[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: hacked

Have you done a ps- ef on the box to see at least what processes are running?
Another thing that you can do is do a tcpdump -i ethX where X is the number of the network interface that you want to look at. I would redirect this to a file and then look at it later. Let this go for a couple of minutes. After that, do a control-C to get out of it. Open up the file you just created and see what is happening on your NIC. THis should another thing that should give you a better view of what is happening with your computer. The last thing is go through the rc.d files and see if there are any programs that are starting up that you don't know about. Well, I hope this helps.

>>> linux NET-PRODUCTS NL 6/6/2004 7:52:14 AM >>>

Since yesterday I have a huge network traffic increase

Is goes from a 12Gb to 45Gb a month.

Somebody is messing around.

I did the following:
Only access sshd with one ip-adress
changed password root (it was a #$%EEE123) alike password

Tasks server, directly connected to internet:
Its a ftp server voor authenticated users
Its a mail server running on IBM Domino 5.012 with is pretty (I think ...)

When i take a look at /var/messages and /var/secure I see nothing strange

I am running kernel 2.4.20-28.7 on i686

1. How can I see which process is producing the traffic?
2. What else can I do?

Valhalla-list mailing list
Valhalla-list redhat com 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]