From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cpt.kirk@1tree.net>
Received: from ignatious.1tree.com(c716099-a.rchdsn1.tx.home.com[24.7.105.70])
 (1420 bytes) by braille.uwo.ca
	via smail with P:esmtp/D:aliases/T:pipe
	(sender: <cpt.kirk@1tree.net>)
	id <m13qEdr-0013uRC@braille.uwo.ca>
	for <speakup@braille.uwo.ca>; Mon, 30 Oct 2000 08:06:23 -0500 (EST)
	(Smail-3.2.0.102 1998-Aug-2 #2 built 1999-Sep-5)
Received: from cpt.kirk (helo=localhost)
	by ignatious.1tree.com with local-esmtp (Exim 3.12 #1 (Debian))
	id 13qEjj-0001z4-00
	for <speakup@braille.uwo.ca>; Mon, 30 Oct 2000 07:12:27 -0600
Date: Mon, 30 Oct 2000 07:12:27 -0600 (CST)
From: Kirk Wood <cpt.kirk@1tree.net>
X-Sender: cpt.kirk@ignatious.1tree.com
To: speakup@braille.uwo.ca
Subject: Re: security
In-Reply-To: <Pine.LNX.4.21.0010291932130.281-100000@notron.nortcom.com>
Message-ID: <Pine.LNX.4.21.0010300708140.7620-100000@ignatious.1tree.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
List-Id: <speakup.linux-speakup.org>

You should look for any connections from IP addresses you don't
recognize. While this would be harder for a production system, on a home
system it shouldn't be too tough. I would pay particular attention to ftp
connections (if you have the service available. 

As for everything you can look for, that fills books and employs
profesionals all with their own opinion. And just so you know, if you have
a full time connection and find one day you can't log into your own
machine. Turn it off. I have a friend who thought somethign had just gone
wrong and needed fixed. Turns out his system had been compromised. If in
doubt shut down and remove it from the net.

=======
Kirk Wood
Cpt.Kirk@1tree.net