> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-ids Precedence: bulk Reply-To: ids On Tue, 26 Nov 1996, Mike Kienenberger wrote: > What key phrases do people scan log files for? logcheck searches for these keywords as signs of hacking: "wiz" "WIZ" "debug" "DEBUG" ATTACK nested VRFY bbs VRFY decode VRFY uudecode VRFY lp VRFY demo VRFY guest and these keywords as signs of general suspicious activity or misconfigurations: deny deny host su: su root ROOT LOGIN alias database LOGIN FAILURE LOGIN REFUSED shutdown wiz WIZ debug DEBUG smrsh failed denied vrfy VRFY expn EXPN reject admin rshd FAILURE REFUSED BAD permitted PERMITTED rexec illegal ILLEGAL courtney ATTACK natas SATAN setsender securityalert nested sucked -ERR Password != SITE EXEC RETR group RETR passwd RETR pwd.db CWD etc ---------- Tracy Reed http://www.ultraviolet.org http://www.linux.org - Escape the Gates of Hell