I am a complete security newb and have been very lax about learning so far, possibly now to my detriment. Perhaps I am being a drama queen, but I was talking to someone on icq last night who started threatening to haxor me. Shortly after that, the date on my kde clock started saying "moscow" instead of the date, and this was the output of netstat -tl:

I realise that the second line is X11 but it's the first and last that concern me, as they come and go. I use this PC to earn a living so I'm sure you can see why I'm concerned.

Well, I'm guessing you're an AOL user for a start!

Port 4443 is the port that AOL Instant Messenger uses and

$ cat /etc/services | grep "aol"

tells us that "aol" uses tcp port 5190. If you're NOT an aol user, I'd be concerned. Check your /etc/rc.d/ directory for anything suspicious (particuarly rc.local).

I'm afraid without further details, I can't be of much help.

mark

No I'm not an aol user, and not in the US. I just realised that the first and last two lines appear when I'm connected to icq in kopete, but I don't have aim configured in kopete (nor do I use it) so I don't see why I should have a connection to aol.

One thing that is also concerning is that the output of users when I first boot and log on (on the command line) is:

username

Once I startx, the output of users is:

username username

And at some point (like right now) that changes to:

username username username

When I exit x, log out and log in as root, it still says:

root username username

I can't say I've had much reason to ever use this command before but it doesn't look right to me.

I'm frantically trying to read up on security but any further input would be greatly appreciated.