• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

SITEMAP

2: HELP! Do I have an intruder?

Nobody seams to have a clue as to what caused my strange ftp activity.

However three people replied to me after my first summary. All three

suggested that I install tcp-wrapper to monitor tcp requests. I installed

tcp-wrapper on one of our DECstations to monitor some strange things on

that system. This is a great package! I'm going to install it on our

suns. I haven't tried to install it on my Solaris2 machine so I don't

know how hard the port will be.

Many thanks to:

        Lack Mr G M <gml4410@ggr.co.uk>

        frankm@shadow.cna.tek.com (Frank 'Scruffy' Miller)

        mike@maxwell.as.utexas.edu (Michael Briley)

-Jack Jones

jack@medstat.med.utah.edu

#########################################################################

From: Lack Mr G M <gml4410@ggr.co.uk>

     Can't help you at all on what *caused* the messages. I can suggest

that you install tcp-wrappers. This would have allowed you to

(optionally) log where these calls came from, and disallow them based on

address/network of the caller.

#########################################################################

From: frankm@shadow.cna.tek.com (Frank 'Scruffy' Miller)

Jack, you might try a tcp wrapper or running a promiscous ethernet

process to see *where* the connection is coming from. From there

you can try finger @host to look at utmp and maybe contacting the

sysadmin to set up more tracking.

I'm still in 4.1.3 land ... so the tcp wrapper might not have

been ported to Sys V.

#########################################################################

From: mike@maxwell.as.utexas.edu (Michael Briley)

I'm sorry I missed your original post, but one other thing that you may

want to consider is installing front ends to your network daemons which

monitor any activity. I've set up my machine that way and it is very

nice to have the source of every outside connection logged.

An example from earlier today:

Sep 28 11:09:07 maxwell in.ftpd[15506]: Connect to in.ftpd from beernut1.as.utexas.edu

It was written by Wietse Venema, Eindhoven University of Technology,

The Netherlands. I've forgotten what archive I got this from, but I

could send you a copy.

Comments

"sun managers J [Part J]" Sponsored Links

• "sun managers J [Part J]" New Questiones!

  • 2: Display Postscript & Answerbook
  • 2: /usr/etc/chill - what the h*ll is it ? man page included.
  • 2.3GB/5GB exabyte compatibility
  • 2.0 GB Disk on 4.0.3
  • 2 min. ping
  • 2 frame buffers on IPC
  • 2 Ethernet from a SS10 on Kalpana possible? (another time)
  • 2 CPUS better than 4?
  • 2 - Biff
  • 2 - /etc/utmp
  • 1G SCSI on 4/490
  • 19200 vs 38400?
  • 17" Sun4 monitors to use with a Sun3/50?
  • 16MB SIMMS on IPX
  • 16MB SIMMS in a SPARC 2
  • 16 Port Async Boards for SPARC
  • 14400 Baud Modem
  • 14.4k modem on Sun 4/380
  • 128Mb memory upgrade to 4/470 crashing (REVISITED and SUMMARY)
  • 128 Mbyte in new SPARC2?

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.391