[CLUE-Tech] whats my network doing?
Keith Hellman
kehellman at yahoo.com
Thu May 9 09:04:52 MDT 2002
First things first, make sure your machine is not compromised by comparing
md5 sums of your /bin directory to your install media.
Otherwise you may well stop this mis-use but not the one in a week when
the nefarious user returns.
If your ls/who/ps has been replaced, you may well not see anything wrong
with your machine, it would be an external indicator tipping you off; as
such was this case (Tx/Rx leds).
--- Roger Frank <rfrank at rfrank.net> wrote:
> Another quiet morning, up at 4 to get some work done before school. I
> look
> at the activity lights on the broadband modem connecting my web site
> server
> to the internet and they are showing a lot of traffic. Some teacher
> somewhere is downloading a lesson plan or a project.
>
> Or maybe not. I go to the standalone machine that has the web site and
> look at /var/log/http/access_log and I see two recent attempts with bad
>
> headers from 217.225.223.158 and 211.195.113.201 along with the usual
> plethora of attempts by windows viruses. The /var/log/http/error_log
> records
> the bad headers. But what traffic is going now, I wonder, showing up in
> the
> Tx and Rx leds? I look at `who` to see that nobody else is logged in.
> I
> look at `ps -aux` to see nothing unusual that I can spot.
>
> How do I see who is getting data from my website while it is happening?
> `ifconfig` shows a lot is happening, but not in enough detail. I would
> like
> to know (1) who is accessing me and (2) what they are getting. My
> concern is
> that they are getting nothing from me but instead using my machine for
> nefarious purposes.
>
> Any clues, cluebies? What log should I check? What software tool
> should I
> use? Thanks!
>
> ---
> Roger Frank
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
=====
Keith E. Hellman
kehellman at yahoo.com
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Mother's Day is May 12th!
http://shopping.yahoo.com
More information about the clue-tech
mailing list