 | | | hacked | hacked 2004-06-07 - By John Ceballos-contr
Back
Have you done a ps- ef on the box to see at least what processes are running?
Another thing that you can do is do a tcpdump -i ethX where X is the number of
the network interface that you want to look at. I would redirect this to a file
and then look at it later. Let this go for a couple of minutes. After that, do
a control-C to get out of it. Open up the file you just created and see what is
happening on your NIC. THis should another thing that should give you a better
view of what is happening with your computer. The last thing is go through the
rc.d files and see if there are any programs that are starting up that you don
't know about. Well, I hope this helps.
>>> linux@(protected) 6/6/2004 7:52:14 AM >>>
Hello,
Since yesterday I have a huge network traffic increase
Is goes from a 12Gb to 45Gb a month.
Somebody is messing around.
I did the following:
Only access sshd with one ip-adress
changed password root (it was a #$%EEE123) alike password
reboot
Tasks server, directly connected to internet:
Its a ftp server voor authenticated users
Its a mail server running on IBM Domino 5.012 with is pretty (I think ...)
secure
When i take a look at /var/messages and /var/secure I see nothing strange
I am running kernel 2.4.20-28.7 on i686
Question:
1. How can I see which process is producing the traffic?
2. What else can I do?
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list
|
|
|