Re: Getting started

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Ian Dunkin: "Re: For those that have just joined"
• Previous message: Todd Glassey - Lan Systems Administrator : "Re: For those that have just joined"

The Raxco toolkit is the commercial equivalent of COPS.  While it doesn't
report a current intrusion, its accounts report includes a list of failed
log-in attempts.  If you pull the report into a database, delete all the
informational text and leave just the failed login's, then index it on
remote system and login date/time and look at the data, any attempts to
break in are fairly apparent, especially during off hours.  Of course, once
your intruder has successfully cracked passwords and gets in without any
failed log-in's, a different reports becomes important.  Other reports tell
you exactly what was changed and when it was changed although they don't
tell you who made the change.
                                                   Hog Farmer

• Next message: Ian Dunkin: "Re: For those that have just joined"
• Previous message: Todd Glassey - Lan Systems Administrator : "Re: For those that have just joined"