Suspected Intruder
Nathaniel Hall
halln at otc.edu
Thu Jan 6 15:51:44 UTC 2005
Just because you get notices from daemon because an e-mail bounced does
not necessarily mean that the machine has been compromised. A lot of
the time this is caused by spammers or viruses that spoof the from or
reply-to e-mail address.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-447-7535
Don Flinn wrote:
>I suspect that an intruder may be using my node to send e-mail, because
>I have received some notices from my e-mail daemon that such and such
>was not available when I never sent e-mail to that person/address.
>
>How do I check if someone is logged in/using my machine? I'm running
>FC3.
>
>Don
>
>
More information about the users
mailing list