LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices



Reply
 
Search this Thread
Old 05-08-2004, 04:52 AM   #1
firestomper41
Member
 
Registered: Feb 2004
Location: Switzerland, Zimbabwe
Distribution: Suse 10.1
Posts: 78

Rep: Reputation: 15
hacker attack?


I am wanting to know if it is possible for someone on the internet (hacker) to get access into my mandrake 9.1 distro (without a firewall ) and do something that would cause it to reboot unexpectedly?

Just need to know as was on the internet and reading about smoothwall and listing to some music, and out of the blue my machine reboots !
 
Old 05-08-2004, 05:23 AM   #2
equinox
Member
 
Registered: Dec 2003
Location: Johannesburg, South Africa
Posts: 846

Rep: Reputation: 30
i think maybe rootkits...
 
Old 05-08-2004, 05:31 AM   #3
drowstar
Member
 
Registered: Apr 2004
Location: Germany
Distribution: Slackware, Gentoo, Fedora
Posts: 205

Rep: Reputation: 30
Hi firestomper41,
first, to answer your question: This is highly unlikely.

You can check your system's logs from right before the shutdown (or reboot for that matter), if you like, with this command:
Code:
cat /var/log/messages | grep "runlevel: 0" -B 5
This command shows the content of your logs and shows you five lines before the system reported that it would shut down now.
It should say somewhere in there, why the computer decided a reboot was necessary. You might want to use a larger value than 5, if it just gives you the same stuff over and over.

I hope this gives you a clue as to what really happened,
- drowstar

Let me add a little something, which is of concern to me and many people in the free software community:
Your usage of the term "hacker" is somewhat inaccurate. Hackers are the good guys, who find security holes and report (not exploit) them. In fact, you stand a good chance of meeting some here on linuxquestions.
The correct term for this [insert not-nice term here] is "cracker".
 
Old 05-08-2004, 06:30 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,743
Blog Entries: 54

Rep: Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972Reputation: 2972
Crackers usually have no reason to reboot the system. The like to remain as much invisible and their processes to go unnoticed as possible. So no opening CD trays and malarky like that... Drowstar is right. Logs are the first place to check. Also check "last -30". If your box crashed for an unknown reason this could show an entry showing "crash" instead og logout time. Check your messages for system oopses. Reboots not initiated by users or apps usually are due to overheating (overclocking) or bad RAM.

Last edited by unSpawn; 05-08-2004 at 06:31 AM.
 
Old 05-08-2004, 11:20 AM   #5
firestomper41
Member
 
Registered: Feb 2004
Location: Switzerland, Zimbabwe
Distribution: Suse 10.1
Posts: 78

Original Poster
Rep: Reputation: 15
The only thing that i can find under the logs that is strange is that at about 10.30 i connected to the net and it gives information about the local ip address and remote address and primary & secondary dns address and then the entry after that is restart at 10.44. So it must have been some kind of ppp error that caused it to restart, this could make sense as i was connected at the time when it restarted.

Just out interest: how safe is a linux machine without a firewall active?

Last edited by firestomper41; 05-08-2004 at 11:21 AM.
 
Old 05-09-2004, 03:44 AM   #6
beejayzed
Member
 
Registered: Jan 2004
Location: Auckland, New Zealand
Distribution: Ubuntu
Posts: 686

Rep: Reputation: 30
Many 9.1 has a build in firewall, if you want one. You can activate it with mcc.
 
Old 05-09-2004, 10:25 AM   #7
firestomper41
Member
 
Registered: Feb 2004
Location: Switzerland, Zimbabwe
Distribution: Suse 10.1
Posts: 78

Original Poster
Rep: Reputation: 15
Have looked at that and seems complicated to setup as i don't know what to enter. For a windows user this is quite imtimidating as with windows it is activate and go, and with this you have to tell it what you want firewalled.
 
Old 05-09-2004, 05:33 PM   #8
beejayzed
Member
 
Registered: Jan 2004
Location: Auckland, New Zealand
Distribution: Ubuntu
Posts: 686

Rep: Reputation: 30
Welll, are you acting as a server of any kind? I'm not, so I just leave 'em all unchecked.
 
Old 05-09-2004, 05:35 PM   #9
trey85stang
Senior Member
 
Registered: Sep 2003
Posts: 1,091

Rep: Reputation: 41
I have to disagree with some of the comments in this thread... if a "cracker" hacked your system.. I am sure the logs would be cleaned (if the cracker is indeed a cracker). If a cracker is going to break into a system he/she will cover up all traces of entry.

the most common mistake a novice "cracker" will make.. is forgetting to remove his commands .bash_history. That would be the first place I would look if any thing is suspected. If your system is acting weird.. and diffren't for no apparent reason and you think you may of been hacked... I would backup what you need... and debug the drive and reinstall
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Apparent hacker Attack lenlutz Linux - Security 2 10-14-2005 09:10 AM
Hacker attack carrion Linux - Security 11 08-23-2004 03:03 PM
Hacker proof Joey.Dale Linux - General 2 08-11-2003 09:19 PM
hacker attack? zetsui Linux - General 4 08-04-2003 07:03 AM
Hacker Forums Volcom Slackware 1 05-26-2003 06:18 PM


All times are GMT -5. The time now is 06:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration