LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-07-2013, 09:07 PM   #1
ihermit
LQ Newbie
 
Registered: Jan 2013
Location: under the bridge
Distribution: Slackware 14 current
Posts: 14

Rep: Reputation: Disabled
Yes, it belonged in security


I need help, and fast, can someone please f&*$^@g answer me.

http://cbl.abuseat.org/lookup.cgi?ip=208.54.44.244

So I can clear this up.

Is this my computer (How the h#!!) that is infected, the T-Mobile 4-g router or my web/mail-server

If you read the link you'll see I have a serious *SECURITY* issue, please help.


Shit, I forgot to submit this damn post
 
Old 04-07-2013, 09:14 PM   #2
evo2
Guru
 
Registered: Jan 2009
Location: Japan
Distribution: Mostly Debian and Scientific Linux
Posts: 5,423

Rep: Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191Reputation: 1191
Hi,

there is lots of information on the page you linked to. Did you read it? Follow it?

Evo2.
 
Old 04-08-2013, 07:59 AM   #3
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
First, while your frustration is understandable, LQ is not the place for foul language and creative workarounds. Would you please edit your post to clean it it up.

By the title of your post, 'yes, it belonged in security', I assume you are referring to your other post that was moved to networking? If so, would you please elaborate on the connection between these issues? At first glance they do not appear to be related, unless for some reason your traffic from T-Mobile is being blocked.

With respect to this post, and your t-mobile account, the first thing that you need to determine is if the IP in question, 208.54.44.244, is a static or dynamic IP. If it is dynamic, it is possible that the 'report' is not caused by your system or activity, in which case they will likely wind up with a rolling set of IP addresses being blocked. Second, keep in mind that mobile providers are a common resource used by those who wish to perform ill deeds which means that you are more likely to experience false positives.

Is the machine in question a server of some form? If so, and especially if it does have a static IP address you need to perform an investigation into whether or not your system IS responsible for the bot net traffic, which could be an indication of a potential compromise. One advantage to performing an analysis and information gathering investigation is that it would build evidence that you can use if you are not at fault.

With the above in mind, would you please elaborate on your situation, and provide details as to exactly what it is that is happening, how many machines are being effected and what their function is, etc. We can certainly help you resolve the issue, but you need to work calmly and methodically.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
avoiding allocate uid/gid belonged to delete's users erodri07 Linux - Security 7 06-18-2012 06:32 PM
[Security Questions] Last Login, how good is this feature for security breach info? t3gah Linux - Security 2 06-14-2005 01:02 AM


All times are GMT -5. The time now is 01:12 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration