Hi!
I'm a Linux newbie, so I might have posted this message to the newbie board just as well, but perhaps this is the better board due to the particular security expertise found here.
Here's my situation:
Tonight I was running Red Hat 6.2 (on my dual-boot machine), connected to my ISP via PPP, simply surfing the web for a couple hours. Eventually, I was ready to shut things down, so I closed down the few browser windows that I had open. However, just as I was about to disconnect my modem connection, I just happened to notice that it nonetheless appeared to be steadily *maxing out* [downloading or uploading, I'm not sure which, at capacity]. This was at least 30 seconds after I had closed my few browser windows down. So, there is really no reason why my modem should have indicated any activity at all, as far as I know.
OK, here are my questions:
1. Does it seem likely/conceivable, given the description above, that someone could have been hacking my machine via PPP? (Or is there possibly some more benign explanation for what I was observing?)
2. How, if at all, might I determine if this was the case?
3. If this were to happen again in the future, specifically what (if anything) could/should I check while it is going on to diagnose what is happening?
4. Is there anything (practically feasible) that I can do to assess damage at this point?
Just one additional comment:
Ironically, I have recently been downloading and installing as many Red Hat security advisory patches on my machine as time permits, just to prevent any such mayhem.
Thanks for any suggestions/comments you may have,
Ben