I discovered an intruder on one server, I got his ip address but may be a proxy, I will start a tcpdump and let it run a few days maybe I can track him further.
Any suggestions of what else to do? The server is firewalled, only 22 opened, patched to day,
the passwords are not easy to break so I am wondering how did he got in.
This server is not important and does not contain sensible information so I am not worrying to much
but I want to track him down.
Any other suggestions?
Bookmarks