Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Network attack - so what?
Special Forums Cybersecurity Network attack - so what? Post 302383062 by Action on Monday 28th of December 2009 08:27:19 AM
Old 12-28-2009
Network attack - so what?
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?
 

7 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Bruteforce attack on my pc

since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise: this is just one of a many and I beleived it's a bruteforce attack how do i block this IP 200.41.81.228 from trying to knock my online pc? my system: FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies

2. Cybersecurity

Replay Attack

REPLAY ATTACK. Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies

3. IP Networking

Bizzare network attack?

A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his... (2 Replies)
Discussion started by: Corona688
2 Replies

4. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

5. Cybersecurity

Found attack from

Hi, I have a belkin router installed and a look at the security log has got me worried a little bit. Security log: Fri Jan 29 20:41:46 2010 =>Found attack from 68.147.232.199. Source port is 58591 and destination port is 12426 which use the TCP protocol. Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies

6. Cybersecurity

UUCP attack?

Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning: What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies

7. Emergency UNIX and Linux Support

DDOS attack please help!

Dear community, my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql. I identified the IPs who attack me and block it through iptable firewall from debian. Something like: iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies

LEARN ABOUT DEBIAN

writetmp

WRITETMP(8)						      System Manager's Manual						       WRITETMP(8)

NAME

       writetmp - write special wtmp entries to a wtmp file.

SYNOPSIS

       writetmp [-w wtmp|-] [-X[3|4]] [-u user] [-l line] [-h host] [-i id] [-p pid] [-t type] [-c comment] [--help] [--version] [entry-type]

DESCRIPTION

       Writetmp  is  a	utility to write special entries to a wtmp file.  Useful as either a replacement for the functionality of the "halt -w" or
       "reboot -w" commands which are normally run at shutdown time or to write special wtmp entries to an  alternate  wtmp  file  to  which  such
       entries would normally not be written.

       Under  normal  conditions  radius radtwmp or tacacs accounting logs do not contain shutdown and boottime entries because the access control
       software is not setup to take into account these events.  In the case of a quick shutdown or server  crash,  the  wtmp  file(s)	will  lose
       coherency.  To avoid or minimize the amount of accounting error, it is necessary to write shutdown and boottime entries to such logs.

       Also  changes in time which are made manually with date or via the network with a program such as rdate are not reflected in the accounting
       logs, which, if the time difference is severe can improperly account time for logins active during the time change.

       If an entry-type is specified on the command line, the -u, -l, -h, -i, -p, -t and -c options are ignored as writetmp will fill in the user-
       name, line, id, and host entries as required for that particular wtmp entry-type.

       Writetmp understands the following entry types:

       shutdown
	      used just prior to a normal system shutdown.  Also accepts halt or reboot as aliases for shutdown.

       boottime
	      used at system initialization time, to indicate the system is booting.

       oldtime
	      Indicates the time is about to change.

       newtime
	      Indicates the time has changed.  The difference in time is determined from the timestamp on the last oldtime entry.

       runlevel
	      Indicates a change in runlevel (useless in an accounting sense).

OPTIONS

       Writetmp understands the following command line switches:

       --help Outputs a verbose usage listing.

       --version
	      Displays the version of writetmp.

       -w wtmp
	      Select a different output file instead of the default (/var/log/wtmp).

       -X[3]  Write to a wtmp file maintained by versions 3.3 or 3.4 Tacacs terminal server access control software.

       -X4    Write to a wtmp file maintained by version 4.0 of Tacacs terminal server access control software.

       -u user
	      Specify the username for the username field.

       -l line
	      Specify the tty name for the line field.

       -h host
	      Specify the hostname.

       -i id  Specify the init id name. Not applicable to tacacs wtmp files.

       -p pid Specify the pid number. Not appliccable to tacacs wtmp files.

       -t type
	      Specify  the  type  of  wtmp  entry  for the ut_type field, not to be confused with entry-type.  May be coded as a number or one of:
	      unknown, runlevel, boottime, newtime, oldtime, init, login, user or dead.

       -c comment
	      Specify the comment for the tacacs 4 wtmp comment field (16 characters max).

EXAMPLES

       Write a shutdown message to an alternate wtmp log:

	    writetmp -w /var/adm/xtmp shutdown

       A shell script to update the time in an alternate wtmp file when netdate is run:

	    #!/bin/sh
	    writetmp -w /var/adm/xtmp oldtime
	    netdate clock.llnl.gov
	    writetmp -w /var/adm/xtmp newtime

       Find out how often and for how long people run a specific program, such as pine:

	    #!/bin/sh
	    # /var/adm/cmdtmp must be globally writable.
	    cmdtmp=/var/adm/cmdtmp

	    writetmp -w $cmdtmp -u pine -l cmd$$ -h $USER -t user
	    /path/to/real-pine $*
	    writetmp -w $cmdtmp -l cmd$$ -t dead

FILES

       /var/log/wtmp	    login database.

AUTHOR

       Steve Baker (ice@mama.indstate.edu)

BUGS

       Does not lock the wtmp file and does not guarantee a successful write.  Could in theory corrupt a log file.

       Rdate and netdate can take seconds to complete, so writing oldtime/newtime records around them may not be entirely accurate.

SEE ALSO

       date(1), last(1), sac(8), netdate(8L), reboot(8)

UNIX Manual															       WRITETMP(8)
All times are GMT -4. The time now is 10:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy