Hi,
On Thu, 25 Feb 1999 [EMAIL PROTECTED] wrote:
> I noticed activity from a program linsniff on my system.
> I am suspicious about it.
Well, you definetely should. Do you see the program in the process table?
You should disconnect the network from that machine, if possible. Then go
and look for that bastard.
> I did a locate linsniff, but did not find anything with ls -al like linsniff
> where it was reported to be.
Look for hidden directories in /tmp or /var/tmp.
> As a precaution I have changed all passwords.
A good start. But you should go and look for the sniffer itself and how he
was able to break in. Did you upgrade the wu-ftpd?
> Please tell me that I'm not the victim a a hacker attempt. :-))
Well, it _could_ be an intrusion. Better check your system thoroughly.
Also look for trojans, maybe the intruder modified some binaries.
"rpm -Va" will give you a list of modified files (assuming that the RPM
database is still intact)
Good luck!
Bye,
LenZ
--
------------------------------------------------------------------
Lenz Grimmer SuSE GmbH
mailto:[EMAIL PROTECTED] Schanzaeckerstr. 10
http://www.suse.de/~grimmer 90443 Nuernberg, Germany
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
