Help! My system's been compromised....
I just started using the net from Linux. (Slackware 9.1 upgraded). I have followed a security tutorial and turned of ftp, finger, ntalk etc in the inetd.conf file.
I have a cable connection. Even if nothing is open, I seem to be receiveing packets according to Network Monitor 2.6.1.
NMapfe shows ssh, smtp and another called 'submission'. I am assuming that 'submission' is what I used to log on to my ISP(I got a small client from my ISP to do the authentication with their server). But I'm not sure. How do I find out if its legit and if its not these then why am I receiving packets.
Receiving is usually not that bad. Is your machine sending something you don't know about?
When you're connected to the Net you get a number of scans, if you also run an SMTP server you get a number of tries to use it (for spaming, for example).
You can write down a certain period of transmission it/out and then look into this. From the tools you can use to get the traffic and then analyze it I recommend ethereal. If you don't know how to read TCP/IP you may have trouble, through. But at least you'll have something.
|All times are GMT -5. The time now is 11:34 PM.|