Re: checking if my system is compromised
On Sat, 2007-04-07 at 15:33 -0700, Kamaraju Kusumanchi wrote:
> Hi all
>
> I am using Debian Etch (currently testing). Today from the abuse
> department of my ISP, I received the following warning (pasted in the
> end). My ISP has suspended my internet connection due to this.
> However, I am not able to track down the cause of the problem. I am
> wondering if anyone could help me out or tell me a better place to
> contact...
>
> I have used kopete sometime back to contact debian IRC channels.
> Other than that I have never heard of this undernet.org. I also cannot
> imagine a debian machine (especially with etch being so near to
> becoming stable) being compromised as a zombie.
>
> Here is what I have done so far
> 1) I have looked in various log files but could not find any
> suspicious activity.
>
> 2) I tried to register at http://forum.undernet.org but their system
> is not allowing me register my account.
>
> 3) I was not able to contact the original sender of the abuse report
> as there is no from address in the report forwarded to me. My ISP's
> abuse department is closed for the weekend and I am trying to resolve
> this issue before approaching them on Monday.
>
> Any ideas on how to determine+eliminate the root cause of this
> problem? Has anyone faced a similar problem before on Debian machines?
Do you run any proxy servers?
That is the big thing they scan for.
--
greg, greg@gregfolkert.net
Novell's Directory Services is a competitive product to Microsoft's
Active Directory in much the same way that the Saturn V is a competitive
product to those dinky little model rockets that kids light off down at
the playfield. -- Thane Walkup
Reply to: