hacked

Mailing List

Home

Forum Home

Linux - General Red Hat Linux discussion list

Installation - Getting started with Red Hat Linux

Enterprise Linux 3 - Discussion of Red Hat Enterprise Linux 3 (Taroon)

Red Hat Linux 9 - Discussion of Red Hat Linux 9 (Shrike)

Red Hat Linux 7.2 - Discussion of Red Hat Linux 7.2 (Enigma)

Red Hat Linux 7.3 - Discussion of Red Hat Linux 7.3 (Valhalla)

Apache Web Server

Oracle database, Microsoft SQL server ...

Subjects

•	Subject: application/x mplayer2 plugin
•	RPM error: db4 error(16) from dbenv >remove: Device or resource busy
•	Command stream end of file while reading
•	Subject: X Windows problem (xauth)
•	Subject: Upgrading openoffice 1 1 rpm
•	Subject: FTP: connection refused
•	Subject: FTP: connection refused
•	mount: /dev/cdrom: is not a valid block device
•	Dell Precision 650, RedHat 9, no sound
•	how to trace the cause resulting in the crash of bind server
•	Virus on the list
•	UNINSTALL RPM MYSQL
•	usb pen drives: mounting as a user
•	Subject: broadcom network interface
•	make mrproper
•	Couldn 't open PID file /var/run/named/named pid Permission denied
•	sendmail configuration on redhat
•	kernel 2 6 and /dev/sound/mixer not found
•	Subject: Promise 378 controller
•	Subject: Problem using up2date
•	mrtg step by step howto/configuration for a newbie?
•	Compiling and Installing Kernel 2 6
•	Can 't locate module ppp0, can 't locate module ppp compress 21
•	Subject: Lotus Notes under Wine
•	HOW I CAN MAKE BOOTABLE FLOPPY DISKET
•	/etc/security/limits conf question
•	Intel E/1000 driver
•	rpm database corrupt
•	Command stream end of file while reading
•	qla2300 modules

hacked

hacked

2004-06-07 - By Girish Radhakrishnan

Back

Reply: 1 2 3 4 5 6 7

Are you sure there was nobody who just ftp'd a huge file sent or email to 10
people with a huge attachment.
Could you please check your ftp and email logs?

tcpdump is a good idea. I would also suggest some kind of ipchains or
firewall if you are directly connected to the Internet.

----Original Message Follows----
From: linux@(protected)
Reply-To: "Discussion of Red Hat Linux 7.3 (Valhalla)"
<valhalla-list@(protected)>
To: "Discussion of Red Hat Linux 7.3 (Valhalla)" <valhalla-list@(protected)>
Subject: hacked
Date: Sun, 6 Jun 2004 13:52:14 +0200
MIME-Version: 1.0
Received: from mc10-f31.hotmail.com ([65.54.166.167]) by mc10-s4.hotmail.com
with Microsoft SMTPSVC(5.0.2195.6824); Sun, 6 Jun 2004 04:01:47 -0700
Received: from hormel.redhat.com ([209.132.177.30]) by mc10-f31.hotmail.com
with Microsoft SMTPSVC(5.0.2195.6824); Sun, 6 Jun 2004 04:01:46 -0700
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com
[10.8.4.110])by hormel.redhat.com (Postfix) with ESMTPid 58DF97302F; Sun, 6
Jun 2004 07:01:13 -0400 (EDT)
Received: from int-mx1.corp.redhat.com
(int-mx1.corp.redhat.com[172.16.52.254])by listman.util.phx.redhat.com
(8.12.10/8.12.10) with ESMTP idi56B1ANv006930 for
<valhalla-list@(protected)>;Sun, 6 Jun 2004 07:01:10 -0400
Received: (from mail@(protected))by int-mx1.corp.redhat.com (8.11.6/8.11.6) id
i56B1AN00838for valhalla-list@(protected);Sun, 6 Jun 2004
07:01:10 -0400
Received: from mx1.redhat.com (mx1.redhat.com [172.16.48.31])by
int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id i56B1A000834for
<valhalla-list@(protected)>; Sun, 6 Jun 2004 07:01:10 -0400
Received: from net-products.nl (domino.net-products.nl [80.126.193.192])by
mx1.redhat.com (8.12.10/8.12.10) with ESMTP id i56B18i5001177for
<valhalla-list@(protected)>; Sun, 6 Jun 2004 07:01:09 -0400
X-Message-Info: jl7Vrt/mfsriyZGuqGlHfXyYVVP7xT6V
X-Mailer: Lotus Notes Release 5.0.5 September 22, 2000
Message-ID: <OFBF5C3628.F9E42A27-ONC1256EAB.00405F47@(protected)>
X-MIMETrack: Serialize by Router on domino/net-products/nl(Release
5.0.12|February 13, 2003) at 06/06/2004 01:52:16 PM
X-RedHat-Spam-Score: 0.285
X-Loop: valhalla-list@(protected)
X-BeenThere: valhalla-list@(protected)
X-Mailman-Version: 2.1.5
Precedence: junk
List-Id: "Discussion of Red Hat Linux 7.3
(Valhalla)"<valhalla-list.redhat.com>
List-Unsubscribe:
<https://www.redhat.com/mailman/listinfo/valhalla-list>,<mailto:valhalla-list
-request@(protected)?subject=unsubscribe>
List-Archive: </archives/valhalla-list>
List-Post: <mailto:valhalla-list@(protected)>
List-Help: <mailto:valhalla-list-request@(protected)?subject=help>
List-Subscribe:
<https://www.redhat.com/mailman/listinfo/valhalla-list>,<mailto:valhalla-list
-request@(protected)?subject=subscribe>
Errors-To: valhalla-list-bounces@(protected)
Return-Path: valhalla-list-bounces@(protected)
X-OriginalArrivalTime: 06 Jun 2004 11:01:46.0842 (UTC)
FILETIME=[A8EC03A0:01C44BB5]

Hello,
Since yesterday I have a huge network traffic increase

Is goes from a 12Gb to 45Gb a month.

Somebody is messing around.

I did the following:
Only access sshd with one ip-adress
changed password root (it was a #$%EEE123) alike password
reboot

Tasks server, directly connected to internet:
Its a ftp server voor authenticated users
Its a mail server running on IBM Domino 5.012 with is pretty (I think ...)
secure

When i take a look at /var/messages and /var/secure I see nothing strange

I am running kernel 2.4.20-28.7 on i686

Question:
1. How can I see which process is producing the traffic?
2. What else can I do?

__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list

__ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ ____ __
Getting married? Find great tips, tools and the latest trends at MSN Life
Events. http://lifeevents.msn.com/category.aspx?cid=married

__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list