June 24th, 2002, 02:44 PM
Whois is all you need to know who was doing what. I recommend that you download and install snorth and its signatures, let it run for a while, and then keep checking what every event that shows up is. Snort (as well as others) will vividly describe what it sees and why it thinks its bad. Just remember, IDS boxes are just like AV software, they only detect 'known attack signatures'. They could, depending on how the filter is written, miss an attack that has been modified, or varients of the same attack. In other words, you will not be able to see everything that has been going on, but usually enough to know someone was up to no good...
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)