Hi, Recently I've installed some IP logging deamons (snort, ippl along with logcheck) and I was amazed how many break-in attempts there are each day on my simple home box which isn't even adverised anywhere, as I only run a few services intended for friends and family (apache, wu-ftpd, exim).
I can see a lot of IIS related attempts, which obviously do not work, as well as some refused anonymous FTP connection attempts. For these I don't worry to much as they have failed. (I hope. I'm no expert, though.) Then there are more exotic stuff. High port UDP attampts, connection to port 113 etc. Now the logs provided by the above packages often say something like 'connection attempt to ..' whichever port/service. The question is whether there is a way to know whether any of those attempts succeded. Or to put it more simply, how could one distinguish a failed attempt and a successful break-in? (I know this is probably a very complex topic, but I would greatly appreciate some advise!) Many thanks for your help in advance! best regards, Balazs