Re: Urgent!!! My computer seems to be hacked, pls HELP!!!



"Jenny" <ahajenny@xxxxxxxxx> writes:
Dear groups,

My computer was told that it sent unusual packets from port 60609 to
some computer with IP 61.50.138.237 port 22. (more than 20 flows per
second!!!)

I am running Fedora Core 5 plus "OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct
2005", I use netstat to check services I open, only mysql, samba,
vsftp, ssh, http.

I check /var/log, message and security. I can't find any successful
logging from others. But I do find many many attacks from 61.50.138.*
(not including the one 61.50.138.237 which my computer attacked!!!),
and none of them successes.

I have some questions to ask all of you, please help me!!!

1. is my computer hacked? if no, then why my computer sends packets
from port 60609 to some computer port 22 ?

If neither you nor any authorized user to your knowledge is using the
machine then this ssh connection to an IP in china is very likely a
compromise.

2. if my computer is hacked, then what can I do? reinstalling the
system is the only way???

Yup. It's the only way to get back to a known state. Wiping and
reinstalling from original media.

--
Todd H.
http://www.toddh.net/
.



Relevant Pages