You can get the iplogger package, which will log every tcp connection made
to your machine. The lsof package is also useful for finding out if a
service is running on a port on your own machine. I believe lsof is
kernel version dependent, so you may have to expirement some....
example:
[bash]$ lsof -i :22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
sshd 32211 root 6u inet 0x0149ac0c 0t0 TCP *:ssh (LISTEN)
Also, if you are paranoid, I would suggest getting the tripwire package.
This will monitor your system for changed system files.
Wednesday, April 09, 2003
How to monitor suspicious activity?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment