LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Mandriva (http://www.linuxquestions.org/questions/mandriva-30/)
-   -   hacker attack? (http://www.linuxquestions.org/questions/mandriva-30/hacker-attack-179208/)

firestomper41 05-08-2004 03:52 AM

hacker attack?
 
I am wanting to know if it is possible for someone on the internet (hacker) to get access into my mandrake 9.1 distro (without a firewall ) and do something that would cause it to reboot unexpectedly?

Just need to know as was on the internet and reading about smoothwall and listing to some music, and out of the blue my machine reboots ! :mad:

equinox 05-08-2004 04:23 AM

i think maybe rootkits...

drowstar 05-08-2004 04:31 AM

Hi firestomper41,
first, to answer your question: This is highly unlikely.

You can check your system's logs from right before the shutdown (or reboot for that matter), if you like, with this command:
Code:

cat /var/log/messages | grep "runlevel: 0" -B 5
This command shows the content of your logs and shows you five lines before the system reported that it would shut down now.
It should say somewhere in there, why the computer decided a reboot was necessary. You might want to use a larger value than 5, if it just gives you the same stuff over and over.

I hope this gives you a clue as to what really happened,
- drowstar

Let me add a little something, which is of concern to me and many people in the free software community:
Your usage of the term "hacker" is somewhat inaccurate. Hackers are the good guys, who find security holes and report (not exploit) them. In fact, you stand a good chance of meeting some here on linuxquestions.
The correct term for this [insert not-nice term here] is "cracker".

unSpawn 05-08-2004 05:30 AM

Crackers usually have no reason to reboot the system. The like to remain as much invisible and their processes to go unnoticed as possible. So no opening CD trays and malarky like that... Drowstar is right. Logs are the first place to check. Also check "last -30". If your box crashed for an unknown reason this could show an entry showing "crash" instead og logout time. Check your messages for system oopses. Reboots not initiated by users or apps usually are due to overheating (overclocking) or bad RAM.

firestomper41 05-08-2004 10:20 AM

The only thing that i can find under the logs that is strange is that at about 10.30 i connected to the net and it gives information about the local ip address and remote address and primary & secondary dns address and then the entry after that is restart at 10.44. So it must have been some kind of ppp error that caused it to restart, this could make sense as i was connected at the time when it restarted.

Just out interest: how safe is a linux machine without a firewall active?

beejayzed 05-09-2004 02:44 AM

Many 9.1 has a build in firewall, if you want one. You can activate it with mcc.

firestomper41 05-09-2004 09:25 AM

Have looked at that and seems complicated to setup as i don't know what to enter. For a windows user this is quite imtimidating as with windows it is activate and go, and with this you have to tell it what you want firewalled.

beejayzed 05-09-2004 04:33 PM

Welll, are you acting as a server of any kind? I'm not, so I just leave 'em all unchecked.

trey85stang 05-09-2004 04:35 PM

I have to disagree with some of the comments in this thread... if a "cracker" hacked your system.. I am sure the logs would be cleaned (if the cracker is indeed a cracker). If a cracker is going to break into a system he/she will cover up all traces of entry.

the most common mistake a novice "cracker" will make.. is forgetting to remove his commands .bash_history. That would be the first place I would look if any thing is suspected. If your system is acting weird.. and diffren't for no apparent reason and you think you may of been hacked... I would backup what you need... and debug the drive and reinstall


All times are GMT -5. The time now is 10:53 PM.