a port scan ran from my pc

ejkeebler · 05-05-2006, 09:18 AM

i noticed that a port scan ran from my pc, what do i need to check for to make sure i fix this security hole?

I reset the user account password they used (mythtv). but not sure if they somehow managed to get my root password. I have a wireless router, with only a few ports opened, for mythtv, remote desktop, etc. I dont broadcast my ssid, and have wep enabled, there does not seem to be any new services running from my linux box. then again, i really have no idea what to look for.

Any help would be greatly appreciated.

Thanks

ataraxia · 05-05-2006, 01:40 PM

Once a machine has been compromised, I wouldn't trust it no matter how much you can check for. Best to just reinstall it, and reinstall your data from backup.

raskin · 05-05-2006, 01:49 PM

What is source of confidence that scan was from that machine, and not just masquaraded?

ejkeebler · 05-05-2006, 02:08 PM

when i look in my history i see several entries that i did not type in that are suspect i.e

./start 80.52
./start 80.53
./start 80.54
./start 62.40
./start 62.41

etc, etc, etc and also an entry of paypal.php, i can also see a website where the app seems to have been downloaded. etc.

raskin · 05-05-2006, 02:12 PM

Then I tend to agree with the idea to reinstall.

ejkeebler · 05-05-2006, 02:14 PM

not the answer i was hoping for, but thats what i get for being lazy! thanks againg for the advice.