Re: [newbie] [Fwd: have I been hacked??]
Stephen Kuhn wrote: Grab iptraf from one of the contrib mirrors - tells you everything you want to know about the network traffic on your system and network...really...it's a great tool, mate... Grabbed it, installed it - nice display. But how do I interpret the info it provides? Or to put it another way, if I'm being hacked, what should I expect to see? -- Graham Watkins On the whole, I preferred cats to women because cats seldom if ever used the word relationship.(Kinky Friedman - Greenwich Killing Time) Registered Linux user number 265254 http://counter.li.org Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] [Fwd: have I been hacked??]
On Sun, 2003-09-21 at 18:28, Graham Watkins wrote: Stephen Kuhn wrote: Grab iptraf from one of the contrib mirrors - tells you everything you want to know about the network traffic on your system and network...really...it's a great tool, mate... Grabbed it, installed it - nice display. But how do I interpret the info it provides? Or to put it another way, if I'm being hacked, what should I expect to see? Just by watching the traffic and ports you should be able to discern what is going on. With the system at a standstill, set the logging options - and watch - for a while - if you've only got email being fetched and the likes, you'll be able to discern from the traffic - via the IP's and the interface they're operating on - just what is what... TCP ports 25 and 110 - mailport 80 is http...and etc... stephen kuhn - owner == illawarra computer services a kuhn media australia company http://kma.0catch.com -- * This message was composed on a 100% Microsoft free computer * We expressly refuse to utilise Microsoft DRM encoded documents -- Dear Sir, I am firmly opposed to the spread of microchips either to the home or to the office, We have more than enough of them foisted upon us in public places. They are a disgusting Americanism, and can only result in the farmers being forced to grow smaller potatoes, which in turn will cause massive un- employment in the already severely depressed agricultural industry. Yours faithfully, Capt. Quinton D'Arcy, J.P. Sevenoaks -- Letters To The Editor, The Times of London Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
Re: [newbie] [Fwd: have I been hacked??]
On Sun, 2003-09-21 at 10:22, mike wrote: Hi all, recently I have noticed a lot of small traffic thru my internet connection ( eth1 ) even when I'm not surfing. How Can I determine if I'm being used as a zombie, or have otherwise been compromised? I use a cable modem, and share this with my wifes windoze box. I run firestarter as the firewall. any suggestions? Grab iptraf from one of the contrib mirrors - tells you everything you want to know about the network traffic on your system and network...really...it's a great tool, mate... stephen kuhn - owner == illawarra computer services a kuhn media australia company http://kma.0catch.com -- * This message was composed on a 100% Microsoft free computer * We expressly refuse to utilise Microsoft DRM encoded documents -- Actually, typing random strings in the Finder does the equivalent of filename completion. (Discussion in comp.os.linux.misc on the intuitiveness of commands: file completion vs. the Mac Finder.) Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
