the average >> non-admin user going to set up that listens as a server? Admin- >> users setting up those traditional services ought to know how to >> manage firewalls, or they ought not to mess around with those >> services. Samuel

Re: how to detect hack attempts.

On 2020-02-22 08:10, George N. White III wrote: > On Fri, 21 Feb 2020 at 18:42, Ed Greshko > wrote: > > [...] > FWIW, I have an additional system fully open to the Internet but > configured as an IPv6 only system. > I use a public NAT64/DNS64 service for

Re: how to detect hack attempts.

On Thursday, February 20, 2020 11:19:11 PM MST Samuel Sieb wrote: > You generally have to ask the ISP to switch the > modem to bridge mode, which I do so I can run my own gateway server. Actually, you can normally do that yourself. -- John M. Harris, Jr. Splentity __

Re: how to detect hack attempts.

On Friday, February 21, 2020 8:07:15 AM MST Tim via users wrote: > On Thu, 2020-02-20 at 21:34 -0800, Samuel Sieb wrote: > > > Any critical system daemons are 1024 and below. The reason the high > > ports are left open is for user applications to be able to > > communicate without users having t

Re: how to detect hack attempts.

On Fri, 21 Feb 2020 at 18:42, Ed Greshko wrote: > [...] > FWIW, I have an additional system fully open to the Internet but > configured as an IPv6 only system. > I use a public NAT64/DNS64 service for access to non-IPv6. Owing to the > number of IPv6 addresses, I assume, > it has never been prob

Re: how to detect hack attempts.

On 2020-02-22 06:10, Samuel Sieb wrote: > On 2/21/20 12:15 PM, home user wrote: >> (On 2020-0221 10:51pm, Ed wrote) >>  > BTW, if you do an "ip -6 add show eno1" >>  > do the numbers a358:d643 appear in the output? >> >> -bash.1[~]: ip -6 add show eno1 >> 2: eno1: mtu 1500 qdisc fq_codel state UP

Re: how to detect hack attempts.

On 2/21/20 12:15 PM, home user wrote: (On 2020-0221 10:51pm, Ed wrote) > BTW, if you do an "ip -6 add show eno1" > do the numbers a358:d643 appear in the output? -bash.1[~]: ip -6 add show eno1 2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000     inet6 2001:558:6040:5d:9d66

Re: how to detect hack attempts.

On 2/21/20 7:07 AM, Tim via users wrote: On Thu, 2020-02-20 at 21:34 -0800, Samuel Sieb wrote: Any critical system daemons are 1024 and below. The reason the high ports are left open is for user applications to be able to communicate without users having to figure out the firewall. Beyond the

Re: how to detect hack attempts.

(On 2020-0221 10:51pm, Ed wrote) > BTW, if you do an "ip -6 add show eno1" > do the numbers a358:d643 appear in the output? -bash.1[~]: ip -6 add show eno1 2: eno1: mtu 1500 qdisc fq_codel state UP group default qlen 1000     inet6 2001:558:6040:5d:9d66:dfa1:a358:d643/128 scope global dynamic

Re: how to detect hack attempts.

On Fri, 21 Feb 2020 at 11:08, Tim via users wrote: > On Thu, 2020-02-20 at 21:34 -0800, Samuel Sieb wrote: > > Any critical system daemons are 1024 and below. The reason the high > > ports are left open is for user applications to be able to > > communicate without users having to figure out the

Re: how to detect hack attempts.

OSSEC, perhaps? On 2/20/20 1:46 PM, home user wrote: > (F-30; Gnome; stand-alone home workstation) > > Sometime last year, I saw an article that talked about a tool that > quickly and easily shows attempts to hack in to a computer.  I think it > was either in the Fedora magazine or Gnome's websit

Re: how to detect hack attempts.

On Thu, 2020-02-20 at 21:34 -0800, Samuel Sieb wrote: > Any critical system daemons are 1024 and below. The reason the high > ports are left open is for user applications to be able to > communicate without users having to figure out the firewall. Beyond the usual (HTTP, mail, DNS servers, etc),

Re: how to detect hack attempts.

On 2020-02-21 14:19, Samuel Sieb wrote: > On 2/20/20 9:42 PM, Ed Greshko wrote: >> On 2020-02-21 13:39, Samuel Sieb wrote: >>> On 2/20/20 11:46 AM, home user wrote: (F-30; Gnome; stand-alone home workstation) Sometime last year, I saw an article that talked about a tool that quickly

Re: how to detect hack attempts.

On 2/20/20 9:42 PM, Ed Greshko wrote: On 2020-02-21 13:39, Samuel Sieb wrote: On 2/20/20 11:46 AM, home user wrote: (F-30; Gnome; stand-alone home workstation) Sometime last year, I saw an article that talked about a tool that quickly and easily shows attempts to hack in to a computer.  I thi

Re: how to detect hack attempts.

On 2020-02-21 13:08, home user wrote: > (on 02/20/2020 at 9:56pm mountain time, Ed said) > > No need. > > I didn't see that until after I rebooted. > > -bash.1[~]: netstat -napt | grep -i listen > tcp    0  0 192.168.122.1:53    0.0.0.0:* LISTEN  1246/dnsmasq > tcp    0  0 0

Re: how to detect hack attempts.

On Thursday, February 20, 2020 10:44:16 PM MST Ed Greshko wrote: > On 2020-02-21 13:34, Samuel Sieb wrote: > > > On 2/20/20 7:47 PM, Ed Greshko wrote: > > > >> Oh, never mind. Wrong system. The "default" rules for > >> FedoraWorkstationso seem "odd". > > > > > > > Not really. > > > > > > > >> [

Re: how to detect hack attempts.

On 2020-02-21 13:34, Samuel Sieb wrote: > On 2/20/20 7:47 PM, Ed Greshko wrote: >> Oh, never mind.  Wrong system.  The "default" rules for FedoraWorkstationso >> seem "odd". > > Not really. > >> [root@f31m ~]# firewall-cmd --info-zone=FedoraWorkstation >> FedoraWorkstation >>    target: default >>

Re: how to detect hack attempts.

On Thursday, February 20, 2020 10:39:06 PM MST Samuel Sieb wrote: > On 2/20/20 11:46 AM, home user wrote: > > > (F-30; Gnome; stand-alone home workstation) > > > > Sometime last year, I saw an article that talked about a tool that > > quickly and easily shows attempts to hack in to a computer.

Re: how to detect hack attempts.

On 2020-02-21 13:39, Samuel Sieb wrote: > On 2/20/20 11:46 AM, home user wrote: >> (F-30; Gnome; stand-alone home workstation) >> >> Sometime last year, I saw an article that talked about a tool that quickly >> and easily shows attempts to hack in to a computer.  I think it was either >> in the F

Re: how to detect hack attempts.

On 2/20/20 11:46 AM, home user wrote: (F-30; Gnome; stand-alone home workstation) Sometime last year, I saw an article that talked about a tool that quickly and easily shows attempts to hack in to a computer.  I think it was either in the Fedora magazine or Gnome's website.  I've since made m

Re: how to detect hack attempts.

On 2/20/20 7:47 PM, Ed Greshko wrote: Oh, never mind.  Wrong system.  The "default" rules for FedoraWorkstationso seem "odd". Not really. [root@f31m ~]# firewall-cmd --info-zone=FedoraWorkstation FedoraWorkstation   target: default   icmp-block-inversion: no   interfaces:   sources:   s

Re: how to detect hack attempts.

(on 02/20/2020 at 9:56pm mountain time, Ed said) > No need. I didn't see that until after I rebooted. -bash.1[~]: netstat -napt | grep -i listen tcp    0  0 192.168.122.1:53    0.0.0.0:* LISTEN  1246/dnsmasq tcp    0  0 0.0.0.0:631 0.0.0.0:* LISTEN  1078

Re: how to detect hack attempts.

On 2020-02-21 12:54, home user wrote: > (on 02/20/2020 at 9:05pm mountain time, Ed said) > > systemctl --now disable rpcbind > > systemctl --now disable rpcbind.socket > > -bash.1[~]: systemctl --now disable rpcbind > Removed /etc/systemd/system/multi-user.target.wants/rpcbind.service. > Warning: S

Re: how to detect hack attempts.

(on 02/20/2020 at 9:05pm mountain time, Ed said) > systemctl --now disable rpcbind > systemctl --now disable rpcbind.socket -bash.1[~]: systemctl --now disable rpcbind Removed /etc/systemd/system/multi-user.target.wants/rpcbind.service. Warning: Stopping rpcbind.service, but it can still be activ

Re: how to detect hack attempts.

(on 02/20/2020 9:16pm mountain time, John said) > On your system, it'd be `eno1`. reboot done.  everything looks good so far.  Thank-you, John. Now back to Ed and rpcbind. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an e

Re: how to detect hack attempts.

(on 02/20/2020 9:16pm mountain time, John said) > On your system, it'd be `eno1`. ok.  finishing... -bash.21[~]: firewall-cmd --change-interface=eno1 --zone=public success -bash.22[~]: I'll now reboot and see what happens. drum roll please ___ user

Re: how to detect hack attempts.

