Intrusion Detection Systems mailing list archives

Re: snooping on RH?

From: hawk () powerlink net (hawk)
Date: Thu, 07 Oct 1999 13:07:22 -0500



take me off your mailing address, PLEASE!!!!!!!!!!!!!!!!

CyberPsychotic wrote:

FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner () uow edu au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
---------------------------------------------------------------------------
---
~ Does anyone know of any ports of ttywatcher for linux (specifically redhat)?
~
~ I've been looking for something good to monitor potential problem-users for
~ a while, Any suggestions?
~

 if you have root on machine, where you want to monitor your users, you
could use ttysnoop which is `troyaned' replacement for in.telnetd daemon.
Alternatively there were some linux kernel hacks featured in Phrack's 50th
issue called linspy. I also was writing the similar tool which could let
you watch all telnet-connected terminals in your local network, but I
never managed to make it up so anyone but me could play with it..

Current thread:

Re: snooping on RH? Nathan Bates (Sep 30)
- Re: snooping on RH? Carric Dooley (Oct 01)
- <Possible follow-ups>
- Re: snooping on RH? CyberPsychotic (Oct 07)
  - Re: snooping on RH? hawk (Oct 07)
  - Timestamps on RealSecure Bill Fox (Oct 07)