Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
- From: "Jenny" <ahajenny@xxxxxxxxx>
- Date: 13 Sep 2006 08:38:31 -0700
Todd H. wrote:
"Jenny" <ahajenny@xxxxxxxxx> writes:
Dear groups,
My computer was told that it sent unusual packets from port 60609 to
some computer with IP 61.50.138.237 port 22. (more than 20 flows per
second!!!)
I am running Fedora Core 5 plus "OpenSSH_4.3p2, OpenSSL 0.9.8a 11 Oct
2005", I use netstat to check services I open, only mysql, samba,
vsftp, ssh, http.
I check /var/log, message and security. I can't find any successful
logging from others. But I do find many many attacks from 61.50.138.*
(not including the one 61.50.138.237 which my computer attacked!!!),
and none of them successes.
I have some questions to ask all of you, please help me!!!
1. is my computer hacked? if no, then why my computer sends packets
from port 60609 to some computer port 22 ?
If neither you nor any authorized user to your knowledge is using the
machine then this ssh connection to an IP in china is very likely a
compromise.
do you mean that my computer is hacked???
well, is it possible that the computer is not hacked, but itself sends
packets to some other computer automatically?
sorry, i think i am asking stupid question, but this really confuses
me!
2. if my computer is hacked, then what can I do? reinstalling the
system is the only way???
Yup. It's the only way to get back to a known state. Wiping and
reinstalling from original media.
--
Todd H.
http://www.toddh.net/
.
- Follow-Ups:
- References:
- Prev by Date: Re: Putty and Xming
- Next by Date: Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
- Previous by thread: Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
- Next by thread: Re: Urgent!!! My computer seems to be hacked, pls HELP!!!
- Index(es):
Relevant Pages
|
|
