If you are using some snmp trap agent
like openview you can narrow the time that that the
box goes down. Then if you are motivated you can
assign that specific snmp trap to attempt to run
a set of diagnostics against the box to be able to
determine its exact state. That is, can you telnet?
If so can you log in, etc, etc. If you are using
openview on unix, then a shell script using an 'expect'
type of script or perl would accomplish this in a very
nice fashion.
Also:
How is he actually getting into the box? If it is
across a network then perhaps you can add a router between
his subnet and the 7000. Then you can log, i believe,
routes from his ip address across that router; correlate
to the down time that you get from openview. Using these
two you can get some data on "attacks" on the box.
If he is using a console type connect then perhaps you need to
think about securing the area and making sure that policies are in
place to guard the box.
Hope this helps.
Best regards,
A. Rahman, Ph.D.
Product Engineer
Digex, Inc.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 16, 2000 12:13 PM
To: [EMAIL PROTECTED]
Subject: Help me catch a Hacker
Greetings,
I've a 7000 router in a remote location and it seems
the local admin hacking in by using the power outage
excuse. He changes the password by rebooting the
router and peeks around. I'm trying to catch him in
the act or log his activities, any ideas?????
Thanks,
Nabil
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
___________________________________
UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html
FAQ, list archives, and subscription info: http://www.groupstudy.com
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
