Has my fedora 18 installation been hacked?

Georgios Petasis petasisg at yahoo.gr
Fri Mar 15 09:55:38 UTC 2013


Στις 15/3/2013 11:46 πμ, ο/η Ed Greshko έγραψε:
> On 03/15/13 17:05, Georgios Petasis wrote:
>> Hi all,
>>
>> I have a small server that I have recently upgraded to fedora 18. After a while, I got notified by
>> the provider that their firewall catches thousands of requests, with the following error message:
>>
>> *Source IP*: ellogon-SKEL
>> *Source Port*: 35442
>> *Destination IP*: 216.82.176.7
>> *Destination Port*: 53
>> *Description*: Dropped UDP DNS request from dmz:ellogon-SKEL/35442 to outside:216.82.176.7/53; packet length 1400 bytes exceeds configured limit of 512 bytes
>>
>> I have verified all packages (with rpm -Va), and didn't see anything strange.
>>
>> It is strange that the machine is trying to contact a server in USA, isn't it?
>>
>> Is there anything else to do, than re-installing the machine?
>>
>> (Unfortunately, due to the huge load it creates to their firewall, they remove the network cord from the server, so I have a few hours to debug this...)
>>
> Is the destination IP address a single IP address or are there others.
>
> Is your system running a DNS server?  If you are running one, is it supposed to be servicing requests from the Internet?  If it is supposed to be taking requests from the Internet, have you made sure to configure such that recursion is disabled.
>
No, it is always the same IP. I don't know if a DNS server is running. 
How can I check this?

(There used to be a system-config-services, but I don't know if it 
exists anymore, with this new "sytstemctl" stuff)

Thanks,

George


More information about the users mailing list