(on 02/20/2020 at 9:03pm mountain time, Ed said) > I don't know how you've gone about identifying "hack attempts". I was looking at journalctl output for something else; I don't recall what.  It was years ago.  I happened to notice many entries reporting login attempts to root and other login na

Re: how to detect hack attempts.

On Thursday, February 20, 2020 9:14:24 PM MST home user wrote: > (on 02/20/2020 8:17pm mountain time, John said) > > > > (if using Gnome...) > > Step 1: `sudo firewall-cmd --set-default-zone=public` > > > -bash.16[~]: firewall-cmd --set-default-zone=public > Warning: ZONE_ALREADY_SET: public

Re: how to detect hack attempts.

(on 02/20/2020 8:17pm mountain time, John said) > (if using Gnome...) > Step 1: `sudo firewall-cmd --set-default-zone=public` -bash.16[~]: firewall-cmd --set-default-zone=public Warning: ZONE_ALREADY_SET: public success -bash.17[~] > After this, you'll want to get the name of the primary interf

Re: how to detect hack attempts.

On 2020-02-21 12:02, home user wrote: > (on 02/20/2020 at 8:16pm mountain time, Ed said) > > ... > > (port 111 and rpcbind) > > As time permits I'd check > > systemctl status rpcbind > > and > > systemctl status rpcbind.socket > > -bash.13[~]: systemctl status rpcbind > ● rpcbind.service - RPC Bind

Re: how to detect hack attempts.

On 2020-02-21 11:53, home user wrote: > (on 02/20/2020 at 7:34pm mountain time, Frank said) > > Another suggestion, get Wireshark for sniffing traffic, > > run a sniffer trace as you are using the machine. You'll > > want to capture any IP (layer 3) traffic leaving or > > entering your machine (may

Re: how to detect hack attempts.

(on 02/20/2020 at 8:16pm mountain time, Ed said) > ... > (port 111 and rpcbind) > As time permits I'd check > systemctl status rpcbind > and > systemctl status rpcbind.socket -bash.13[~]: systemctl status rpcbind ● rpcbind.service - RPC Bind    Loaded: loaded (/usr/lib/systemd/system/rpcbind.serv

Re: how to detect hack attempts.

(on 02/20/2020 at 7:34pm mountain time, Frank said) > Another suggestion, get Wireshark for sniffing traffic, > run a sniffer trace as you are using the machine. You'll > want to capture any IP (layer 3) traffic leaving or > entering your machine (may want to setup filters to reduce > capture size

Re: how to detect hack attempts.

On 2020-02-21 11:25, Ed Greshko wrote: > On 2020-02-21 11:17, John M. Harris Jr wrote: >> This exact scenario is why I don't believe the GNOME Spin should have ever >> been allowed to effectively disable the firewall with their absurd >> FedoraWorkstation firewall zone. > What do you find absurd

Re: how to detect hack attempts.

On 2020-02-21 11:17, John M. Harris Jr wrote: > This exact scenario is why I don't believe the GNOME Spin should have ever > been allowed to effectively disable the firewall with their absurd > FedoraWorkstation firewall zone. What do you find absurd about the FedoraWorkstation zone? [root@f31g

Re: how to detect hack attempts.

On Thursday, February 20, 2020 8:06:56 PM MST John M. Harris Jr wrote: > On Thursday, February 20, 2020 1:21:08 PM MST home user wrote: > > > (on 02/20/2020 1:11pm mountain time, Jack said) > > > > > > > router logs help me... > > > > > > My system is isp -> modem -> workstation. No router a

Re: how to detect hack attempts.

On 2020-02-21 10:43, home user wrote: > (on 02/20/2020 at 3:59pm mountain time, Ed said) > > sudo netstat -napt | grep -i listen > I did it twice, the extra time to get the column headers.  Splicing the two > together... > > Active Internet connections (servers and established) > Proto Recv-Q Send

Re: how to detect hack attempts.

On Thursday, February 20, 2020 1:21:08 PM MST home user wrote: > (on 02/20/2020 1:11pm mountain time, Jack said) > > > router logs help me... > > My system is isp -> modem -> workstation. No router at this time. Are you running "GNOME Workstation" on that system? If so, I would recommend chan

Re: how to detect hack attempts.

(on 02/20/2020 at 7:54pm mountain time, Frank said) > Looks fine, CUPSD, is listening on both ipv4 and ipv6. > There does not seem to be anything out of the ordinary. > If not already done so, install and configure a firewall. > You can do 'systemctl status firewalld' to see if firewall is enabled

Re: how to detect hack attempts.

