LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-03-2006, 08:25 AM   #1
Palula
Member
 
Registered: May 2005
Location: Brazil
Distribution: Fedore Core 3
Posts: 138

Rep: Reputation: 15
Has my system been compromised?


Hi all!

Yesterday I got home late at night and was about to shutdown my linuxbox. It works as a router/firewall by the way.

The first strange thing was that the machine was crashed. Totally numb. This never happened. And the second thing was that when I shutted down the system, and when it rebooted, at some moment, gave me a prompt like this: "sh-300#"

Today I woke up and decided to take a look and didn't find anything weird... On the ps list I found a process running with this name: "inputattach". Does anybody know what this does. Anyway I don't remember if it was running already or not.

Thank you.
 
Old 02-03-2006, 08:29 AM   #2
satinet
Senior Member
 
Registered: Feb 2004
Location: England
Distribution: Slackware 11, Sabayon 3.1
Posts: 1,464

Rep: Reputation: 46
i believe this process is associated with serial devices and is not a trojan (etc) as you may be worried about.
 
Old 02-03-2006, 09:09 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,173
Blog Entries: 54

Rep: Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809Reputation: 2809
IMNSHO it isn't enough to counter a question about a (suspected) compromise with a single line answer starting with "I believe". Ask yourself, if this was a compromise, can any output be trusted? (No) Or, how hard is it to run a process under a different name? (Trivial). If you suspect something then get assurance the right way. And if, after going through the process, it appears to be a false positive, cool, in any case exercise should give you more knowledge and you likely will know somewhat better what to do when a "real" compromise turns up. Wanna know more? Check out the LQ FAQ: Security references under "Compromise, breach of security, detection".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System possibly compromised kloppster Linux - Security 7 07-12-2004 03:30 PM
do these symptoms mean my system is compromised? jimlaur Linux - Security 10 03-18-2004 12:20 PM
System compromised BruceCadieux Linux - Security 20 09-29-2003 08:24 PM
System compromised? Comatose51 Linux - Security 3 07-11-2003 08:28 AM
Help: I think my system has been compromised! Comatose51 Linux - General 2 06-29-2003 05:00 PM


All times are GMT -5. The time now is 02:33 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration