My computer was compromised. How?
I would like some advice on how to find out how someone accessed my Fedora 14 machine a couple of days ago. Someone used VNC to run some commands, apparently with the intent to install some DDoS software and some IRC file sharing software (iroffer).
Itís important to me to understand how he (letís assume a ďheĒ) was able to connect, since I donít know if any of my other computers could be compromised.
This particular system is behind a (Tomato) router that is not set to forward any ports. The system was enabled for desktop/VNC sharing with no password. The software firewall was turned off. The system was probably about a month behind on the security updates.
My main question is this: did he get on my network (protected by WPA or WPA2) and then connect to the machine? Or was he able to somehow tunnel through my router using some exploit that is specific to this particular machine?
(I have already disconnected this system from the network.)