[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Compromised-machine?? netbus- request from my debian-sid machine to outside IP to port 12345

hi ya "quadpolar" :-)

On Thu, 27 May 2004, tripolar wrote:

> I dont think so- The only thing I know of is firestarter (firewall). I 
> received some more messages the same except this time ports 1234 ( 
> service subseven) but going to a different outside IP.

post your logs (unedited, except for ip# ) you are reading/interpretting
	- you don't care that 100's of script kiddies are trying to make
	1000's of attempts to get into your pc

	- consider it a free audit of your systems 

	- if they got in ... you've got a serious, but solvable  major

what is the output of "netstat -nv"

	- you are looking for foreign address on whacky ports that have
	established connections to your local pc
	- if you cannot explain any of the those outside machines
	connected to your pc... you've probably need to get comments
	from the list "what does this line mean"

c ya

Reply to: