On Thu, 14 Oct 1999, Mr. Sharkey wrote:
> I'm running a mixed site of Linux and Solaris machines. What I'd like
> is some sort of keystroke logger that could have it's output piped to
> a remote loghost (if someone does get in, I'd like to know what they
> did / how they did it).
Now there is a nifty idea! The dude breaks in and gets root, wanders
around doing things then realizes his keys have been captured and he can't
zap the logs without establishing a second front... ow! Especially for
busting purposes. Diddling logs is vital for your health, I would expect
people to do it.
But! Why not go further and have an active
sniffer box even? Which logs specific traffic and lives on another
machine than the one monitored? This is more elegant... use the linux box
for the sniffer...
For hacking in a key-capture, why not just do it like hackers have done
since the dawn of telnet and just make some modifications to getty, login
etc. code?
This could be easily done of course but you'd probably want
to replace some gettys and stuff, I have seen similar stuff around but it
behaves differently... really it only takes 5 minutes, just find the
stream that's flowing thru the sock (or stdin/stdout for stuff like login)
and if it's a char, you know, mabye write that to a little buffer, and
only submit the result to a syslogd when CR is recieved... that sounds
fairly good...
> Trouble is, as much as I've searched, all I can find are utilities for
> Dos/Windows. Has anyone run across such a beast? I did find TTY-watcher
> from engarde.com, but I doubt I'll ever get it to compile.
Was this for LINUX?
[EMAIL PROTECTED]
http://web.zencor.org/~sol
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
