Honeypots mailing list archives
Re: diff types of logging and tracking hackers
From: "Skill2die4" <skill2die4 () phreaker net>
Date: Sat, 22 Feb 2003 23:49:18 -0500
## Hi, Wassup :) ## i want to know what r the different kinds of logging. I would differentiate logs into 3 categories: * Network Log * Application Log * File Log ## what r the diffrent events that can be logged Network logs can be easily generate by use of any sniffing utility like tcpdump , snort , ethereal ... Such logs would give you an idea about which systems in ur domain are open to hackers and gain their attention eg... if you see AXFR against ur DNS , or if a hacker founds a FTP server and does a bounce scan from that .. THATS BAD !! Application log is available with all types of OS , with Linux system you can play around with it and tweak it to make them cool 'n organized (can do that with M$oft too .. .but i personally like linux) ... anyways ... this , type of logs would help you pin-point to the applications which the hacker found vulnerable and tried to attack .. eg... you find in your syslogs plenty of SMTP relays, or if you trying to access to your .EXE's or bin folder... File log should be enabled with something like tripwire it will help you to find out what files the hacker was trying to grab eg. password files , settings-file .. this will tell you where to modify your "R-W-X" file permissions ... ## How can we track attackers while he is online on your system? well , you can try to track his/her IP address using the network logs and then you gain more information about them by using whois/dig/ns_lookup type stuff ... www.samspade.com << cool webpage for the doing some basic stuff like traceroute/dns/.... however, intelligent hackers would be hiding behind the NAT/proxy ... then you cannot do much !! So, getting his/her IP doesnt tell you much .. it might be that the hacker attacked some innocent kids computer and is attacking from there ... # what do u advice in this context. I am just doing my college .. dunno much about the admin. side .. maybe some ... amiable-administrator will shed more light onto this matter about how they trace hackers ... !! my 2 cents ..... skill2die4
Current thread:
- diff types of logging and tracking hackers Sweta Gupta (Feb 21)
- Re: diff types of logging and tracking hackers Skill2die4 (Feb 24)