Re: Am I being paranoid about intrusion or what?

• Previous message: Mike K: "Am I being paranoid about intrusion or what?"
• In reply to: Mike K: "Am I being paranoid about intrusion or what?"
• Next in thread: Ivan Marsh: "Re: Am I being paranoid about intrusion or what?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 8 Mar 2005 13:26:23 -0600

Use the rootkit checker here:
http://www.chkrootkit.org/

Lots of good advice on the site. I won't try to duplicate it here.

AG
"Mike K" <mikek@senior_newbies.com> wrote in message
news:XFmXd.63821$W16.36664@trndny07...
> Hi all,
>
> I just installed fedora 3 with all the updates but I am experiencing
> some weird behavior that causes me alarm. While using pan on linux
> newsgroup, all of a sudden, pan started downloading all message bodies.
> In a panic, I closed pan. Then I noticed the cursor on kate, which was
> opened, started scrolling to the right and then the next line... I
> logged off. In the GUI username box, the cursor still scroll. I turned
> off my computer.
>
> In one separate instance, I also experienced programs opening up on
> their own, such as the screen shot program. In another instance, the
> OOo.writer started popping up. I googled on intrusions on linux box.
> Mostly what I saw were silent intrusions trying to intall trojans or
> hijacking computer to do DOS attacks. In short, the behavior I
> experienced is not typical of linux boxes, and more typical of viruses
> wrecking the other OS.
>
> Here is a list of all services running in my linux box with a state of
> LISTEN which are started by default:
>
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> tcp 0 0 *:32769 *:*
> LISTEN 4049/rpc.statd
> tcp 0 0 *:sunrpc *:*
> LISTEN 4029/portmap
> tcp 0 0 localhost.localdomain:ipp *:*
> LISTEN 4247/cupsd
> tcp 0 0 localhost.localdomain:5335 *:*
> LISTEN 4213/mDNSResponder
> tcp 0 0 localhost.localdomain:smtp *:*
> LISTEN 4393/sendmail: acce
> tcp 0 0 *:ssh *:*
> LISTEN 4346/sshd
> ~
> ~
> ~
> ~
> ~
> ~
> ~
> ~
> (END)
>
> I learned that there was a vulnerability in rpc.statd a while back in
> 2000 but should have since been patched. I know there are some services
> that I don't need that should be stopped. Basically, this is a
> standalone machine with dsl connection doing basic stuff as a windoze
> replacement. I have the basic fedora firewall enabled and I also disable
> icmp, which was on by default. I'm just looking for a peace of mind from
> viruses and spyware, and want to be sure that when I do online banking
> and online shopping I'm secure, well, at least on my end.
>
> Can someone advise me on how I can be sure my basic machine is secure
> from intrusion? I read a lot about logging but can't find more info on
> how to do it. Thanks very much for putting up with my ignorance.
>
> (My gig:
> AX6BC w/celeron 1300 mhz w/upgradeware slot1 tualatin adaptor
> fujisu 13 gig ide hard drive
> Nvidia geforce mx 400 video card
> toshiba cdrom 20X
> floppy drive
> linksys LNE 100TX (v4.1) NIC)
>
> Mike

• Previous message: Mike K: "Am I being paranoid about intrusion or what?"
• In reply to: Mike K: "Am I being paranoid about intrusion or what?"
• Next in thread: Ivan Marsh: "Re: Am I being paranoid about intrusion or what?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]