[lug] Tracking Connections
Harris, James
James_Harris at maxtor.com
Thu Aug 23 16:03:11 MDT 2001
Is there any way you could get trippy and write an ipchain that snags every
incoming ftp hit and does a traceroute and port scan back onto it? (But
still passes the packet through to your ftp service.) That way you could
get them while there online and might be able to get some more info.
I seem to remember that ipchains can conceptually bump a connection off to a
pipe/trigger a script. I may be completely whacked in thinking this, but
it's an idea... I'm sure there are a billion reasons not to do this even if
it is possible (performance hits, etc...) but I figured I'd throw it out
anyway.
Anyone want to chime in on my insanity (oh, well, that's probably a BAD
thing to ask...)
Jim
-----Original Message-----
From: Kyle Moore [mailto:kmoore at trustamerica.com]
Sent: Friday, August 17, 2001 08:32
To: lug at lug.boulder.co.us
Subject: [lug] Tracking Connections
I have someone who keeps trying anonymous ftp on a couple of our servers.
Syslog gives me the IP they are coming from but what I want to find out is
how they come through our network. I don't have access to any of the
routers' logs. My main concern here is someone is getting into our network
that shouldn't...so I want to verify.
NOTE: I know how horrible ftp is so I don't need any sermons on the wonders
of ssh/scp.
--
Kyle
_______________________________________________
Web Page: http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
More information about the LUG
mailing list