hacked machine ?

To: debian-user@lists.debian.org
Subject: hacked machine ?
From: "Matus \"fantomas\" Uhlar" <uhlar@fantomas.sk>
Date: Wed, 9 Dec 1998 10:30:12 +0100
Message-id: <[🔎] 19981209103012.B4811@fantomas.sk>
Mail-followup-to: debian-user@lists.debian.org

HEllo,
just yesterday I was logged to my debian machine from Sun solaris 2.5.1
machine using ssh;

when I closed session i saw message like "waiting for closing of forwarded
X11 sessions from <IP>"

I checked netstat on solaris - no connection from that IP;

I checked netstat on debian machine and there were few connectrions opened:
one to port 6000; one to finger port, one to ident port, one to portmap port
and one to poppassd port;

I saw also processes cfingerd, identd, portmap, poppassd and X;
in X i had xearth, xterm and netscape opened;

It seems someone hacked my machine; anyway i disabled all connections from
that IP and killed those processes; can anyone tell me where can be the
problem ?

-- 
 Matus "fantomas" Uhlar, sysadmin at NETLAB+ Kosice, Slovakia
 BIC coord for *.sk; admin of netlab.irc.sk; co-admin of irc.felk.cvut.cz

Reply to:

Prev by Date: Re: g++2.8, egcs, gcc 2.7.2, etc. - *very confused*
Next by Date: fetchmail & daemon mode
Previous by thread: Subject: Re: Linking Machines
Next by thread: fetchmail & daemon mode
Index(es):
- Date
- Thread