SUMMARY 3: HELP! Do I have an intruder?

From: Jack Jones (jack@mslab2.med.utah.edu)
Date: Tue Oct 05 1993 - 06:19:30 CDT


The main reason for this third summary is because at least five people
have requested more information about tcp-wrapper. I got it from
an anonymous ftp site:
        ftp.iunet.it /disk1/security/tools/tcp-wrapper-3.1.tar.Z
It's probably in other locations but that's the only one archie returned
to me.

Christian Sebeke wanted to know which piece of software Michael
Briley was refering to, it was tcp-wrapper.

Finally, one person suggested the TAMU security package, I haven't
had a chance to do this. Another person suggested that the strange
ftp behavior might have been cause by routine anonymous ftp scans.

Many Thanks
"Tanya Herlick" <tanya@ora.com>
schneide@scubed.scubed.com (Steve Schneider)
######################################################################
From: "Tanya Herlick" <tanya@ora.com>

sorry this response is so late.

you also might want to check out TAMU's security package.
it includes programs that monitor tcp and udp activity (tcplogger and
udplogger) as well as a bunch of "tiger" scripts that cruise the system
looking for signs of breakin. it's worth taking a look at.

you can get it via ftp at sc.tamu.edu in ~ftp/pub/security.
######################################################################
From: schneide@scubed.scubed.com (Steve Schneider)

I seem to have missed your original posting and (presumeably) Summary #1.
The tcp wrapper package is very nice, as you said in Summary #2.

You may find that many FTP 'probes' are automatically generated by
archie servers that routinely try to get listings files available
from anonymous ftp sites. I'm not sure exactly how one gets onto the
archie target list, but it seems we have ended up in this category so
that might represent a portion of what you are seeing at your site as well.
######################################################################

-Jack Jones
jack@medstat.med.utah.edu



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:08:20 CDT