Curtis Hefflin wrote:
>
> I have a hacker who has successfully broken into an internal aix box via a
> remote access server our company uses for certain employees and vendors.
> >From this other box he has attempted to access other servers including our
> firewall, which is also aix.
> I would like to know how I could retrace/track this person's movement
> through the system. What logs or files should I review? And any other help
> or advice you can provide.
Check out:
http://www.enteract.com/~lspitz/papers.html
In particular, check out Lance's "Know Your Enemy" series. Papers 2 & 3
specifically talk about monitoring and logging an intruder.
Happy hunting!
Chris
--
**************************************
[EMAIL PROTECTED]
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
