LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-08-2004, 09:15 AM   #1
qwijibow
Guru
 
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
hacked ? (netstat + top giving strance readings)


my hard drive went mad, and started thrashing aroung for no aparent reason,
no swap was in use, and i was just typing a letter.

i launched 'top' to try and see what was happening.
i saw the program "netstat" was being run by my user name.
also, dhcpd. which should not run.
and i know i did not launch it. is there any reason KDE would launch it ?

ALSO, when i ran netstat, i found 2 established connections on my machine
on ports HTTP and HTTPS (i had no web brobsers running, and the IP did not seem to belong to any website, looked like an ISP users address ?)

also, my machine refused to shutdown, i got a DMA timeout error on one of my hard disks.

anything to worry about ?

i think my machine should be quite secure.
my firewall is almost completely stealthed.
my machine does not respond to pings, and only has one port open (FastTrack P2P, which wasnt running at the time)

Last edited by qwijibow; 07-08-2004 at 09:26 AM.
 
Old 07-08-2004, 10:04 AM   #2
TheIrish
Member
 
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
well... yes, it all sounds quite strange, at least for the ghostly dhcpd launch... I might even try to believe that a program could need some info in the netstat result, but dhcpd...
Quote:
i think my machine should be quite secure. my firewall is almost completely stealthed.
it's a good start, but it's not the security panacea. Running programs with root privileges might make your firewall useless.
As far as I know, there are no explicit reasons to believe you've been hacked, just strong suspects.
All I can suggest you is to disconnect the computer from the internet, clone the HD (for research purposes) and try to see if you get some info in the /var/log directory.
You can also use some interesting tools like chkrootkit, rkhunter (rookit hunter) or tiger.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
column width for netstat,top,etc minm Linux - Newbie 4 12-06-2004 01:30 AM
system("top") in a C program giving problems when the C prg is run by cron rags2k Programming 1 09-02-2004 03:25 PM
everything (top and ps) is giving me weird problems In Core 2 blackphiber Linux - General 0 06-01-2004 01:43 AM
top command, being hacked? shanenin Linux - Software 4 10-30-2003 08:25 PM
CPU activity readings esteeven Linux - Hardware 2 03-10-2003 06:42 PM


All times are GMT -5. The time now is 08:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration