Has my fedora 18 installation been hacked?

Reindl Harald h.reindl at thelounge.net
Fri Mar 15 13:20:53 UTC 2013

Am 15.03.2013 14:03, schrieb Mateusz Marzantowicz:
> W dniu 15.03.2013 11:09, Georgios Petasis pisze:
>> Στις 15/3/2013 11:57 πμ, ο/η Ed Greshko έγραψε:
>>> On 03/15/13 17:46, Ed Greshko wrote:
>>>> Is the destination IP address a single IP address or are there others.
>>>> Is your system running a DNS server?  If you are running one, is it supposed to be servicing requests from the
>>>> Internet?  If it is supposed to be taking requests from the Internet, have you made sure to configure such that
>>>> recursion is disabled.
>>> Never mind....
>>> In re-reading the original message I see the "source port" is 35442.  I'm pretty sure recursion from a DNS
>>> server would show 53 as the source port.
>> I have used nslookup with the local machine as server, and I was not able to resolve anything.
>> Also, the dnsmasq configuration is empty. I think I am not running a dns server...
> Sorry, but can't you just type netstat -aptul as root to see what connections are active?
> Status of services can be checked using systemctl tool: systemctl status named.service

you can - but after a intrusion you can not trust any output of system-tools
because you are not in the position to say 100% if the first intrusion
did not use a local root-exploit after it's first run and modified your
system in a way making it hard to detect rootkits

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130315/e5d9cf83/attachment.sig>

More information about the users mailing list