Help: I think my system has been compromised!
My current outgoing rate is 240 kbits/sec.
There's nothing on my network that should be uploading anything.
How can I check what is sending all this traffic and to where? I'm on RedHat 8.0.
It stopped as soon as I stopped xinetd. The only service I think xinetd runs is vsftpd. But I checked my log for vsftpd and there's nothing. So now, how do I root out the problem and secure it?
Thanks in advance.
Edited: Problem solved. Someone was in fact downloading from but vsftpd didn't log it until after it was over.
Last edited by Comatose51; 06-29-2003 at 05:13 PM.
|