Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] Have I been hacked?
- To: <firstname.lastname@example.org>
- Subject: Re: [tlug] Have I been hacked?
- From: "Mario Luoni" <email@example.com>
- Date: Sat, 2 Mar 2002 06:37:57 +0100
- Content-transfer-encoding: 7bit
- Content-type: text/plain;charset="iso-2022-jp"
- References: <200203020504.g2254HE09253@example.com>
knowing the port of the connection, you can use /proc/net/tcp to get the inode, then use the inode in /proc/<pid>/fd/n->socket:[<inode>] to get the pid, and /proc/<pid>/cmdline to find out which process is using the connection. but you probably already tried that one. -mario ----- Original Message ----- From: "Jim Breen" <firstname.lastname@example.org> To: <email@example.com> Sent: Saturday, March 02, 2002 06:04 Subject: [tlug] Have I been hacked? > G'day, > > I've been a bit worried about my RH6.2 system, which has been behaving oddly > lately. On occasions it gets sluggish, as though something is using the > network connection. People may recall that something zapped my "top" > some weeks ago and it no longer works. > > Poking around, I notice the following when running tcpdump: > > 15:55:51.083588 eth0 > 0:0:0:0:0:0 0:10:a4:11:30:2a 66: CPE-144-132-16-104.vic.bigpond.net.au.1333 > proximity.globalgold.co.uk.www: tcp 0 (DF) > > Now I am "CPE-144-132-16-104.vic.bigpond.net.au". At the time of running > TCPdump I had no telnet/ssh/whatever connections up, and no browser running. > > It also seems to pounding away at my ISP's DNS server. > > Any suggestions what I should look for, if there are any nasty surprises > installed? > > Jim > > -- > Jim Breen [firstname.lastname@example.org http://www.csse.monash.edu.au/~jwb/] > Computer Science & Software Engineering, Tel: +61 3 9905 3298 > P.O Box 26, Monash University, Fax: +61 3 9905 5146 > Clayton VIC 3800, Australia $B%8%`!&%V%j!<%s(B@$B%b%J%7%eBg3X(B
- [tlug] Have I been hacked?
- From: Jim Breen
Home | Main Index | Thread Index
- Prev by Date: Re: [tlug] Have I been hacked?
- Next by Date: Re: [tlug] Have I been hacked?
- Previous by thread: Re: [tlug] Have I been hacked?
- Next by thread: Re: [tlug] Have I been hacked?
Home Page Mailing List Linux and Japan TLUG Members Links