LinuxQuestions.org - hacked ? (netstat + top giving strance readings)

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - hacked ? (netstat + top giving strance readings) (https://www.linuxquestions.org/questions/linux-security-4/hacked-netstat-top-giving-strance-readings-202581/)

hacked ? (netstat + top giving strance readings)

my hard drive went mad, and started thrashing aroung for no aparent reason,
no swap was in use, and i was just typing a letter.

i launched 'top' to try and see what was happening.
i saw the program "netstat" was being run by my user name.
also, dhcpd. which should not run.
and i know i did not launch it. is there any reason KDE would launch it ?

ALSO, when i ran netstat, i found 2 established connections on my machine
on ports HTTP and HTTPS (i had no web brobsers running, and the IP did not seem to belong to any website, looked like an ISP users address ?)

also, my machine refused to shutdown, i got a DMA timeout error on one of my hard disks.

anything to worry about ?

i think my machine should be quite secure.
my firewall is almost completely stealthed.
my machine does not respond to pings, and only has one port open (FastTrack P2P, which wasnt running at the time)

well... yes, it all sounds quite strange, at least for the ghostly dhcpd launch... I might even try to believe that a program could need some info in the netstat result, but dhcpd...

Quote:

i think my machine should be quite secure. my firewall is almost completely stealthed.

it's a good start, but it's not the security panacea. Running programs with root privileges might make your firewall useless.
As far as I know, there are no explicit reasons to believe you've been hacked, just strong suspects.
All I can suggest you is to disconnect the computer from the internet, clone the HD (for research purposes) and try to see if you get some info in the /var/log directory.
You can also use some interesting tools like chkrootkit, rkhunter (rookit hunter) or tiger.