intrusion detected

Matt Patterson matt at v8zman.com
Mon Aug 8 17:16:50 UTC 2005


The best tools for checking zombifying is just looking at hte running 
processes. If you have some random process consuming lots of resources 
and you can't identify it, might be worth looking into. You can use nmap 
to scan your open ports, make sure no new ones open without your 
consent. If you are getting tons of popups you probably have some 
spyware/malware. There are also a couple of rootkit checkers in the 
package system.

Matt


J.Markoll wrote:

> Matt Patterson a écrit :
>
>> Hey Brian,
>> I don't know a whole lot about the hardening stuff, I simply run 
>> minimal services, mostly on incorrect ports, maintain good passwords, 
>> and keep up to date. For the majority of us I think that is good for 
>> the 5 nines (99.999%) of hackers.
>
>
>> As for your plans of hitting them back, don't bother, you would just 
>> be hitting some poor unsuspecting sap who already has the problem of 
>> a computer that is operating way too slowly with three million pop 
>> ads. Most of the breakin attempts you recieve will be from zombie 
>> machines doing automated scans of ip space.
>
>
>> Your best approach is to locate the root domain or isp and send a 
>> quick email with logs reporting that the computer has been 
>> compromised. The ISP will pull them from the net, and the owner will 
>> be notified.
>
>
>> Matt
>
> Hello,
> How can one person check/come to know if her machine is zombi-iesed ?
> Can it happen on a machine installed with Ubuntu ?
> Is it most likely possible on machines connected to large band, or is
> it equally possible for narrow bands ?
> For the rest: I found out no open port opened (save to connect the net)
> after Hoary install (a scan from the outside). Warty: a few were left. 
> On two other Linux distributions preceedingly, the range was from 5 to 
> 9. I had to start learning how to close them. Not fun for a newbie :))
> I use lokkit as a firewall and chkrootkit once a while. (So easy)
> I notice than time used in purchasing intruders is a waste. If and the 
> day I'll need to reinstall, it takes 15 minutes. (Plus backups if 
> necessary). Considering all, the time spent under Windows for security
> I saved, and used to learn a few command lines and diverse, and continue.
> One more question: the spams contain attached files full of garbage.
> The specialists, in their docs, advise to keep them 'preciously' in 
> the garbage folder. Of what use is it to keep them ? is there a 
> collect of them once a while somewhere ? (naïve, but very newbie-like 
> question lol)
> J.Markoll.
>
>





More information about the ubuntu-users mailing list