Has my fedora 18 installation been hacked?
h.reindl at thelounge.net
Fri Mar 15 13:20:53 UTC 2013
Am 15.03.2013 14:03, schrieb Mateusz Marzantowicz:
> W dniu 15.03.2013 11:09, Georgios Petasis pisze:
>> Στις 15/3/2013 11:57 πμ, ο/η Ed Greshko έγραψε:
>>> On 03/15/13 17:46, Ed Greshko wrote:
>>>> Is the destination IP address a single IP address or are there others.
>>>> Is your system running a DNS server? If you are running one, is it supposed to be servicing requests from the
>>>> Internet? If it is supposed to be taking requests from the Internet, have you made sure to configure such that
>>>> recursion is disabled.
>>> Never mind....
>>> In re-reading the original message I see the "source port" is 35442. I'm pretty sure recursion from a DNS
>>> server would show 53 as the source port.
>> I have used nslookup with the local machine as server, and I was not able to resolve anything.
>> Also, the dnsmasq configuration is empty. I think I am not running a dns server...
> Sorry, but can't you just type netstat -aptul as root to see what connections are active?
> Status of services can be checked using systemctl tool: systemctl status named.service
you can - but after a intrusion you can not trust any output of system-tools
because you are not in the position to say 100% if the first intrusion
did not use a local root-exploit after it's first run and modified your
system in a way making it hard to detect rootkits
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 263 bytes
Desc: OpenPGP digital signature
More information about the users