[techtalk] getting ports scanned...
K. Ziel
zoop at scc.net
Sun Oct 8 08:59:52 EST 2000
Hi--
Now that I'm freshly over my DNS angst, I am logging everything that I deny in
my firewall so that I know what's going on...
So, i've been scanned a lot the last few days, and while I htink that I built a
pretty good firewall, I am want to know if someone has managed to infiltrate.
What should I look for in my process list to tell me if i've got friends in my
home box?
I thot that perhaps I should log EVERYTHING, that way I know if someone
got in on a port that i've allowed for say...web access. that of course, leads
to TOO much logging..
then, i thot perhaps a cron, checking if my /var/log/messages has been updated,
and not quite sure how to do that....getting only the latest update to messages.
arg.
Kristin
More information about the Techtalk
mailing list