/var/log/auth.log files (or auth.log in whichever log directory your distro uses). You can use log monitoring software to block hosts after they violate what you define as a dirty attempt(s) (something like denyhost is lightweight and easy to putts with). If you leave a service up long enough you'd be surprised how many people are out sniffing around (world wide). Secure shell brute force attacks are very common. You typically won't know about plain sniffing without monitoring your actual cards like Rob said (Wireshark is a good tool for monitoring Ethernet devices live and it can be configured for historical archiving (probably not the best tool for that), and on the service scanning side Zenmap for finding what is up and accessible on a host). Hope that helps, *Jeremy MountainJohnson* jeremy.mountainjohnson at gmail.com <mailto:jeremy.mountainjohnson at gmail.com> On 02/02/2011 11:13 PM, Jason Hsu wrote: > I've heard that if you connect online through Windows without patches, you can expect someone to break into your system in a matter of minutes. This is why you need a firewall, Linux (better), or both (best). > > Is there a way to detect attempts to break into your system? I'd like to see just how often somebody out there tries to break into my system and see how much more difficulty the hackers have as I take steps to improve security. >