I posted this a few days ago and got no response, so I thought I would try one more time.
On my MDK 8.1 firewall box, when I do "iptables -L", I notice an allowed client for all services (including ssh) that I did not add and do not recognize: root:/root> iptables -L | grep pvelm CLIENT udp -- pvelm-138.pv.k12.ny.us MyHostNameudp dpt:20 CLIENT tcp -- pvelm-138.pv.k12.ny.us MyHostNametcp dpt:ftp CLIENT udp -- pvelm-138.pv.k12.ny.us MyHostNameudp dpt:fsp CLIENT tcp -- pvelm-138.pv.k12.ny.us MyHostNametcp dpt:telnet CLIENT udp -- pvelm-138.pv.k12.ny.us MyHostNameudp dpt:23 CLIENT tcp -- pvelm-138.pv.k12.ny.us MyHostNametcp dpt:ssh CLIENT udp -- pvelm-138.pv.k12.ny.us MyHostNameudp dpt:ssh CLIENT tcp -- pvelm-138.pv.k12.ny.us MyHostNametcp dpt:pop3 CLIENT udp -- pvelm-138.pv.k12.ny.us MyHostNameudp dpt:pop3 CLIENT tcp -- pvelm-138.pv.k12.ny.us MyHostNametcp dpt:www CLIENT udp -- pvelm-138.pv.k12.ny.us MyHostNameudp dpt:www CLIENT tcp -- pvelm-138.pv.k12.ny.us MyHostNametcp Since I know little about iptables, I use an Open Source product called gScript to assist in configuring my firewall. Grepping though /etc and /etc/firewall (which is where the gScript config. lives), I find no reference to this client being allowed access. Have I been hacked? Anywhere else to look for evidence? Tim King [EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
