LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-24-2007, 05:03 PM   #1
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Rep: Reputation: 30
Unhappy What to do when i feel suspecious


Hi,
Just today i was used the command iptraf and found an ip that is accessing my server (or trying to access) using ftp. Basically there is no ftp user in my server except myself. thus it was suspecious. I was logged in the server using ssh from remote. Thus there was no way to terminate the connection using ifdown eth0. what should i do when i found an ip is accessing in a port and when i want to stop (kill the session) him? i mean what are the was/commands?also how can i know what he is actually doing?I need to kill say A.A.A.A since he is accessing my server on ftp. or more clearely, when many people are accessing ftp, only that person? And is there any other way to get know except iptraf?

please help me...
 
Old 03-24-2007, 05:18 PM   #2
{BBI}Nexus{BBI}
Senior Member
 
Registered: Jan 2005
Location: Nottingham, UK
Distribution: Mageia 6, KDE Neon
Posts: 4,313

Rep: Reputation: 212Reputation: 212Reputation: 212
who -u will display logged in users along with their pid (not sure if that applies to ftp users also). You can then use the kill command to kill the unauthorised user. Ethereal is a good program to monitor incoming & outgoing traffic. Typing as root: netstat -atu will show you a list of udp & tcp sockets that are open.
 
Old 03-24-2007, 08:08 PM   #3
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Do you have any ftp-related entries in your ftp or system logs?
 
Old 03-25-2007, 01:39 AM   #4
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Original Poster
Rep: Reputation: 30
well, great mistake i did is no ftp log.

but what to terminate a connection (like if an ip is consuming a huge bandwidth in www/ftp and i just want to kill his session but to alive others...)
 
Old 03-25-2007, 12:26 PM   #5
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Well you can kill his session by terminating the process ID like {BBI}Nexus{BBI} mentioned. You can also block his IP using iptables.

That being said, it's important to determine if he had access to the system, especially if you don't allow anonymous FTP.
 
Old 03-25-2007, 04:40 PM   #6
aq_mishu
Member
 
Registered: Sep 2005
Location: Bangladesh
Distribution: RH 7.2, 8, 9, Fedora
Posts: 217

Original Poster
Rep: Reputation: 30
Unhappy

huh... ftp is not working... see the http://www.linuxquestions.org/questi...54#post2684454 for more details...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I feel much better since......... munsterling LinuxQuestions.org Member Intro 3 03-24-2006 11:47 AM
I feel sorry for myself flex447 Slackware 11 01-07-2006 01:54 AM
look and feel brickbat Linare 1 09-26-2004 12:39 AM
ok ok i feel like a newb xxrealmsxx Linux - Software 6 03-01-2004 10:35 AM
I feel a little silly asking this... psyklops Linux - General 5 08-25-2003 02:28 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:11 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration