[KLUG Members] smoothwall questions
Bruce Smith
members@kalamazoolinux.org
02 Aug 2003 08:14:17 -0400
> is there a command that will
> show me any file access or changes that happened since
> the install.
Not that I know if for smoothwall, but you can on
some workstation and servers. On a RPM based system
(like Redhat), you can run:
rpm -V $(rpm -qa)
And keep in mind that *A LOT* of files will show up as
changed _legitimately_ !!! Device files, log files,
and MANY OTHERS. Only worry about files that you know
absolutely should not have changed.
> That and in the instance were I keep
> getting hit by 1 IP that is scanning all the ports..
> even now what would be a good way of dropping them or
> should I just report that IP to the ISP that shows up
> in Whois?
Sure, you can report them. If they are in the US,
you might even stand a chance of doing some good.
What do you mean by "whois"? If you're talking the
standard Network Solutions "whois", then WRONG.
Use the IP address whois to find the ISP:
http://www.arin.net/whois/index.html
It may refer you to another whois (RIPE, APNIC, LACNIC),
if the IP is from another continent . If so, go there and
run their whois to find the foreign ISP (and good luck!).
--------------------------------------------
Bruce Smith bruce@armintl.com
System Administrator / Network Administrator
Armstrong International, Inc.
Three Rivers, Michigan 49093 USA
http://www.armstrong-intl.com/
--------------------------------------------