Find the answer to your Linux question:
Results 1 to 4 of 4
hai frnds I am using RH7.2 Previously i had an attach and some thing happend to my system some packets were going out of my system and when i traced ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2003
    Posts
    3

    linux attack


    hai frnds
    I am using RH7.2
    Previously i had an attach and some thing happend to my system some packets were going out of my system and when i traced it i found that someting is ftp to some IP addresses from my system.

    what could be the mistake.
    when i check the procces i could n't find any new proccess running.
    but the top proccess ID goes on increasing and increasing.....when i type procinfo its shows the last process ID executed.
    But the internal loopback bandwidth is increasing in my system it was nealy 200MB per hour when i type ipconfig and check
    should i install the system again or how can i fix the problem
    pls reply back
    kiran

  2. #2
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    You've probably been rooted and got a rootkit installed. A rootkit is a package that many worms install, overwriting the standard ls, top, ps, etc. to hide some things that it doesn't want you to see.
    It is possible to fix without reinstalling (I did), but it isn't too easy. If it's not _too_ much trouble, I'd recommend that you reinstall.
    I'm sorry for you. Be sure to identify how your system got rooted in the first place and lock it down.

  3. #3
    Linux Newbie
    Join Date
    Apr 2003
    Location
    UK, Manchester
    Posts
    147
    Use chkrootkit to check for rootkits.
    If you have been rooted you have to re-install. Dont take anything for granted.
    Print off the config settings you need then re-install.

    If you connect to internet you should read this.

  4. #4
    Just Joined!
    Join Date
    Mar 2005
    Location
    Ghana
    Posts
    35
    Kiran

    its posssible it's a rootkit, before reinstalling the system if the chkrootkit proves positive then, it is best you review your log files to find out about any intrusion on the system.

    use cat /var/log/messages > review.txt

    and read the review.txt, which u will create maybe in ur home later.

    if ever u reinstate the kernel. please trim down the service s that are running and disable those u don't to prevent any mischieve on ur box.

    all the best with the penguin bro

    urs in LINUX

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •