: Simple question: Can you trace a dialup dynamic IP address who is trying
: to login, finger, ftp etc. into your system? If so, how? Do you have to
: be online when it happens? What action can a person take to prevent,
: track this?
My suggestion is to run a TCP wrapper mointoring your services.
In /etc/hosts.allow, for example:
in.wuftpd : ALL : /bin/echo " ate Connection to %d from %h" >> /etc/nope
With that, you can see the connections.
From there, email the sysop of the offending site requesting that he sends
you a lastlog for the specific time. You should be able to track which
user(s) are suspects and also who the offender was.
: How about modem accounts (not SLIP-PPP) on a UNIX system. Is the
: tracking process same? Thanks in advance!!!
Easier than. The connection log will give you the host. From that, email the
offender is. Also, check your FTP daemon only allows people with real
email addresses that match their site.