System hacked ? Is it possible?
yesterday i set up a Debian box 2.4.18 with nothing much more than a ISDN-Card (hisax, isdn) and a NIC.
hosts.deny : ALL: ALL
where x.y.z. is the beginnig part of the intranet IP
Before setting up iptables I tried out automatic dialing and
disconnecting via ISDN to my ISP.
That doesn´t work within 80sec so I canceld the connection after about 3 min.
After that I monitored ippp0 with tcpdump -i ippp0:
Whenever i tried to open a new telnet session to my box the dialer starts to open a connetion to my ISP. (trying to connect to IP 220.127.116.11 which is a DNS of a german ISP but not the one in my resolv.conf)
Is my System really hacked in 3 min?
How can I find out ? can I use chkroot?
Do I need a reinstallation ? (Backup was planned as usual after work :-(
Are Systems inside also infected?
Thanks for all help
Re: System hacked ? Is it possible?
I don't think your system was hacked.
Originally Posted by vost
U write that when you try to open a telnet session it starts dailing ?
This is strange.
does the /etc/hosts file contain : 127.0.0.1 Localhost localhost.localdomain.com ???
U also write that : in.telnetd: x.y.z where x.y.z is the IP of your internal network.. Are you using the 195.x.x.x range for this ?
And where did you put that info ? in the /etc/inetd.conf ???