gene heskett wrote: > I'll second those sentiments, Kent. I hope the logs are being kept for > forensic purposes. Tracing the src IP could well be enlightening. > Normally the hackers use other hacked-into computers, and don't leave traces of their original computer. They may use several layers of botnets to make it quite hard to trace their original IP.
One thing I have found to be really helpful (after securing all servers on the machine) is to use the denyhosts program, that watches for failed login attempts and then adds the source IP to the hosts.deny list. This uses one list for all modes of access, all account names (valid and not). If you set this to a fairly tight setting, such as 3 login failures from the same IP in a month gets you kicked off for a year, it makes it very hard for even large botnets to have any possibility of cracking a decent password. Haven't had any breakins in a long time, and all the professionals have given up when the probe my system and find out how tight I have the security set. Jon ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
