Security Issue

[H.S.]

Walton Hoops wrote:
> I could use some help from the Ubuntu wizards out there.
> I run a home server, using Ubuntu 8.10.  It very low traffic, with most of
> the traffic being e-mail.  Last night, over the course of an hour it
> recorded roughly 8 GB (4 up and 4 down) of traffic over the course of 2
> hours (monitoring with vnstat) and then dropped back to normal. Looking at
> the logs, the traffic did not come through apache, sendmail,or SSH.  Judging
> from the fact that the up/down are equal, I'm guessing I've was used as a
> proxy for something (I don't have a proxy server installed), but I know not
> what.  So, I have two questions.
> 1.) Any suggestions on how to further investigate this?  At this point I'm
> at a loss.
> 2.) How would you suggest further hardening my security, since it seems it
> was compromised? I use Firestarter to lock down my ports, Fail2Ban to stop
> those pesky SSH brute force attacks, and Snort to keep an eye out for other
> attacks.
> Any input would be appreciated.
> Walton
> 
> 

I am no security expert, but I would suggest you take out the network
cable of that machine till you are sure it has not been compromised.

Are there other machines on this network?

-- 

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.