[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: hacked



Are you sure there was nobody who just ftp'd a huge file sent or email to 10 people with a huge attachment.
Could you please check your ftp and email logs?


tcpdump is a good idea. I would also suggest some kind of ipchains or firewall if you are directly connected to the Internet.




----Original Message Follows----
From: linux NET-PRODUCTS NL
Reply-To: "Discussion of Red Hat Linux 7.3 (Valhalla)" <valhalla-list redhat com>
To: "Discussion of Red Hat Linux 7.3 (Valhalla)" <valhalla-list redhat com>
Subject: hacked
Date: Sun, 6 Jun 2004 13:52:14 +0200
MIME-Version: 1.0
Received: from mc10-f31.hotmail.com ([65.54.166.167]) by mc10-s4.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sun, 6 Jun 2004 04:01:47 -0700
Received: from hormel.redhat.com ([209.132.177.30]) by mc10-f31.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Sun, 6 Jun 2004 04:01:46 -0700
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com [10.8.4.110])by hormel.redhat.com (Postfix) with ESMTPid 58DF97302F; Sun, 6 Jun 2004 07:01:13 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com[172.16.52.254])by listman.util.phx.redhat.com (8.12.10/8.12.10) with ESMTP idi56B1ANv006930 for <valhalla-list listman util phx redhat com>;Sun, 6 Jun 2004 07:01:10 -0400
Received: (from mail localhost)by int-mx1.corp.redhat.com (8.11.6/8.11.6) id i56B1AN00838for valhalla-list listman util phx redhat com;Sun, 6 Jun 2004 07:01:10 -0400
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i56B1A000834for <valhalla-list redhat com>; Sun, 6 Jun 2004 07:01:10 -0400
Received: from net-products.nl (domino.net-products.nl [80.126.193.192])by mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i56B18i5001177for <valhalla-list redhat com>; Sun, 6 Jun 2004 07:01:09 -0400
X-Message-Info: jl7Vrt/mfsriyZGuqGlHfXyYVVP7xT6V
X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000
Message-ID: <OFBF5C3628 F9E42A27-ONC1256EAB 00405F47 nl>
X-MIMETrack: Serialize by Router on domino/net-products/nl(Release 5.0.12|February 13, 2003) at 06/06/2004 01:52:16 PM
X-RedHat-Spam-Score: 0.285
X-Loop: valhalla-list redhat com
X-BeenThere: valhalla-list redhat com
X-Mailman-Version: 2.1.5
Precedence: junk
List-Id: "Discussion of Red Hat Linux 7.3 (Valhalla)"<valhalla-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/listinfo/valhalla-list>,<mailto:valhalla-list-request redhat com?subject=unsubscribe>
List-Archive: </archives/valhalla-list>
List-Post: <mailto:valhalla-list redhat com>
List-Help: <mailto:valhalla-list-request redhat com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/valhalla-list>,<mailto:valhalla-list-request redhat com?subject=subscribe>
Errors-To: valhalla-list-bounces redhat com
Return-Path: valhalla-list-bounces redhat com
X-OriginalArrivalTime: 06 Jun 2004 11:01:46.0842 (UTC) FILETIME=[A8EC03A0:01C44BB5]



Hello, Since yesterday I have a huge network traffic increase

Is goes from a 12Gb to 45Gb a month.

Somebody is messing around.

I did the following:
Only access sshd with one ip-adress
changed password root (it was a #$%EEE123) alike password
reboot

Tasks server, directly connected to internet:
Its a ftp server voor authenticated users
Its a mail server running on IBM Domino 5.012 with is pretty (I think ...)
secure

When i take a look at /var/messages and /var/secure I see nothing strange

I am running kernel 2.4.20-28.7 on i686

Question:
1. How can I see which process is producing the traffic?
2. What else can I do?






_______________________________________________ Valhalla-list mailing list Valhalla-list redhat com https://www.redhat.com/mailman/listinfo/valhalla-list

_________________________________________________________________
Getting married? Find great tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]