Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] hack attack from localhost?
- To: tlug@example.com
- Subject: Re: [tlug] hack attack from localhost?
- From: Theodore Knab <tjk@example.com>
- Date: Thu, 31 Jan 2002 20:54:51 -0500
- Content-disposition: inline
- Content-type: text/plain; charset=us-ascii
- In-reply-to: <3C5952BC.30400@example.com>
- References: <3C5952BC.30400@example.com>
- Sender: Ted Knab <tjk@example.com>
- User-agent: Mutt/1.3.25i
You would have to provide more information about your machine for anyone to make sense of your logs. You will need to look at everything. A quicker way is to use an existing program called chkrootkit. http://rr.sans.org/malicious/chkrootkit.php Root kits popup listeners all over the place while replacing your system tools with ones that hide the listeners process. Root kit check checks for all types of things you would have never thought to look at. Also, a good internal test might be to nmap the box for the local network. Then run netstat -lna. If they ports don't match up, this might might indicate that your box may have been compromised. I think there is a freebsd port for chkrootkit. -Ted On Thu, Jan 31, 2002 at 11:20:44PM +0900, Sven Simon wrote: > I got my FreeBSD set up to log connection attempts on blocked ports > and here's what I found in /var/log/messages: > Jan 25 03:05:43 hostname /kernel: Connection attempt to UDP > 127.0.0.1:512 from 127.0.0.1:1103 Ted Knab
- References:
- [tlug] hack attack from localhost?
- From: Sven Simon
- [tlug] hack attack from localhost?
- Prev by Date: [tlug] an XFree question
- Previous by thread: [tlug] an XFree question
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |