i set up asl 3.040 to protect some unix-machines against hacking. now i'd like to catch some hackers traffic by rebooting a machine in hacked state and reporting the traffic to this machine. I know someone is trying to get ftp-access on this IP (still dropped) can i do this by netcat -l somehow (ip-alias on outer NIC, but just PORT-bound) or better to install tcp-dump or so? who can give a hint?
i set up asl 3.040 to protect some unix-machines against hacking. now i'd like to catch some hackers traffic by rebooting a machine in hacked state and reporting the traffic to this machine. I know someone is trying to get ftp-access on this IP (still dropped) can i do this by netcat -l somehow (ip-alias on outer NIC, but just PORT-bound) or better to install tcp-dump or so? who can give a hint?
