[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

being hacked?


in my sid installation the synaptics logon screen asking for root password started warning about "could not grab keyboard, malicious agent". Chkrootkit gave a "bindshell on port 1630" warning.
The warning was only generated when the adsl connection is on.
Can this be somebody('s bot) trying over adsl?
I have a hardware router/switch (sweex) with rather primitive firewall. Not very clear what it does.
Connection is ptpp/vpn with fixed ip#.
Made a new partition, installed new sid with serious password, installed bastille, planning to mount the existing partition for /home (reusing existing /home and perhaps some /etc files). Is this safe?
This is my experimental machine, no real harm.

A different sarge machine chrootkits as "4 hidden processes, possible LKM trojan", I bastilled this machine too. Google seemed to indicate this may not be serious, it is a P4 with multiple threading (not enabled I think). Now I feel less secure.

My woody server (66 MHz) and a sarge (355 MHz) laptop have no chkrootkit warnings (too slow for a hacker?).

Any other packages recommended for battening down the hatches?

mvg Boudewijn

Reply to: