LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-21-2009, 01:37 AM   #1
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,190
Blog Entries: 23

Rep: Reputation: 278Reputation: 278Reputation: 278
Talking Attack from [unknown]


Hi,

Last night, I had a pop-up asking the root pass, when I looked at the details, I saw "unknown" as source/name, and I canceled the login.
Possibly an attack. Cat I trace this back? Does that leave traces?
Of course, I'm not nifected/hacked as I denied this access, but is THIS how attacks (can) occur in Linux? Of course, windoze would have gone flat on its back for this...

Eh, just curious...

Thor
 
Old 06-21-2009, 01:46 AM   #2
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
Quote:
Originally Posted by linusr@flanders View Post
Last night, I had a pop-up asking the root pass, when I looked at the details, I saw "unknown" as source/name, and I canceled the login.
Possibly an attack. Cat I trace this back? Does that leave traces?
Of course, I'm not nifected/hacked as I denied this access, but is THIS how attacks (can) occur in Linux? Of course, windoze would have gone flat on its back for this...

Eh, just curious...

Thor
"pop-up"? on a webpage or? How did you receive this pop-up? what application where you using when this happened?
 
Old 06-21-2009, 01:52 AM   #3
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,190
Blog Entries: 23

Original Poster
Rep: Reputation: 278Reputation: 278Reputation: 278
Hi & tnx,

It was the system pop-up, the one you get when you try to do something big, such as changing the firewall settings for example, I was about to do a security update (ssl and C) but of course, I am very frequently on the net, my Firefox is open to a lot of stuff, including Facebook at the time.

Since I did'nt see any source I could trust I canceled the login. Possibly avoiding a system-wide infection...I guess.

Thor
 
Old 06-21-2009, 02:12 AM   #4
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
Quote:
Originally Posted by linusr@flanders View Post
It was the system pop-up, the one you get when you try to do something big, such as changing the firewall settings for example
I'm unimpressed with your wording of the question and your reply to my question (what app..?). Sounds like you tried to make a change to your config via a gui and your system asked for your password. This is normal.
Now if you where at a website and your browser asked for your root password sounds like you should try another website.
 
Old 06-21-2009, 02:34 AM   #5
Thor_2.0
Senior Member
 
Registered: Nov 2007
Location: Somewhere on my hard drive...
Distribution: Manjaro
Posts: 2,190
Blog Entries: 23

Original Poster
Rep: Reputation: 278Reputation: 278Reputation: 278
Oh, ok, then. I may just have "lost my way" - it just popped up, I canceled, end-of-line (to quote the MCP in Tron...)...

May just have to pay more attention in the future...

I guess that a drive-by infection (just opening a webpage) _could_ in theory do that, it up to me then to pay attention. As usual.

Of course, as soon as F10 pops up a request to install security-related updates, I immediately do allow these, but that happens without a password...

Eh, possibly a "dudd"...

Tnx!

Thor
 
Old 06-21-2009, 02:59 AM   #6
micxz
Senior Member
 
Registered: Sep 2002
Location: CA
Distribution: openSuSE, Cent OS, Slackware
Posts: 1,131

Rep: Reputation: 75
aight' funny guy
 
  


Reply

Tags
attack, hacked, login, root


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Unknown Netbios Packets to Unknown Network fukawi2 Linux - Networking 2 09-17-2007 06:41 PM
Please do not attack me anasmich General 1 08-28-2007 11:48 AM
Possible Attack Jason72 Linux - Security 7 08-06-2007 06:55 PM
Does anyone see attack like this? fedora4002 Linux - Security 1 01-30-2007 05:04 PM
Help I am UNDER ATTACK... needamiracle Linux - Security 28 04-22-2003 12:06 PM


All times are GMT -5. The time now is 08:04 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration