trojan problem

Brian Walker bfwalker at gmail.com
Sun Jan 22 15:16:30 UTC 2006 

Many thanks for some quick replies. For some clarification:

>> 1. I had unexplained open ports in the high regions
>The list of the ports ?

High ports. See the URL given later which details them.

>If you store under a .tar.bz2 thanks to the 'tar' you will >preserve the
permissions as they are originally, otherwise, >have fun! :(

I stored as an .iso. Should be OK, you think?

>I'm none of a guru but the gurus use to say not to open >Attached Documents
that you don't know where it comes f>rom, don't install third party
software, have a strong >password (more than 8 caracters with special
caracters, >high and low letters plus numbers, and don't write it
>to any place, keep it in mind).

Indeed. Good advice. All of which has been followed. Therefore I assume an
attack via ssh and a brute force hack, none of which showed up in
/var/log/auth.log

chkrootkit showed nothing. Nothing. This bothers me. rkhunter is not
installed. I will so that at the next install, but on a previous box I found
little difference between them. Any comments on that statement? Way off
base??

nmapfe on 127.0.0.1 .... any other would be of no value to the system
integrity, surely?

Firewall - was installed. In this case I opened an ssh connection, and
stupidly left the system unprotected for a few hours. Hence my nmapfe scan
and discovering the problem.

>Wasn't one of the benefits of moving to Linux supposed to >be not facing
these scenarios?  :-O

1. no - just much less
2. linux lets me immediately recognse the problem AND take action. (IMHO,
having followed your discussion on the relative merits of differing OS, my
opinion is that windows XP is much better than previous versions, but it
still makes me hop with fury every time I have to use it. I am now about to
reinstall a windows-free box. But as ever ,YMMV, and I do NOT wish to
reignite a debate on that point)

Tony - many thanks for that ... confirmed my fears. A fresh reinstall is
coming up. I will check the /home/brian/.  areas before importing the old
/home. I plan to transfer to the backup disk, then clean install, then scan
backup and clean if needed. Sound OK?

Regards to all, and it is a good lesson, right?

Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20060122/444c62c7/attachment.html>

More information about the ubuntu-users mailing list