[flame]

i have just noticed when i looked in my firewall logs and i found somthing strange
all activitys (about 100 till now-right at this moment) are from the same ip but diffrent port. my firewall allows it (i have apache for a reason) so my question is:
is there any program i can use to "spy" on whoever connects to my port 80 .
i mean a real log of what the "visitor"\haxor is doing .
be happy if someone could shed a light on this

:ph34r:

[vnet576]

I think what u're talking about is a honey pot. A good one is SPECTER Intrusion Detection System. Of course you have to buy this...but like all software there are "other" ways of aqcuiring it.

Also u did a pretty bad job masking the ip address lol. U can still see that its xxx.xxx.xxx.xxx. After doing a whois I found that its :

Army National Guard Bureau
111 S. George Mason Dr.
Arlington, VA, 22204-1373
US

What the f*ck are u running on u're server to get the army scanning u?

Of course it could be a scan/hack stro but no hacker is this good (or stupid) to hack a government server.

Please dont post the IP. Also, flame, please try to make it so we cant see it. thanks. w00dy

[Travis]

you could also use a packet sniffer such as snort or ethereal...

[flame]

:o
thanks for the attension but you misunderstood my question.
is that suspicios activity ?
and its not the army its something in Amsterdam, those dutch are ttrying to
hack into my apache... but i guess there are no exploits for apache...
thanks again . next time read carefully :(

[flame]

thanks -
what is better 1.3 or the new 2.0 ?
:wacko:

and sry , probably cuzz im jelause of you ....
wish i was a dutch :) :wacko: :wacko:

[vnet576]

Do a whois on that ip address and its not the dutch.

[flame]

i have done whois
what whois server did u use ??
arent them all the same ...