Go Back   nV News Forums > Linux Support Forums > General Linux

Newegg Daily Deals

Reply
 
Thread Tools
Old 02-24-06, 04:09 PM   #1
seeker
AKA seekermeister
 
seeker's Avatar
 
Join Date: May 2005
Location: At home
Posts: 1,442
Default Hacking?

I really don't know what was happening, but a few minutes ago, my harddrive, RAM and CPU started going wild. I opened System Guard, but found nothing to explain it, so I disconnected from the internet and it quickly settled down. This has me thinking that I was being hacked, which I thought was rare for Linux. I have the firewall operating, but I don't know what else that I might use to figure this out. If I were in Windows, I would have opened Sam Spade or something similar. What does SuSe have for sniffing or fingering?
__________________
Rig 1: HAF 922, X2 4400+, Asus A8N32-SLI Deluxe , 4x1GB DDR400, 2x500GB, 1x80GB & 1x250GB + ESATCASE2 w/2x1TB HDs, LG CH10LS20 & GH22LS50, Samsung SH-S202N, Asus Xonar D2X,Creative 5.1, GTX460 SC, FusionHDTV7 Gold RT, Acer X233H, Arris TM520G, Cisco E3000, Scythe Kama, CM RS600 PS,HP 5510v,APC BX1000, XP x64, W7 & Kubuntu 9.10

Rig 2: Antec SX1040BII, A8N-SLI, 2x1GB DDR400, 8800GTS, 1x500GB & 1x1TB HDs, Liteon LH-20AIL and Pioneer DVR-111, Audigy 2 ZS, Creative T20 2.1, Antec 500SP, W7 x64 & XP MCE
seeker is offline   Reply With Quote
Old 02-24-06, 05:25 PM   #2
chunkey
#!/?*
 
Join Date: Oct 2004
Posts: 662
Default Re: Hacking?

???

anyway,

(you need to be _root_!)

networksniffer: ethereal (gui), iptraf (ncurses ui) or tcpdump (commandline)
portscanner: nmap (commandline)...
chunkey is offline   Reply With Quote
Old 02-24-06, 08:09 PM   #3
rbromley256
Registered User
 
Join Date: Feb 2006
Posts: 6
Default Re: Hacking?

Look at your system logs.
rbromley256 is offline   Reply With Quote
Old 02-25-06, 06:15 AM   #4
seeker
AKA seekermeister
 
seeker's Avatar
 
Join Date: May 2005
Location: At home
Posts: 1,442
Default Re: Hacking?

I had not setup System Guard to view the log files until after the problem disappeared. Since this gives the messages in real time, I can't use it to look at older messages, and am not certain that I would understand what they said, if I had. Yet, I'm curious, is there a place where a permanent record of these are kept?
__________________
Rig 1: HAF 922, X2 4400+, Asus A8N32-SLI Deluxe , 4x1GB DDR400, 2x500GB, 1x80GB & 1x250GB + ESATCASE2 w/2x1TB HDs, LG CH10LS20 & GH22LS50, Samsung SH-S202N, Asus Xonar D2X,Creative 5.1, GTX460 SC, FusionHDTV7 Gold RT, Acer X233H, Arris TM520G, Cisco E3000, Scythe Kama, CM RS600 PS,HP 5510v,APC BX1000, XP x64, W7 & Kubuntu 9.10

Rig 2: Antec SX1040BII, A8N-SLI, 2x1GB DDR400, 8800GTS, 1x500GB & 1x1TB HDs, Liteon LH-20AIL and Pioneer DVR-111, Audigy 2 ZS, Creative T20 2.1, Antec 500SP, W7 x64 & XP MCE
seeker is offline   Reply With Quote
Old 02-25-06, 06:55 AM   #5
chunkey
#!/?*
 
Join Date: Oct 2004
Posts: 662
Default Re: Hacking?

hmm, most logs are stored in /var/log (kern.log, messages, daemon.log, ...)
but, if you're sure that somebody r00ted your system, you should check for rootkits... get chkrootkit!
chunkey is offline   Reply With Quote
Old 02-25-06, 07:42 AM   #6
seeker
AKA seekermeister
 
seeker's Avatar
 
Join Date: May 2005
Location: At home
Posts: 1,442
Default Re: Hacking?

I scanned through the /var/log files and found nothing that looked suspicious, but I really don't know what most of the stuff means. I just look at the pattern and repetition. I downloaded checkootkit, and will run it a bit later. I really don't know if anyone was up to something or not, but I prefer to know. Thanks for the advice.
__________________
Rig 1: HAF 922, X2 4400+, Asus A8N32-SLI Deluxe , 4x1GB DDR400, 2x500GB, 1x80GB & 1x250GB + ESATCASE2 w/2x1TB HDs, LG CH10LS20 & GH22LS50, Samsung SH-S202N, Asus Xonar D2X,Creative 5.1, GTX460 SC, FusionHDTV7 Gold RT, Acer X233H, Arris TM520G, Cisco E3000, Scythe Kama, CM RS600 PS,HP 5510v,APC BX1000, XP x64, W7 & Kubuntu 9.10

Rig 2: Antec SX1040BII, A8N-SLI, 2x1GB DDR400, 8800GTS, 1x500GB & 1x1TB HDs, Liteon LH-20AIL and Pioneer DVR-111, Audigy 2 ZS, Creative T20 2.1, Antec 500SP, W7 x64 & XP MCE
seeker is offline   Reply With Quote
Old 02-27-06, 05:12 AM   #7
seeker
AKA seekermeister
 
seeker's Avatar
 
Join Date: May 2005
Location: At home
Posts: 1,442
Default Re: Hacking?

When this happened again, just a bit ago, I opened Etherial and it found no packets on the capture, so that would suggest that there is no hacking involved. I still wonder what is going on, because it seems to only happen while on the internet. It could be something to do with Opera, or something else involved in the connection, but it happens only on a random basis, and I have no idea of how to track it down.
__________________
Rig 1: HAF 922, X2 4400+, Asus A8N32-SLI Deluxe , 4x1GB DDR400, 2x500GB, 1x80GB & 1x250GB + ESATCASE2 w/2x1TB HDs, LG CH10LS20 & GH22LS50, Samsung SH-S202N, Asus Xonar D2X,Creative 5.1, GTX460 SC, FusionHDTV7 Gold RT, Acer X233H, Arris TM520G, Cisco E3000, Scythe Kama, CM RS600 PS,HP 5510v,APC BX1000, XP x64, W7 & Kubuntu 9.10

Rig 2: Antec SX1040BII, A8N-SLI, 2x1GB DDR400, 8800GTS, 1x500GB & 1x1TB HDs, Liteon LH-20AIL and Pioneer DVR-111, Audigy 2 ZS, Creative T20 2.1, Antec 500SP, W7 x64 & XP MCE
seeker is offline   Reply With Quote
Old 02-27-06, 12:46 PM   #8
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Hacking?

Likely you were checking for updates (if SuSe) does this or you were executing a cronjob, perhaps prelink?
evilghost is offline   Reply With Quote

Old 02-27-06, 01:19 PM   #9
seeker
AKA seekermeister
 
seeker's Avatar
 
Join Date: May 2005
Location: At home
Posts: 1,442
Default Re: Hacking?

I dislike automatic updates and I have SuSe Watch turned off. I don't really know what the last two items are, so I doubt that I was doing them either.
__________________
Rig 1: HAF 922, X2 4400+, Asus A8N32-SLI Deluxe , 4x1GB DDR400, 2x500GB, 1x80GB & 1x250GB + ESATCASE2 w/2x1TB HDs, LG CH10LS20 & GH22LS50, Samsung SH-S202N, Asus Xonar D2X,Creative 5.1, GTX460 SC, FusionHDTV7 Gold RT, Acer X233H, Arris TM520G, Cisco E3000, Scythe Kama, CM RS600 PS,HP 5510v,APC BX1000, XP x64, W7 & Kubuntu 9.10

Rig 2: Antec SX1040BII, A8N-SLI, 2x1GB DDR400, 8800GTS, 1x500GB & 1x1TB HDs, Liteon LH-20AIL and Pioneer DVR-111, Audigy 2 ZS, Creative T20 2.1, Antec 500SP, W7 x64 & XP MCE
seeker is offline   Reply With Quote
Old 02-27-06, 01:25 PM   #10
evilghost
Registered User
 
Join Date: Jul 2005
Posts: 3,606
Default Re: Hacking?

Next time just run top and sort by processor utilization (shift-p) or memory usage (shift-m).
evilghost is offline   Reply With Quote
Old 02-27-06, 05:47 PM   #11
seeker
AKA seekermeister
 
seeker's Avatar
 
Join Date: May 2005
Location: At home
Posts: 1,442
Default Re: Hacking?

That appears to give much the same information as System Guard, but I certainly will give it a shot, certainly can't hurt.
__________________
Rig 1: HAF 922, X2 4400+, Asus A8N32-SLI Deluxe , 4x1GB DDR400, 2x500GB, 1x80GB & 1x250GB + ESATCASE2 w/2x1TB HDs, LG CH10LS20 & GH22LS50, Samsung SH-S202N, Asus Xonar D2X,Creative 5.1, GTX460 SC, FusionHDTV7 Gold RT, Acer X233H, Arris TM520G, Cisco E3000, Scythe Kama, CM RS600 PS,HP 5510v,APC BX1000, XP x64, W7 & Kubuntu 9.10

Rig 2: Antec SX1040BII, A8N-SLI, 2x1GB DDR400, 8800GTS, 1x500GB & 1x1TB HDs, Liteon LH-20AIL and Pioneer DVR-111, Audigy 2 ZS, Creative T20 2.1, Antec 500SP, W7 x64 & XP MCE
seeker is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 01:44 PM.


Powered by vBulletin® Version 3.7.1
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Copyright 1998 - 2014, nV News.