On Sat, Dec 06, 2003 at 12:25:09AM +0100, Igor Mozetic wrote: > >I see repeated attempts to connect to my public rsync Debian server: > >Dec 6 00:20:01 rsync connection attempt from 217.21.40.1 >(217.21.40.1:29558->x.x.x.x:873) > >rsync and kernel are patched, but I wonder if there is anything >one can do to identify/catch/??? a potential intruder.
some ISPs will respond to complaints, if their customers ar staging attacks, most don't, you will want to script some kind of reporting tool, use whois to find the owner of the subnet... in this case they may do something about it: "Belarusian State University" There is aris too: Package: aris-extractor Priority: optional Section: admin Installed-Size: 164 Maintainer: Matt Zimmerman <[EMAIL PROTECTED]> Architecture: i386 Version: 1.6.2-4 Depends: debconf, libc6 (>= 2.2.4-4), libcurl2-ssl (>= 7.9.5-1), libssl0.9.6, libstdc++2.10-glibc2.2 Recommends: snort Filename: pool/main/a/aris-extractor/aris-extractor_1.6.2-4_i386.deb Size: 38072 MD5sum: 7e95297b99c3725d60c94f8a24acebb0 Description: Scan system logs for security incidents and report them to ARIS The Attack Registry and Intelligence Service (ARIS) is a free, user-integrated attack-trending system hosted by SecurityFocus that allows administrators and operators of Intrusion Detection Systems (IDSs) to track, evaluate and respond to security alerts and attacks in a proactive manner. . As an integral piece of the ARIS Analzyer service, SecurityFocus's open-source ARIS Extractor utility distills data provided by IDS attack-list logs to build client portfolios that provide meaningful, graphical analysis of potentially malicious network incidents. By filtering out insignificant or benign data and converting it to a common format (xml), ARIS Extractor streamlines incident reporting for both security professionals and home users in a way that allows IDS operators to focus only on relevant attacks and incidents. Additionally, ARIS Extractor ensures client confidentiality through secure file-transfer protocols and optional IP address suppression. // George -- GEORGE GEORGALIS, System Admin/Architect cell: 646-331-2027 <IXOYE>< Security Services, Web, Mail, mailto:[EMAIL PROTECTED] Multimedia, DB, DNS and Metrics. http://www.galis.org/george
