Date: Sat, 20 Feb 1999 13:33:09 -0500 (EST) From: Patrick Seal <patseal@hyperhost.net> To: Jose Carlos da Silva <jcds@brasmail.com.br> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: I've been hacked! Message-ID: <Pine.BSF.4.05.9902201331000.51938-100000@foobar.hyperhost.net> In-Reply-To: <199902201815.NAA00417@hyperhost.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've read over man tcpd 3 times and can't seem to see host to log the ip address. Where else can I look? Thanks! ------------------------------------ _____________________________________ Patrick Seal |"Microsoft isn't evil, they just make <patseal@hyperhost.net> | really crappy operating systems." Hyperhost - http://www.hyperhost.net| -Linus Torvalds hosting and Design http://www.freebsd.org - http://www.linux.org On Sat, 20 Feb 1999, Jose Carlos da Silva wrote: > Patrick, Em 20 Feb 99, voce escreveu: > > > I am using the TCP wrappers, have root login disabled, and am running a > > newly CVSUP'd 3.1-STABLE. What I what to know is how to contact his/her > > ISP. > > You should find the IP address of the connection in your log files. > If you haven't enabled the full log files features of TCP WRAPPERS, > maybe you should check the TCP WRAPPERS documentation to enable the > logging of the IP address of each connection and wait until the next > try of the hacker. > > Once you have the IP address, you should do a NSLOOKUP on it to get > the hostname including the domain name. If the IP address doesn't > have a reverse hostname available, you can try to use traceroute or > RWHOIS (http://www.rwhois.net) to discover from which network he is > trying to connect to your server. In general, it will be an ISP > (Internet Service Provider) used for dialup access. > > Normally, complaints shoud be sent to addreses like abuse@domain.com > or security@domain.com, but it should be a good idea to checkout the > domain homepage to look for his 'Acceptable User Policy' and contact > email addresses. > > In most of the cases, the maximum you will get is to cancel the > hacker dialup account, but he will think twice before trying to > attack you again. > > Regards, > > o-----------------( Jose Carlos da Silva )-----------------o > | Administrador de Rede - WebMaster - jcds@brasmail.com.br | > | ALLNET! Provedor Internet http://www.allnet.com.br | > | Brasmail Internet Services http://www.brasmail.com.br | > | Central Brasileira de Listas http://www.listas.nu | > | Sao Paulo - SP - Brasil Fone: (011)3061-0088 | > o----------------------------------------------------------o > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9902201331000.51938-100000>