[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] IPs related to hackers

Subject: Re: [cobalt-users] IPs related to hackers
From: "Colin J. Raven" <cjraven@xxxxxxxxxxx>
Date: Sat Feb 10 13:59:52 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

On Sat, 10 Feb 2001, Diana Brake wrote:

> At 02:03 PM 2/10/01, you wrote:
> > > > My logs show several direct attempts from these numbers over the last few
> > > > days:
> ><snip>
> >Which log(s) are you referring to? /var/log/secure? messages?
> >
> 
> I have logcheck installed and it mails me suspicious activity as recorded 
> in the /var/log/messages. It can be configured to check on /var/log/secure 
> and /var/log/maillog
> 
> PortSentry adds IPs to the /etc/hosts.deny file so if I'm a bit late 
> watching the logcheck messages, the IPs are already blocked. PortSentry 
> doesn't add IPs that are being used to run FTP anonymous login scripts or 
> IPs that are being used to attempt logins using the admin ID so I drop 
> those in by hand.
Great info!!!
Thanks Diana, greatly appreciated and most useful to know!!!!!
-Colin

Follow-Ups:
- Re: [cobalt-users] IPs related to hackers
  - From: Carrie Bartkowiak
- Re: [cobalt-users] IPs related to hackers
  - From: fastmedia

References:
- Re: [cobalt-users] IPs related to hackers
  - From: Diana Brake

Prev by Date: [cobalt-users] uploading files
Next by Date: [cobalt-users] Fw: !! Urgent - Need your help mailing the cobalt-list!!
Previous by thread: Re: [cobalt-users] IPs related to hackers
Next by thread: Re: [cobalt-users] IPs related to hackers

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index