Re: suspicious connections
In foo.debian-user, you wrote:
> I have a stand-alone machine, with dialup ppp connection (using diald). I
> think someone was trying to hack me today, and I'd like advice on how to find
> out whether they succeded, and what to do about it. I'd also appreciate
> suggestions on the easiest way to prevent, or at least monitor, such activity
> in the future.
You can get the iplogger package, which will log every tcp connection made
to your machine. The lsof package is also useful for finding out if a
service is running on a port on your own machine. I believe lsof is
kernel version dependent, so you may have to expirement some....
example:
[bash]$ lsof -i :22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF INODE NAME
sshd 32211 root 6u inet 0x0149ac0c 0t0 TCP *:ssh (LISTEN)
Also, if you are paranoid, I would suggest getting the tripwire package.
This will monitor your system for changed system files.
-Mitch
Reply to: