Last week when i booted up my linux box and checked the "last" command i noticed that all the entries has been "erased".
Download and run chkrootkit
. One of it's features is to check system logs for signs of deletion using chkwtmp. You may need to compile chktmp in order for it to run that check. Could just be that the old wtmp was rotated out and now the new wtmp is empty.
A tcp port has been open and listening on 32768.
Probably just something that uses dynamic port assignment (could be a web browser, file shares, etc). Port 32768 is usually one of the first ports used and then as additional connections are needed it increments the port numbers (often you'll see it alternate between 32768+n and 1024+n). Run lsof -i to see what application is using the port.
What i can do to determined how the intruder got me?
Still don't have any evidence that you have been compromised. Download and run chkrootkit and go through your logs looking for any irregularities.
what is this port for?
Once your pretty sure that you haven't been compromised, do yourself a favor and take the time to install a file integrity scanner like tripwire, samhain, aide, etc. Ideally you'd want to install it immediately after installing the system and updating patches, but it will let you know with a single command whether any files have been altered (hopefully). Also turn off any un-needed server applications and verify all your patches are updated. There's also an ton of other security measures you can take, so do some reading in the security references thread.