From owner-freebsd-security Sun Apr 2 21: 3:52 2000 Delivered-To: freebsd-security@freebsd.org Received: from wat-border.sentex.ca (waterloo-hespler.sentex.ca [199.212.135.66]) by hub.freebsd.org (Postfix) with ESMTP id 7274E37BA6F for ; Sun, 2 Apr 2000 21:03:49 -0700 (PDT) (envelope-from mike@sentex.net) Received: from granite.sentex.net (granite-atm.sentex.ca [209.112.4.1]) by wat-border.sentex.ca (8.9.3/8.9.3) with ESMTP id AAA08006; Mon, 3 Apr 2000 00:03:47 -0400 (EDT) (envelope-from mike@sentex.net) Received: from chimp (ospf-mdt.sentex.net [205.211.164.81]) by granite.sentex.net (8.8.8/8.6.9) with ESMTP id AAA06324; Mon, 3 Apr 2000 00:03:46 -0400 (EDT) Message-Id: <4.2.2.20000402235801.033166c8@mail.sentex.net> X-Sender: mdtancsa@mail.sentex.net X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2 Date: Mon, 03 Apr 2000 00:01:07 -0500 To: "Chutima S." , freebsd-security@FreeBSD.ORG From: Mike Tancsa Subject: Re: How to deal with intruder? In-Reply-To: <20000403035452.VVHA21091.mta01.onebox.com@onebox.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 08:54 PM 4/2/2000 -0800, Chutima S. wrote: >Dear all, > >I'm a new internet admin. I found in security check output routine that >many people try to connect to my server: Yup. Unfortunately, this is normal. You will quite often see people scanning for holes and weaknesses. >That really scare me!!! I don't know how to deal with them. So I want >your advice for : >1. Should I try to contact anybody(admin at those server)? Yes. Do so when you can. >2. How can I trace them back to know are they? By the IP address in your logs. whois -a . Often however, the accounts are dialup accounts, or machines that have been broken into. If you are new to network administration, see http://www.securityfocus.com and http://www.sans.org. They are two useful *starting* places. ---Mike To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message