Re: Possible Compromise - Need Suggestions
From: Jim Richardson (warlock_at_eskimo.com)
Date: 02/15/05
- Previous message: ANTant_at_zimage.com: "Re: Newbie can't log into his own wu-ftpd server..."
- In reply to: Jon: "Possible Compromise - Need Suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 15 Feb 2005 02:08:13 -0800
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 15 Feb 2005 14:58:59 +1300,
Jon <wiseguy@ihug.co.nz> wrote:
> Hi all,
>
> I recently (2-3 days ago) reinstalled my Linux Workstation. About a day
> after setting it up I noticed some weird outbound traffic in my firewall
> logs. I've set up my firewall to log but accept outbound traffic to
> non-standard ports. The destination ports for this traffic were in the
> 4000-5000 range. After noticing this I started logging everything to and
> from this ip. I've been busy at work so haven't had time to have a good look
> at this but a quick browse through the logs showed my box was also trying
> port 21 (telnet) on this IP. This certainly isn't me and nobody else has a
> shell.
>
port 21 is ftp, not telnet. Without more info, it would be hard to say.
But I'd suspect it was the update process, if you can catch the traffic
in the act so to speak, you can use netstat to find what process is
making the connection, and go from there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCEcoNd90bcYOAWPYRArl5AJ9p6ufPb2Tcq8BKKK7NJ2+tLQlNgACfYmCB
vqemxXI+KtvOoGjHBa8cbVc=
=akWq
-----END PGP SIGNATURE-----
-- Jim Richardson http://www.eskimo.com/~warlock Honesty may be the best policy, but insanity is a better defense.
- Previous message: ANTant_at_zimage.com: "Re: Newbie can't log into his own wu-ftpd server..."
- In reply to: Jon: "Possible Compromise - Need Suggestions"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
