search for: honeynet

Hi all, I'm new to the world of bridging and the mailing list but I am hopeful my initial problems are fairly trivial. I am running the Honeynet Project's rc.firewall script at boot time (on my Sparc running Aurora) but the script is having trouble establishing the bridge. In my logs, I have found the following error: tSIOCSIFADDR : No such device eth1: unknown interface: No such device Meanwhile my eth0 interface is successfully n...

...ess accounting, and the like. My goal is to "watch the watchers," i.e. watch for abuse of power by SOC people with the ability to view traffic captured by sniffers. I plan to use sudo to limit and audit user activities too. I may also try some of the patches to bash listed at project.honeynet.org which send keystrokes to a remote server. Hardware keystroke logging is always a possibility. For more, should I turn to TrustedBSD integration in a future 5.x release? Thank you, Richard Bejtlich http://www.taosecurity.com __________________________________ Do you Yahoo!? Yahoo! Hotjobs:...

...757 Mobil: +49(0)177 567 27 40 Markt+Technik Buch: Intrusion Detection f?r Linux Server Addison-Wesley Buch: VPN mit Linux IPsec-Howto: http://www.ipsec-howto.org IPsec/PPTP Kernels for Red Hat Linux: http://www.spenneberg.com/.net/.org/.de Honeynet Project Mirror: http://honeynet.spenneberg.org Snort Mirror: http://snort.spenneberg.org -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Dies ist ein digi...

I have a server that has been compromised. I'm running version 4.6.2 when I do >last this line comes up in the list. shutdown ~ Thu Aug 28 05:22 That was the time the server went down. There seemed to be some configuration changes. Some of the files seemed to revert back to default versions (httpd.conf, resolv.conf) Does anyone have a clue what type of

We have been noticing flurries of sshd reject messages in which some system out there in the hinterlands hits us with a flood of ssh login attempts. An example: Apr 6 05:41:51 dc sshd[88763]: Did not receive identification string from 67.19.58.170 Apr 6 05:49:42 dc sshd[12389]: input_userauth_request: illegal user anonymous Apr 6 05:49:42 dc sshd[12389]: Failed password for illegal user