hi, i am a new member of the list and currently doing a project "Intrusion Detection by server log processing". it basically includes implementing attacks on the client-server based intranet LAN and then examining the logs by perl scripts to generate appropriate messages useful for the system administrator at the server level. the platform chosen is red hat linux 9 and five attacks have been shortlisted: 1. ping sweeps 2. port scannning and flooding 3. IP sniffing 4. Illegal login attempts as "root" 5. OS fingerprinting i have tried to use nmap in RH9 but it didn't give rise to any logging by the system unless explicit options were specified at the shell prompt. Is there a way of ensuring that any nmap command directed at a particular is logged?Can any other utility be used to effect the same?Are there RH9 logs available which have footprints of the attacks mentioned above? I request you to please send any such log files.This is an academic project and the logs won't be misused in any way.Anonymizing the IP addresses will also do. Yours sincerely, Sujit. _______________________________________________ LogAnalysis mailing list LogAnalysis@private http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2.1.3 : Thu Jan 27 2005 - 14:08:53 PST