[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: hacked



Have you done a ps- ef on the box to see at least what processes are running?
Another thing that you can do is do a tcpdump -i ethX where X is the number of the network interface that you want to look at. I would redirect this to a file and then look at it later. Let this go for a couple of minutes. After that, do a control-C to get out of it. Open up the file you just created and see what is happening on your NIC. THis should another thing that should give you a better view of what is happening with your computer. The last thing is go through the rc.d files and see if there are any programs that are starting up that you don't know about. Well, I hope this helps.

>>> linux NET-PRODUCTS NL 6/6/2004 7:52:14 AM >>>

Hello,
Since yesterday I have a huge network traffic increase

Is goes from a 12Gb to 45Gb a month.

Somebody is messing around.

I did the following:
Only access sshd with one ip-adress
changed password root (it was a #$%EEE123) alike password
reboot

Tasks server, directly connected to internet:
Its a ftp server voor authenticated users
Its a mail server running on IBM Domino 5.012 with is pretty (I think ...)
secure

When i take a look at /var/messages and /var/secure I see nothing strange

I am running kernel 2.4.20-28.7 on i686

Question:
1. How can I see which process is producing the traffic?
2. What else can I do?






_______________________________________________
Valhalla-list mailing list
Valhalla-list redhat com 
https://www.redhat.com/mailman/listinfo/valhalla-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]