being hacked?

To: debian-user@lists.debian.org
Cc: debian-user <debian-user@lists.debian.org>
Subject: being hacked?
From: "@(none)" <" ijbd\""@> (none)>
Date: Mon, 02 Feb 2004 01:34:29 +0100
Message-id: <[🔎] 200402020034.i120YEjw021631@smtp.hccnet.nl>
In-reply-to: <20040201031936.GD28081@kontryhel>
References: <20040130223246.GB7588@merlin.sccs.swarthmore.edu> <20040201031936.GD28081@kontryhel>

Hi,

in my sid installation the synaptics logon screen asking for rootpassword started warning about "could not grab keyboard, maliciousagent". Chkrootkit gave a "bindshell on port 1630" warning.

The warning was only generated when the adsl connection is on.
Can this be somebody('s bot) trying over adsl?

I have a hardware router/switch (sweex) with rather primitive firewall.Not very clear what it does.

Connection is ptpp/vpn with fixed ip#.

Made a new partition, installed new sid with serious password, installedbastille, planning to mount the existing partition for /home (reusingexisting /home and perhaps some /etc files). Is this safe?

This is my experimental machine, no real harm.

A different sarge machine chrootkits as "4 hidden processes, possibleLKM trojan", I bastilled this machine too. Google seemed to indicatethis may not be serious, it is a P4 with multiple threading (not enabledI think). Now I feel less secure.

My woody server (66 MHz) and a sarge (355 MHz) laptop have no chkrootkitwarnings (too slow for a hacker?).


Any other packages recommended for battening down the hatches?

mvg Boudewijn

Reply to:

Follow-Ups:
- Re: being hacked?
  - From: Adam Aube <aaube01@baker.edu>

Prev by Date: Re: A letter for Mr. Darl McBride - personal use
Next by Date: Re: problem with security.debian.org
Previous by thread: Re: plex86
Next by thread: Re: being hacked?
Index(es):
- Date
- Thread