LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Help! My system's been compromised.... (http://www.linuxquestions.org/questions/linux-security-4/help-my-systems-been-compromised-254057/)

DaVenom 11-12-2004 12:17 PM

Help! My system's been compromised....
 
Hi...

I just started using the net from Linux. (Slackware 9.1 upgraded). I have followed a security tutorial and turned of ftp, finger, ntalk etc in the inetd.conf file.

I have a cable connection. Even if nothing is open, I seem to be receiveing packets according to Network Monitor 2.6.1.

NMapfe shows ssh, smtp and another called 'submission'. I am assuming that 'submission' is what I used to log on to my ISP(I got a small client from my ISP to do the authentication with their server). But I'm not sure. How do I find out if its legit and if its not these then why am I receiving packets.

Thanks
JJ

Mara 11-12-2004 02:49 PM

Receiving is usually not that bad. Is your machine sending something you don't know about?

When you're connected to the Net you get a number of scans, if you also run an SMTP server you get a number of tries to use it (for spaming, for example).

You can write down a certain period of transmission it/out and then look into this. From the tools you can use to get the traffic and then analyze it I recommend ethereal. If you don't know how to read TCP/IP you may have trouble, through. But at least you'll have something.


All times are GMT -5. The time now is 10:25 AM.