Go Job Hunting at the LQ Job Marketplace
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 07-08-2004, 10:15 AM   #1
LQ Guru
Registered: Apr 2003
Location: nottingham england
Distribution: Gentoo
Posts: 2,672

Rep: Reputation: 47
hacked ? (netstat + top giving strance readings)

my hard drive went mad, and started thrashing aroung for no aparent reason,
no swap was in use, and i was just typing a letter.

i launched 'top' to try and see what was happening.
i saw the program "netstat" was being run by my user name.
also, dhcpd. which should not run.
and i know i did not launch it. is there any reason KDE would launch it ?

ALSO, when i ran netstat, i found 2 established connections on my machine
on ports HTTP and HTTPS (i had no web brobsers running, and the IP did not seem to belong to any website, looked like an ISP users address ?)

also, my machine refused to shutdown, i got a DMA timeout error on one of my hard disks.

anything to worry about ?

i think my machine should be quite secure.
my firewall is almost completely stealthed.
my machine does not respond to pings, and only has one port open (FastTrack P2P, which wasnt running at the time)

Last edited by qwijibow; 07-08-2004 at 10:26 AM.
Old 07-08-2004, 11:04 AM   #2
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
well... yes, it all sounds quite strange, at least for the ghostly dhcpd launch... I might even try to believe that a program could need some info in the netstat result, but dhcpd...
i think my machine should be quite secure. my firewall is almost completely stealthed.
it's a good start, but it's not the security panacea. Running programs with root privileges might make your firewall useless.
As far as I know, there are no explicit reasons to believe you've been hacked, just strong suspects.
All I can suggest you is to disconnect the computer from the internet, clone the HD (for research purposes) and try to see if you get some info in the /var/log directory.
You can also use some interesting tools like chkrootkit, rkhunter (rookit hunter) or tiger.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
column width for netstat,top,etc minm Linux - Newbie 4 12-06-2004 02:30 AM
system("top") in a C program giving problems when the C prg is run by cron rags2k Programming 1 09-02-2004 04:25 PM
everything (top and ps) is giving me weird problems In Core 2 blackphiber Linux - General 0 06-01-2004 02:43 AM
top command, being hacked? shanenin Linux - Software 4 10-30-2003 09:25 PM
CPU activity readings esteeven Linux - Hardware 2 03-10-2003 07:42 PM

All times are GMT -5. The time now is 12:02 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration