Security Issue
H.S.
hs.samix at gmail.com
Thu Feb 12 18:43:20 UTC 2009
Walton Hoops wrote:
> I could use some help from the Ubuntu wizards out there.
> I run a home server, using Ubuntu 8.10. It very low traffic, with most of
> the traffic being e-mail. Last night, over the course of an hour it
> recorded roughly 8 GB (4 up and 4 down) of traffic over the course of 2
> hours (monitoring with vnstat) and then dropped back to normal. Looking at
> the logs, the traffic did not come through apache, sendmail,or SSH. Judging
> from the fact that the up/down are equal, I'm guessing I've was used as a
> proxy for something (I don't have a proxy server installed), but I know not
> what. So, I have two questions.
> 1.) Any suggestions on how to further investigate this? At this point I'm
> at a loss.
> 2.) How would you suggest further hardening my security, since it seems it
> was compromised? I use Firestarter to lock down my ports, Fail2Ban to stop
> those pesky SSH brute force attacks, and Snort to keep an eye out for other
> attacks.
> Any input would be appreciated.
> Walton
>
>
I am no security expert, but I would suggest you take out the network
cable of that machine till you are sure it has not been compromised.
Are there other machines on this network?
--
Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.
More information about the ubuntu-users
mailing list