more on lost password
in [Slackware]
|
From: Helmut Hullen on 7 Jun 2010 14:10 Hallo, Sylvain, Du meintest am 07.06.10: > - we don't know where the someone attempting to access your > computer physically was at the time. We only know they attempted > to access your computer from another one whose IP address is > registered in China. > - we don't have sufficient information to know whether these > attempted accesses were indicative of an attempted intrusion > ("hack", as you worded it). What we know is that they attempted > to access three non-existent accounts on your computer and > failed. Chances are you have access to more logs that might > indicate further access attempts, and more importantly, you are > in a better position to determine whether these are authorized or > not. Perhaps ... if the bad guy is not only bad but smart too then he fakes the log files. Viele Gruesse Helmut "Ubuntu" - an African word, meaning "Slackware is too hard for me".
From: Sylvain Robitaille on 7 Jun 2010 15:36
Helmut Hullen wrote: > ... if the bad guy is not only bad but smart too then he fakes > the log files. More likely he would remove selected entries. This way there is less chance that the logs don't "look right". They just end up being incomplete. I don't think that's what we're dealing with here, though. Again, my point: don't worry about log lines that indicate someone failed to access the computer. Those indicate that access controls are working. Worry instead about those that indicate someone *did* gain access, especially if such access wasn't authorized. Sophisticated intruders don't generally target personal computers; They're more interested in bigger payoffs. Personal computers will more likely see automated attacks for the purpose of running spambots or similar simple attacks. -- ---------------------------------------------------------------------- Sylvain Robitaille syl(a)encs.concordia.ca Systems analyst / AITS Concordia University Faculty of Engineering and Computer Science Montreal, Quebec, Canada ---------------------------------------------------------------------- |