Re: diff types of logging and tracking hackers

["Skill2die4" <skill2die4 () phreaker net>]

## Hi,

Wassup :)

## i want to know what r the different kinds of logging.

I would differentiate logs into 3 categories:
* Network Log
* Application Log
* File Log 


## what r the diffrent events that can be logged

Network logs can be easily generate by use of any sniffing
utility like tcpdump , snort , ethereal ... Such logs would
give you an idea about which systems in ur domain are open
to hackers and gain their attention
eg... if you see AXFR against ur DNS , or if a hacker founds
a FTP server and does a bounce scan from that .. THATS BAD !!


Application log is available with all types of OS , with Linux
system you can play around with it and tweak it to make them 
cool 'n organized (can do that with M$oft too .. .but i 
personally like linux) ... anyways ... this , type of logs 
would help you pin-point to the applications which the 
hacker found vulnerable and tried to attack ..
eg... you find in your syslogs plenty of SMTP relays, or
if you trying to access to your .EXE's or bin folder...



File log should be enabled with something like tripwire
it will help you to find out what files the hacker was trying
to grab eg. password files , settings-file .. this will 
tell you where to modify your "R-W-X" file permissions ... 



## How can we track attackers while he is online on your system? 

well , you can try to track his/her IP address using the
network logs and then you gain more information about 
them by using whois/dig/ns_lookup type stuff ... 
www.samspade.com << cool webpage for the doing some 
basic stuff like traceroute/dns/....

however, intelligent hackers would be hiding behind the
NAT/proxy ... then you cannot do much !!

So, getting his/her IP doesnt tell you much .. it 
might be that the hacker attacked some innocent kids 
computer and is attacking from there ...


# what do u advice in this context.

I am just doing my college .. dunno much about the admin.
side .. maybe some ... amiable-administrator will shed
more light onto this matter about how they trace 
hackers ... !!


my 2 cents .....


skill2die4