Mailing List Archive

Support open source code!


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tlug] Have I been hacked?



G'day,

I've been a bit worried about my RH6.2 system, which has been behaving oddly
lately. On occasions it gets sluggish, as though something is using the
network connection. People may recall that something zapped my "top"
some weeks ago and it no longer works.

Poking around, I notice the following when running tcpdump:

15:55:51.083588 eth0 > 0:0:0:0:0:0 0:10:a4:11:30:2a 66: CPE-144-132-16-104.vic.bigpond.net.au.1333 > proximity.globalgold.co.uk.www: tcp 0 (DF)

Now I am "CPE-144-132-16-104.vic.bigpond.net.au".  At the time of running
TCPdump I had no telnet/ssh/whatever connections up, and no browser running.

It also seems to pounding away at my ISP's DNS server.

Any suggestions what I should look for, if there are any nasty surprises
installed?

Jim

-- 
Jim Breen  [j.breen@example.com  http://www.csse.monash.edu.au/~jwb/]
Computer Science & Software Engineering,                Tel: +61 3 9905 3298
P.O Box 26, Monash University,                          Fax: +61 3 9905 5146
Clayton VIC 3800, Australia      ジム・ブリーン@モナシュ大学

Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links