Hacking...

TimDimman · 02-11-2002, 07:55 PM

I know there is a /var/log dir, but how can I monitor my setup so that I know I'm not constantly being hacked?

I have Firestarter running as a firewall currently, but since I haven't rebooted, I can't read the GUI log...

Anyways, if anyone can point me in the right direction (basically learn how to read the log files) I'd greatly appreciate it!

This is a nice forum BTW...

Tim

Scotty2435 · 02-11-2002, 08:55 PM

i think that's a good place to look but you're probably not in any danger unless you run servers like ftp, telnet, ssh, and web.

unSpawn · 02-12-2002, 01:34 AM

Try to see firewalling as a *deterrant*.
For intrusion *detection*, with the ability to raise alarms, add rules to the fw conf, and stats you could use Snort.
For a breakdown on how the values in your firewall's log add up, google "Robert Graham" or "firewall seen", for an active breakdown google "iptables logfile analyzer" (which should be somewhere in the .cc domain).

acid_kewpie · 02-12-2002, 06:00 AM

hmm, IS there a decent alternative to the word "hacking" in that sense? i'm a hacker, but not in that sense...

unSpawn · 02-12-2002, 11:51 AM

Well, usually in this context the word "probing" would be correct.

Eh, if you was the one that tried to explain the workings of kernel parts on IRC liking it to flan, crusts and mint sauce (or smptin like that) I'd like to see you define "hacking" :-]

And leave Ulrika-ka-ka or The Dove From Above outta it :-]

TimDimman · 02-12-2002, 03:11 PM

Quote:

Originally posted by acid_kewpie
hmm, IS there a decent alternative to the word "hacking" in that sense? i'm a hacker, but not in that sense...

Would you be more comfortable if I preceded it with Hollywood?

I am running several servers, I'd like to run http which is not currently set up, SSH and ftp.

I'm just worried about opening myself up too much...

Thanks for all the help so far! More is definitely welcome!