Re: suspicious connections

To: zelinsky@us.net
Cc: debian-user@lists.debian.org
Subject: Re: suspicious connections
From: Mitch Blevins <mblevin@mindspring.com>
Date: Sun, 7 Feb 1999 14:37:39 -0500
Message-id: <[🔎] E109a1T-0007pY-00@turd.mountaintop>
Reply-to: mblevin@debian.org
In-reply-to: <[🔎] m109YNH-00018jC@home>

In foo.debian-user, you wrote:
> I have a stand-alone machine, with dialup ppp connection (using diald).  I
> think someone was trying to hack me today, and I'd like advice on how to find
> out whether they succeded, and what to do about it.  I'd also appreciate
> suggestions on the easiest way to prevent, or at least monitor, such activity
> in the future.

You can get the iplogger package, which will log every tcp connection made
to your machine.  The lsof package is also useful for finding out if a
service is running on a port on your own machine.  I believe lsof is
kernel version dependent, so you may have to expirement some....

example:
[bash]$ lsof -i :22
COMMAND   PID USER   FD   TYPE     DEVICE SIZE/OFF INODE NAME
sshd    32211 root    6u  inet 0x0149ac0c      0t0   TCP *:ssh (LISTEN)

Also, if you are paranoid, I would suggest getting the tripwire package.
This will monitor your system for changed system files.

-Mitch

Reply to:

References:
- suspicious connections
  - From: zelinsky@us.net (David S. Zelinsky)

Prev by Date: Re: X-windows not working anymore...
Next by Date: Re: XFree86 Support for Muliheaded boxes
Previous by thread: suspicious connections
Next by thread: fvwm2 menu not working
Index(es):
- Date
- Thread