Re: Compromised-machine?? netbus- request from my debian-sid machine to outside IP to port 12345
hi ya "quadpolar" :-)
On Thu, 27 May 2004, tripolar wrote:
> I dont think so- The only thing I know of is firestarter (firewall). I
> received some more messages the same except this time ports 1234 (
> service subseven) but going to a different outside IP.
post your logs (unedited, except for ip# ) you are reading/interpretting
- you don't care that 100's of script kiddies are trying to make
1000's of attempts to get into your pc
- consider it a free audit of your systems
- if they got in ... you've got a serious, but solvable major
what is the output of "netstat -nv"
- you are looking for foreign address on whacky ports that have
established connections to your local pc
- if you cannot explain any of the those outside machines
connected to your pc... you've probably need to get comments
from the list "what does this line mean"