LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page Help: I think my system has been compromised!
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 06-29-2003, 04:39 PM   #1
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Rep: Reputation: 15
Help: I think my system has been compromised!

My current outgoing rate is 240 kbits/sec.

There's nothing on my network that should be uploading anything.

How can I check what is sending all this traffic and to where? I'm on RedHat 8.0.

It stopped as soon as I stopped xinetd. The only service I think xinetd runs is vsftpd. But I checked my log for vsftpd and there's nothing. So now, how do I root out the problem and secure it?

Thanks in advance.

Edited: Problem solved. Someone was in fact downloading from but vsftpd didn't log it until after it was over.
Last edited by Comatose51; 06-29-2003 at 05:13 PM.
 
Old 06-29-2003, 04:52 PM   #2
tr4nce
Member
 
Registered: Mar 2003
Location: Buenos Aires, Argentina
Distribution: Slackware-current
Posts: 75

Rep: Reputation: 15
maybe a NODE is down and you are actually the Supernode of your zone?
Last edited by tr4nce; 06-29-2003 at 04:53 PM.
 
Old 06-29-2003, 05:00 PM   #3
Comatose51
Member
 
Registered: Jan 2003
Location: New Haven, CT
Distribution: RedHat 8.0
Posts: 54

Original Poster
Rep: Reputation: 15
What are you talking about??? Kazaa? It's not running on any of my systems and xinetd and it's services seem to be the cause of it. I'm guessing it's vsftpd.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System possibly compromised kloppster Linux - Security 7 07-12-2004 03:30 PM
high speed system compromised witeshark Linux - Security 3 04-14-2004 03:53 PM
do these symptoms mean my system is compromised? jimlaur Linux - Security 10 03-18-2004 12:20 PM
System compromised BruceCadieux Linux - Security 20 09-29-2003 08:24 PM
System compromised? Comatose51 Linux - Security 3 07-11-2003 08:28 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 01:10 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration