nV News Forums


nV News Forums (http://www.nvnews.net/vbulletin/index.php)
-   General Linux (http://www.nvnews.net/vbulletin/forumdisplay.php?f=27)
-   -   Hacking? (http://www.nvnews.net/vbulletin/showthread.php?t=65434)

seeker 02-24-06 04:09 PM

I really don't know what was happening, but a few minutes ago, my harddrive, RAM and CPU started going wild. I opened System Guard, but found nothing to explain it, so I disconnected from the internet and it quickly settled down. This has me thinking that I was being hacked, which I thought was rare for Linux. I have the firewall operating, but I don't know what else that I might use to figure this out. If I were in Windows, I would have opened Sam Spade or something similar. What does SuSe have for sniffing or fingering?

chunkey 02-24-06 05:25 PM

Re: Hacking?


(you need to be _root_!)

networksniffer: ethereal (gui), iptraf (ncurses ui) or tcpdump (commandline)
portscanner: nmap (commandline)...

rbromley256 02-24-06 08:09 PM

Re: Hacking?
Look at your system logs.

seeker 02-25-06 06:15 AM

Re: Hacking?
I had not setup System Guard to view the log files until after the problem disappeared. Since this gives the messages in real time, I can't use it to look at older messages, and am not certain that I would understand what they said, if I had. Yet, I'm curious, is there a place where a permanent record of these are kept?

chunkey 02-25-06 06:55 AM

Re: Hacking?
hmm, most logs are stored in /var/log (kern.log, messages, daemon.log, ...)
but, if you're sure that somebody r00ted your system, you should check for rootkits... get chkrootkit!

seeker 02-25-06 07:42 AM

Re: Hacking?
I scanned through the /var/log files and found nothing that looked suspicious, but I really don't know what most of the stuff means. I just look at the pattern and repetition. I downloaded checkootkit, and will run it a bit later. I really don't know if anyone was up to something or not, but I prefer to know. Thanks for the advice.

seeker 02-27-06 05:12 AM

Re: Hacking?
When this happened again, just a bit ago, I opened Etherial and it found no packets on the capture, so that would suggest that there is no hacking involved. I still wonder what is going on, because it seems to only happen while on the internet. It could be something to do with Opera, or something else involved in the connection, but it happens only on a random basis, and I have no idea of how to track it down.

evilghost 02-27-06 12:46 PM

Re: Hacking?
Likely you were checking for updates (if SuSe) does this or you were executing a cronjob, perhaps prelink?

seeker 02-27-06 01:19 PM

Re: Hacking?
I dislike automatic updates and I have SuSe Watch turned off. I don't really know what the last two items are, so I doubt that I was doing them either.

evilghost 02-27-06 01:25 PM

Re: Hacking?
Next time just run top and sort by processor utilization (shift-p) or memory usage (shift-m).

seeker 02-27-06 05:47 PM

Re: Hacking?
That appears to give much the same information as System Guard, but I certainly will give it a shot, certainly can't hurt.

All times are GMT -5. The time now is 06:01 AM.

Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2015, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.