(on 02/20/2020 at 6:14pm mountain time, George said) > "Not yet been activated" sounds like someone stole the mail > and tried to use your new card (new 3-digit code and new expiry date). Possible, but rather unlikely.  The mailbox requires a key to open. It's also possible that data going from t

Re: how to detect hack attempts.

Looks fine, CUPSD, is listening on both ipv4 and ipv6. There does not seem to be anything out of the ordinary. If not already done so, install and configure a firewall. You can do 'systemctl status firewalld' to see if firewall is enabled On Thu, Feb 20, 2020 at 9:44 PM home user wrote: > > (on

Re: how to detect hack attempts.

(on 02/20/2020 at 3:59pm mountain time, Ed said) > sudo netstat -napt | grep -i listen I did it twice, the extra time to get the column headers.  Splicing the two together... Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address   Foreign Address State 

Re: how to detect hack attempts.

Another suggestion, get Wireshark for sniffing traffic, run a sniffer trace as you are using the machine. You'll want to capture any IP (layer 3) traffic leaving or entering your machine (may want to setup filters to reduce capture size). This may be a way to start your analysis. Disable any servi

Re: how to detect hack attempts.

On Thu, 20 Feb 2020 at 18:50, home user wrote: > (on 02/20/2020 at 2:10pm mountain time, Ed said) > > > Do you have a fixed IP or dynamic IP? > > I believe it's fixed, provided by the ISP (comcast). > > > What services do you run on your system? It helps to know what area > you're concerned wi

Re: how to detect hack attempts.

On 2020-02-21 07:50, home user wrote: > (on 02/20/2020 at 3:59pm mountain time, Ed said) > > > Examples of a service are > > ... > If these are running on my workstation, it must be by default.  I did not > start them.  How do I check? sudo netstat -napt | grep -i listen -- The key to getting

Re: how to detect hack attempts.

(on 02/20/2020 at 3:59pm mountain time, Ed said) > Examples of a service are > ... If these are running on my workstation, it must be by default.  I did not start them.  How do I check? > > No one is authorized to connect in from outside; I myself do not try to do so. > I don't know what tha

Re: how to detect hack attempts.

(on 02/20/2020 1:49pm mountain time, Frank said) > If you are thinking of brute-force attacks on open ports, > have a look at "fail2ban" - would use logs on your workstation > and your firewall setup to block attempts. I looked at it, downloaded it, looked at the man pages, and tried it.  At th

Re: how to detect hack attempts.

On 2020-02-21 06:49, home user wrote: > (on 02/20/2020 at 2:10pm mountain time, Ed said) > > > Do you have a fixed IP or dynamic IP? > > I believe it's fixed, provided by the ISP (comcast). > > > What services do you run on your system?  It helps to know what area you're > > concerned with. > > *

Re: how to detect hack attempts.

(on 02/20/2020 at 2:10pm mountain time, Ed said) > Do you have a fixed IP or dynamic IP? I believe it's fixed, provided by the ISP (comcast). > What services do you run on your system?  It helps to know what area you're concerned with. * Firefox, Thunderbird, Tor (rarely), dnf, zoom (for mee

Re: how to detect hack attempts.

On 2020-02-21 04:21, home user wrote: > (on 02/20/2020 1:11pm mountain time, Jack said) > > router logs help me... > My system is isp -> modem -> workstation.  No router at this time. Do you have a fixed IP or dynamic IP? What services do you run on your system?  It helps to know what area you're

Re: how to detect hack attempts.

If you are thinking of brute-force attacks on open ports, have a look at "fail2ban" - would use logs on your workstation and your firewall setup to block attempts. Are there specific applications/services you are concerned about? If you are thinking about SSHD, consider use of ssh-keygen for user/

Re: how to detect hack attempts.

(on 02/20/2020 1:11pm mountain time, Jack said) > router logs help me... My system is isp -> modem -> workstation.  No router at this time. ___ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedorapr

Re: how to detect hack attempts.

router logs help me... On Thu, Feb 20, 2020 at 11:47 AM home user wrote: > (F-30; Gnome; stand-alone home workstation) > > Sometime last year, I saw an article that talked about a tool that > quickly and easily shows attempts to hack in to a computer. I think it > was either in the Fedora magaz

how to detect hack attempts.

(F-30; Gnome; stand-alone home workstation) Sometime last year, I saw an article that talked about a tool that quickly and easily shows attempts to hack in to a computer.  I think it was either in the Fedora magazine or Gnome's website.  I've since made multiple attempts to find that article,