Re: checking if my system is compromised

To: debian-user@lists.debian.org
Subject: Re: checking if my system is compromised
From: Michael Pobega <pobega@gmail.com>
Date: Sat, 7 Apr 2007 20:33:59 -0400
Message-id: <[🔎] 20070408003359.GB3593@localhost>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 1175985214.46181c3ea89d4@mail.bluebottle.com>
References: <[🔎] 1175985214.46181c3ea89d4@mail.bluebottle.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Apr 07, 2007 at 03:33:34PM -0700, Kamaraju Kusumanchi wrote:
> Hi all
> 
> I am using Debian Etch (currently testing). Today from the abuse
> department of my ISP, I received the following warning (pasted in
> the end). My ISP has suspended my internet connection due to this.
> However, I am not able to track down the cause of the problem. I
> am wondering if anyone could help me out or tell me a better place
> to contact...
>
> I have used kopete sometime back to contact debian IRC channels.
> Other than that I have never heard of this undernet.org. I also
> cannot imagine a debian machine (especially with etch being so
> near to becoming stable) being compromised as a zombie.
> 
> Here is what I have done so far 1) I have looked in various log files
> but could not find any suspicious activity.
> 
> 2) I tried to register at http://forum.undernet.org but their system
> is not allowing me register my account.
> 
> 3) I was not able to contact the original sender of the abuse report
> as there is no from address in the report forwarded to me. My ISP's
> abuse department is closed for the weekend and I am trying to resolve
> this issue before approaching them on Monday.
> 
> Any ideas on how to determine+eliminate the root cause of this
> problem? Has anyone faced a similar problem before on Debian machines?
> 
> thanks raju
> 

Are you using any type of firewall to block all incoming traffic?

The first thing I'd do would be to set up an iptables firewall, to block
all/most incoming traffic (Open up the ports you need, i.e.
Apache/Anything else). Try not to run too many abusable daemons, like
SSH/Telnet.

I'm not a security guru but I haven't really had too much trouble, since
I'm always bundled up behind a nice safe firewall. The only services I
have running are CUPS daemon and Apache.

- -- 
 <o) Debian GNU/Linux - Free as in Freedom                 
 /\\ http://digital-haze.net/~pobega/
_\_V Window Maker user, Debian enthusiast
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGGDh3/o7Q/FCvPe0RApUFAJ9Q+9xxR2F6zwl2mJuRobrXkeUcJQCghWhU
hLOeJsoSxuAIxnN1PV6N67U=
=OfiF
-----END PGP SIGNATURE-----

Reply to:

Follow-Ups:
- Re: checking if my system is compromised
  - From: Douglas Allan Tutty <dtutty@porchlight.ca>

References:
- checking if my system is compromised
  - From: Kamaraju Kusumanchi <kamaraju@bluebottle.com>

Prev by Date: Re: checking if my system is compromised
Next by Date: Re: Two video cards / Xorg crashes in sid
Previous by thread: Re: checking if my system is compromised
Next by thread: Re: checking if my system is compromised
Index(es):
- Date
- Thread