[NTLUG:Discuss] Denial of service attack?
bryn konti
bkontr at yahoo.com
Mon Nov 18 13:57:22 CST 2002
That's the type of thing that would really make me
paranoid. Are you sure no one else is using the
computer? Try using the netstat commands as others
have indicated while this activity is taking place and
check your logs for suspicious activity. It's possible
your system may be spoofed (using your computer as a
front to hide the hackers own address). Incoming
attacks are normal on the internet, but when your
computer starts responding by sending out packets when
no is using it, that's usually not good. I would
start checking to see what services you are running as
well. But beware, I have heard of ps, netstat, and
lsof being replaced by the hackers version (which
won't show thier activity). If you get as paranoid as
I do, get a floppy with known good versions of these
commands to verify the results from commands on the
compromised system. Hopefully the prankster might
just be using services left open to the internet and
not compromised/hacked the system. BTW, the only
service I allow on the internet is ssh. You will
probably not be able to capture the spoofer, but it's
usually possible to found the why and how the exploit
occured and fix it.
Regards,
Bryn
__________________________________________________
Do you Yahoo!?
Yahoo! Web Hosting - Let the expert host your site
http://webhosting.yahoo.com
More information about the Discuss
mailing list