[wy4tt]

the windows machine on this network had a trojan horse, and has me worried that security on my albook may be compromised too. i'm on a wireless .11g network. how can i check logs for activity? thanks.

[Macfreak7]

Launch terminal and type last -n where n = the number of entries you want displayed
so last -20 will show the last 20 logins.
There might be other ways too tho.

[qyn]

If you've really been compromised, it's unlikely that it will show up in your "last" logs.

Depending on what happened, there can be all sorts of different things to look for. Different attacks leave different finger prints. Things to watch for would be unusual behavior, strange processes, strange crontab entries, strange network connections, or missing logs. Unless you have a really good idea of what's on your system, though, it can be extremely difficult to know what's "strange".

But having said that, it's unlikely you've been attacked. There are very few OS X trojans at the moment, and extremely few that work for both windows and OS X. I know of at least one, but it's old and in its default form (e.g. script kiddie form) does not attempt to cross platforms.

In any case, OS X is pretty secure in its factory configuration. If you run the firewall and keep your patches up-to-date, you should have no worries.

[wy4tt]

thank you both. i didn't find anything abnormal on the mac. of course, i've only been using osx for about a month. the reason i posted this, was not only the virus i found on the windows machine, but more importantly, i was looking through my network computers when i found a machine named "john". this would be fine if i'd ever heard of such a networked computer! someone (one of my dear neighbors) had evidently connected to my wireless router. of course, there were more than a few shared files (for the albook) that required no password to view. anyway, i was in a hurry earlier today when i posted this question, thus the short version then. i'm going to do a little "research" and find "john" so we can have a chat about his recent behavior. in the meantime, i've setup WEP encryption and will setup mac filtering tomorrow. as for wireless range, it's less than 200 feet, right? i need to know which neighbors to visit.

[Appleman]

Originally posted by wy4tt:
thank you both. i didn't find anything abnormal on the mac. of course, i've only been using osx for about a month. the reason i posted this, was not only the virus i found on the windows machine, but more importantly, i was looking through my network computers when i found a machine named "john". this would be fine if i'd ever heard of such a networked computer! someone (one of my dear neighbors) had evidently connected to my wireless router. of course, there were more than a few shared files (for the albook) that required no password to view. anyway, i was in a hurry earlier today when i posted this question, thus the short version then. i'm going to do a little "research" and find "john" so we can have a chat about his recent behavior. in the meantime, i've setup WEP encryption and will setup mac filtering tomorrow. as for wireless range, it's less than 200 feet, right? i need to know which neighbors to visit.

You can opt for maximum security by actually only allow access to specific computers by their MAC-address (every ethernet card has its unic MAC-address). This can be done in Airport Admin Utility in the Utilities Folder.

[wy4tt]

sorry, that's what i meant by "mac filtering", but now i know where to do it on the mac. thanks appleman.