home *** CD-ROM | disk | FTP | other *** search
- Xref: sparky news.software.nntp:1544 news.admin.technical:45
- Path: sparky!uunet!olivea!sun-barr!ames!pacbell.com!tandem!zorch!scott
- From: vanepp@sfu.ca (Peter Van Epp)
- Newsgroups: news.software.nntp,news.admin.technical
- Subject: Re: Article authentication
- Message-ID: <vanepp.722222370@sfu.ca>
- Date: 20 Nov 92 06:44:14 GMT
- References: <cjc-191192113447@dinsdale.acns.nwu.edu>
- Sender: scott@zorch.SF-Bay.ORG (Scott Hazen Mueller)
- Organization: Simon Fraser University, Burnaby, B.C., Canada
- Lines: 24
- Approved: scott@zorch.SF-Bay.ORG
-
- cjc@nwu.edu (Christopher J. Chen) writes:
-
- >All right, so maybe I'm a newbie goofball, but I've got a problem I
- >can't figure out.
-
- >I've got a user at my site who's posting with a fake name. This
- >wouldn't be a problem, except that he's posting inappropriate things
- >and I've got to track him down.
-
- Two suggestions that may help: get the TCP wrapper programs from CERT and
- install them on your nntp machine, given a time that should tell you
- what machine it is coming from (since they will log all inbound connections).
- If you are running either a Sun or an SGI machine as the nntp server I have
- a set of perl scripts that in conjunction with lsof from purdue, will log
- incoming and outgoing telnet connections to syslog or a log file. In your
- case this may produce a large amount of data since you won't be able to
- filter anything (I normally mask off the local hosts and only log off site
- accesses), send me mail if you want to try this and I'll mail you the
- scripts.
- Of course if the forger is coming from one of those PCs out there
- you are going to have a hard time tracking him or her ...
-
- Peter Van Epp / Operations and Technical Support
- Simon Fraser University, Burnaby, B.C. Canada
-
