 | | | hacked | hacked 2004-06-07 - By Harry Hambi
Back
Hi,
DO U MEAN tcpdump -i ethx x= 1p address 0f interface, when I run this
command I get
Bind: no such device
-- --Original Message-- --
From: valhalla-list-bounces@(protected)
[mailto:valhalla-list-bounces@(protected)] On Behalf Of John
Ceballos-contr
Sent: 07 June 2004 14:39
To: linux@(protected); valhalla-list@(protected)
Subject: Re: hacked
Have you done a ps- ef on the box to see at least what processes are
running? Another thing that you can do is do a tcpdump -i ethX where X
is the number of the network interface that you want to look at. I would
redirect this to a file and then look at it later. Let this go for a
couple of minutes. After that, do a control-C to get out of it. Open up
the file you just created and see what is happening on your NIC. THis
should another thing that should give you a better view of what is
happening with your computer. The last thing is go through the rc.d
files and see if there are any programs that are starting up that you
don't know about. Well, I hope this helps.
>>> linux@(protected) 6/6/2004 7:52:14 AM >>>
Hello,
Since yesterday I have a huge network traffic increase
Is goes from a 12Gb to 45Gb a month.
Somebody is messing around.
I did the following:
Only access sshd with one ip-adress
changed password root (it was a #$%EEE123) alike password reboot
Tasks server, directly connected to internet:
Its a ftp server voor authenticated users
Its a mail server running on IBM Domino 5.012 with is pretty (I think
...) secure
When i take a look at /var/messages and /var/secure I see nothing
strange
I am running kernel 2.4.20-28.7 on i686
Question:
1. How can I see which process is producing the traffic?
2. What else can I do?
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list
http://www.bbc.co.uk/ - World Wide Wonderland
This e-mail (and any attachments) is confidential and may contain
personal views which are not the views of the BBC unless specifically
stated.
If you have received it in error, please delete it from your system.
Do not use, copy or disclose the information in any way nor act in
reliance on it and notify the sender immediately. Please note that the
BBC monitors e-mails sent or received.
Further communication will signify your consent to this.
__ ____ ____ ____ ____ ____ ____ ____ ____ ____
Valhalla-list mailing list
Valhalla-list@(protected)
https://www.redhat.com/mailman/listinfo/valhalla-list
|
|
|