Mailing List Archive
Support open source code!
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tlug] Have I been hacked?
- To: tlug@example.com
- Subject: [tlug] Have I been hacked?
- From: Jim Breen <jwb@example.com>
- Date: Sat, 2 Mar 2002 16:04:17 +1100 (EST)
- Content-type: text/plain; charset=ISO-2022-JP
G'day, I've been a bit worried about my RH6.2 system, which has been behaving oddly lately. On occasions it gets sluggish, as though something is using the network connection. People may recall that something zapped my "top" some weeks ago and it no longer works. Poking around, I notice the following when running tcpdump: 15:55:51.083588 eth0 > 0:0:0:0:0:0 0:10:a4:11:30:2a 66: CPE-144-132-16-104.vic.bigpond.net.au.1333 > proximity.globalgold.co.uk.www: tcp 0 (DF) Now I am "CPE-144-132-16-104.vic.bigpond.net.au". At the time of running TCPdump I had no telnet/ssh/whatever connections up, and no browser running. It also seems to pounding away at my ISP's DNS server. Any suggestions what I should look for, if there are any nasty surprises installed? Jim -- Jim Breen [j.breen@example.com http://www.csse.monash.edu.au/~jwb/] Computer Science & Software Engineering, Tel: +61 3 9905 3298 P.O Box 26, Monash University, Fax: +61 3 9905 5146 Clayton VIC 3800, Australia ジム・ブリーン@モナシュ大学
- Follow-Ups:
- Re: [tlug] Have I been hacked?
- From: Christopher SEKIYA
- Re: [tlug] Have I been hacked?
- From: Mario Luoni
- Re: [tlug] Have I been hacked?
- Prev by Date: Re: [tlug] Selective mojibake email
- Next by Date: Re: [tlug] Have I been hacked?
- Previous by thread: [tlug] upcoming Linux-related events in Tokyo area
- Next by thread: Re: [tlug] Have I been hacked?
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |