Nookie (trax@the-force.ml.org) Don't get mad, get even. Here's a way to log all those incoming nukes to the local console: [1] Compile your own nookie.c [2] Edit your /etc/inetd.conf [3] Test [1] Compile your own nookie.c /* start nookie.c */ /* Nookie (trax@the-force.ml.org) */ #include void main() { char *message="Nuke received from "; /* we want the message on tty? */ int fd=open("/dev/tty1",O_WRONLY); write(fd,message,strlen(message)); close(fd); /* edit line below to return IP */ system("tail -n 1 /var/log/daemon.log | cut -d ' ' -f 8 > /dev/tty1"); /* or if you feel kinda mean, insert a system line here that nukes the sucker right back */ } /* end nookie.c */ Remember that some systems have different log names/formats, so make sure the line marked with "edit line below" does correctly return the IP address of the last system connect. Now compile this and put it somewhere in your system path (/usr/local/bin is always a good idea). [2] Edit your inetd.conf Insert the following line into /etc/inetd.conf. HOWEVER, make sure you arn't running another service on port 139! netbios-ssn stream tcp nowait user /usr/sbin/tcpd /usr/sbin/nookie Now, edit the following parts: Change "user" into your user normally logged into tty1. Putting root in there will always work, but I am not sure of the security problems that might arrive with it. Also correct the path to your nookie binary. Save, and run killall -HUP inetd which just reloads inetd. [3] Test To fake a nuke-connect, do the following: telnet localhost 139 On tty1 you should see a message similar too: Nuke received from 127.0.0.1 #--------------------------------------------------------------------# As I said before, I am not sure what security implications this program might have on your system. Normally, I don't mess around with daemons. I would appreciate it if someone could inform me of any exploits etc. Happy Anti-Nooking!