[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [SIKKERHED] msn



> Men hvis nu det er foregået ved at vedkommende har fået adgang til 
> windowscomputeren via remote trojaner eller andet, er det så en
> chance for at jeg vil kunne finde en ip eller andet i en log på
> suse? og hvor er det et godt sted at begynde at lede?

Det tror jeg bliver som at finde en nål i en høstak uden at vide
hvordan nålen ser ud.

> Min /var/log/messages er enorm da den desværre logger en masse
> volapyk
>
> som dette:
> Mar 13 20:36:54 linux kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT=
> MAC= SRC=10.0.0.2 DST=10.255.255.255 LEN=216 TOS=0x00 PREC=0x00
> TTL=64 ID=11894 DF PROTO=UDP SPT=138 DPT=138 LEN=196
> Mar 13 20:38:06 linux kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT=
> MAC= SRC=10.0.0.2 DST=10.255.255.255 LEN=249 TOS=0x00 PREC=0x00
> TTL=64 ID=11896 DF PROTO=UDP SPT=138 DPT=138 LEN=229
> Mar 13 20:39:23 linux sshd[15601]: Accepted
> keyboard-interactive/pam for root from ::ffff:192.168.68.68 port
> 9338 ssh2 linux:/var/log #
> 
> 
> fra en firewall eller sådan noget så en grep comando ville være
> lækkert.

Det der er skam ikke volapyk :) Det er firewall log.

Du kan starte med at fjerne alt der ikke er til/fra en broadcast:
grep -v 10.255.255.255 /var/log/messages

Du kan også greppe efter trafik fra din datters PC:
grep <ip på hendes maskine> /var/log/messages

Jeg tror ikke der er nogen bestemt port MSN kører på, så det kan du
ikke lede efter. Hvis du har et tidspunkt det er sket på, så kan du
lede efter det.

I det hele taget tror jeg det er svært at definere hvad man helt
konkret leder efter.

Mvh. Jesper


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2006-04-01, 02:03 CEST [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *