LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-30-2006, 01:53 PM   #1
No.2
LQ Newbie
 
Registered: Oct 2006
Posts: 3

Rep: Reputation: 0
This is rather scary.


My fire wall firestarter says I have cheese worm trying to talk on 10008 yet I can't find any sign of it; no /tmp.cheese and a clean sweep with KlamAV of the whole system.

And I just had aMule start by its self with my whole / dir shared! And it froze every time I tried to change that.

Should I be worried?

Sabayon 3.0 running as user.
 
Old 10-30-2006, 03:40 PM   #2
sleepyEDB
Member
 
Registered: Dec 2005
Location: /USA/MI/Detroit/home
Distribution: MEPIS, antiX, RHEL
Posts: 105

Rep: Reputation: 15
Question

Do you have (or can you install if you don't) rootkit hunter or chkrootkit? They may be able to find something that KlamAV did not.


sleepy
 
Old 10-30-2006, 04:30 PM   #3
Hangdog42
LQ Veteran
 
Registered: Feb 2003
Location: Maryland
Distribution: Slackware
Posts: 7,803
Blog Entries: 1

Rep: Reputation: 422Reputation: 422Reputation: 422Reputation: 422Reputation: 422
Unplug this box from the network until you can figure out what is going on, and here is a good place to start. Having programs start by themselves and sharing entire partitions is not good.

Last edited by Hangdog42; 10-30-2006 at 04:31 PM.
 
Old 10-31-2006, 02:12 PM   #4
No.2
LQ Newbie
 
Registered: Oct 2006
Posts: 3

Original Poster
Rep: Reputation: 0
Thanks for the help guys. That site is awsome! I got a clean run with Klam rkhunter and chkrootkit. I added rkhunter to a daily cron job. There is no sign of Cheese worm. I have xinetd.conf and not inetd.conf so Cheese wouldn't have modded that. Thinking it must be something else trying to talk on 10008?? Reinstalled amule and no more issues. Now just to go through the CERT site.

Thanks again.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Scary step ... partitioning ... matelot Linux - Newbie 16 05-05-2006 04:20 PM
Oh boy this is scary floppywhopper General 14 03-09-2005 05:51 PM
scary stuff bikov_k Linux - General 1 01-10-2005 11:35 PM
This is scary davholla General 5 11-08-2004 06:25 PM
I am so new it's scary Cynthia Blue Linux - Newbie 5 12-11-2002 08:11 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration