12-28-2009
Network attack - so what?
In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else?
7 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
since putting my pc online, it keeps getting slower and i dig the logfile to have such a surprise:
this is just one of a many and I beleived it's a bruteforce attack
how do i block this IP 200.41.81.228 from trying to knock my online pc?
my system:
FreeBSD testing.net 6.2-STABLE-JE... (6 Replies)
Discussion started by: rdns
6 Replies
2. Cybersecurity
REPLAY ATTACK.
Can some one elobrate on measures to encounter this problem of replay atack on network. (3 Replies)
Discussion started by: Ashvin Gaur
3 Replies
3. IP Networking
A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his... (2 Replies)
Discussion started by: Corona688
2 Replies
4. Cybersecurity
About 3 days ago our Apache logs started filling with the following errors:
mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies
5. Cybersecurity
Hi,
I have a belkin router installed and a look at the security log has got me worried a little bit.
Security log:
Fri Jan 29 20:41:46 2010
=>Found attack from 68.147.232.199.
Source port is 58591 and destination port is 12426 which use the TCP protocol.
Fri Jan 29 20:41:46 2010 ... (1 Reply)
Discussion started by: jld
1 Replies
6. Cybersecurity
Is this an attack attempt? I got an e-mail from 'uucp Admin' last night and again this morning:
What does it mean and what can I do about it? Thanks (4 Replies)
Discussion started by: ctafret
4 Replies
7. Emergency UNIX and Linux Support
Dear community,
my site was recently attacjed by DDOS technique and goes down in a few minutes. My site runs under Debian/Apache2/Mysql.
I identified the IPs who attack me and block it through iptable firewall from debian.
Something like:
iptables -D INPUT -s xxx.xxx.xxx.xxx -j DROP
This... (7 Replies)
Discussion started by: Lord Spectre
7 Replies
LEARN ABOUT DEBIAN
mergelogs
MERGELOGS(1) General Commands Manual MERGELOGS(1)
NAME
mergelogs - merge and consolidate web server logs
SYNOPSIS
mergelogs -p penlog [-c] [-d] [-j jitter] [-t seconds] server1:logfile1 [server2:logfile2 ...]
EXAMPLES
mergelogs -p pen.log 10.0.0.1:access_log.1 10.0.0.2:access_log.2
mergelogs -p pen.log 10.0.18.6:access_log-10.0.18.6 10.0.18.8:access_log-10.0.18.8
DESCRIPTION
When pen is used to load balance web servers, the web server log file lists all accesses as coming from the host running pen. This makes it
more difficult to analyze the log file.
To solve this, pen creates its own log file, which contains the real client address, the time of the access, the target server address and
the first few bytes of the requests.
Mergelogs reads pen's log file and the log files of all load balanced web servers, compares each entry and creates a combined log file that
looks as if the web server cluster were a single physical server. Client addresses are replaced with the real client addresses.
In the event that no matching client address can be found in the pen log, the server address is used instead. This should never happen, and
is meant as a debugging tool. A large number of these indicates that the server system date needs to be set, or that the jitter value is
too small.
You probably don't want to use this program. Penlog is a much more elegant and functional solution.
OPTIONS
-c Do not cache pen log entries. The use of this option is not recommended, as it will make mergelogs search the entire pen log for
every line in the web server logs.
-d Debugging (repeat for more).
-p penlog
Log file from pen.
-j jitter
Jitter in seconds (default 600). This is the maximum variation in time stamps in the pen and web server log files. A smaller value
will result in a smaller pen log cache and faster processing, at the risk of missed entries.
-t seconds
The difference in seconds between the time on the pen server and UTC. For example, this is 7200 (two hours) in Finland.
server:logfile
Web server address and name of log file.
AUTHOR
Copyright (C) 2001-2003 Ulric Eriksson, <ulric@siag.nu>.
SEE ALSO
pen(1), webresolve(1), penlog(1), penlogd(1)
LOCAL MERGELOGS(1)