at "Nov 26, 96 01:07:53 pm" X-Mailer: ELM [version 2.4ME+ PL19 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-ids Precedence: bulk Reply-To: ids Mike Kienenberger wrote: > > VRFY /usr/adm/*SYSLOG.mail check mail logs for VRFY commands > EXPN /usr/adm/*SYSLOG.mail check mail logs for EXPN commands > " command " /usr/adm/*SYSLOG.mail check mail logs for debug/wiz commands > > deni /usr/adm/*SYSLOG.auth check for denied net cmds in S YS > LOG > fail /usr/adm/*SYSLOG.auth check for failed login > attempts (passwords > at > the login prompt; brute force attacks, etc) > > Does anyone have other things you look for on a regular basis? It is in general a bad idea to scan for interesting things. What should be done in stead is filter out the non-interesting ones. -Guido