[ale] What's this guy doing?

UnderGrid Founder undrgrid at undergrid.net
Mon Apr 12 19:09:00 EDT 1999


--pf9I7BMVVzbSWLtt
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Matthew Brown decided to waste my bandwidth saying:
> What do you use for log-checking?  Do you just have a cron job send you
> greps of secure and messages?
>=20
	I've used several methods in the past... Currently I've got the
tcplogd and icmplogd runnin on my Debian machines... Then I also have a set
of IP Chains rules (currently over 175) with the default set to log and DEN=
Y.
I haven't setup anythin to actually process the IP Chains log at this time
but for other occurances I've used Sentry from psionic.com which I develop'd
a perl script that would perform a DNS lookup on the offending IP which it=
=20
then located the responsible party from the SOA header and email'd them a n=
ice
form letter... Currently I do most of the scannin via a series of grep=20
commands which I perform every morning when I get up or when xconsole starts
to display an increase in activity... I'll probably get tired of this method
and work to develop a script to automate the process...

	Respectfully,
	Jeremy T. Bouse
--=20
,--------------------------------------------------------------------------=
---,
| Jeremy T. Bouse  -  UnderGrid Network Services, LLC  -   www.UnderGrid.ne=
t  |
|     PGP ID/Fingerprint: 1024/E83D9AE5/4ACC03F098D78198 19D0593E50E597E9  =
   |
|   Public PGP key available via email at pgp-public-keys at pgp.UnderGrid.net=
   |
| undrgrid at UnderGrid.net  -  NIC Whois: JB5713  -  Jeremy.Bouse at UnderGrid.n=
et |
|      promotion, n.: New title, new salary, new office, same old crap.    =
   |
`--------------------------------------------------------------------------=
---'

--pf9I7BMVVzbSWLtt
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a

iQCVAwUBNxJ9Cuak13roPZrlAQGqCwP9GBaHRZwm/LMtVToBzfc/lFrijIKHLc6Q
pTgQ3+RtpTjLgApONSCTCpWyKwUNlqUFZVL5fhuFt+jg7RK5O+hHsRlQOJ7aTN5X
Xcv+oFvNaafZxeXU78pmIGjBG+XW/9cT/njXng2/UucbaJfg3Vv4f2Iqva26kAis
qNkwpe+54xI=
=j2SO
-----END PGP SIGNATURE-----

--pf9I7BMVVzbSWLtt--






More information about the Ale mailing list