-   Linux - Security (
-   -   Help! My system's been compromised.... (

DaVenom 11-12-2004 01:17 PM

Help! My system's been compromised....

I just started using the net from Linux. (Slackware 9.1 upgraded). I have followed a security tutorial and turned of ftp, finger, ntalk etc in the inetd.conf file.

I have a cable connection. Even if nothing is open, I seem to be receiveing packets according to Network Monitor 2.6.1.

NMapfe shows ssh, smtp and another called 'submission'. I am assuming that 'submission' is what I used to log on to my ISP(I got a small client from my ISP to do the authentication with their server). But I'm not sure. How do I find out if its legit and if its not these then why am I receiving packets.


Mara 11-12-2004 03:49 PM

Receiving is usually not that bad. Is your machine sending something you don't know about?

When you're connected to the Net you get a number of scans, if you also run an SMTP server you get a number of tries to use it (for spaming, for example).

You can write down a certain period of transmission it/out and then look into this. From the tools you can use to get the traffic and then analyze it I recommend ethereal. If you don't know how to read TCP/IP you may have trouble, through. But at least you'll have something.

All times are GMT -5. The time now is 06:35 PM.