Could anyone tell me if my suse10.1 has been hacked? - Suse

This is a discussion on Could anyone tell me if my suse10.1 has been hacked? - Suse ; Every time when I login in my KDE desktop, no any special services started, but many connections are already there. I am not familiar with linux network security stuff, so wonder if some guys can find some clues here. Many ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: Could anyone tell me if my suse10.1 has been hacked?

  1. Could anyone tell me if my suse10.1 has been hacked?

    Every time when I login in my KDE desktop, no any special services
    started, but many connections are already there. I am not familiar
    with linux network security stuff, so wonder if some guys can find
    some clues here. Many thanks!

    BTW: how to enable iptables in suse10.1? I don't see iptables service
    in my suse, but sure the software package has been installed(I've
    checked with Yast.)

    Here are some info I collected:
    ----------------------------------------------------------------------------------------------------------------------------------
    michael@linux:~> uname -a
    Linux linux 2.6.13-15.16-default #1 Fri Jun 8 15:35:39 UTC 2007 i686
    i686 i386 GNU/Linux
    michael@linux:~> ps -ef
    UID PID PPID C STIME TTY TIME CMD
    root 1 0 0 00:24 ? 00:00:01 init [5]
    root 2 1 0 00:24 ? 00:00:00 [ksoftirqd/0]
    root 3 1 0 00:24 ? 00:00:00 [events/0]
    root 4 1 0 00:24 ? 00:00:00 [khelper]
    root 5 1 0 00:24 ? 00:00:00 [kthread]
    root 9 5 0 00:24 ? 00:00:00 [kblockd/0]
    root 92 1 0 00:24 ? 00:00:00 [kapmd]
    root 111 5 0 00:24 ? 00:00:00 [pdflush]
    root 112 5 0 00:24 ? 00:00:00 [pdflush]
    root 114 5 0 00:24 ? 00:00:00 [aio/0]
    root 113 1 0 00:24 ? 00:00:00 [kswapd0]
    root 706 5 0 00:24 ? 00:00:00 [kseriod]
    root 911 1 0 00:24 ? 00:00:00 [kjournald]
    root 1974 1 0 00:24 ? 00:00:01 /sbin/udevd --daemon --
    stop-exec-queue
    root 2372 5 0 00:25 ? 00:00:00 [khubd]
    root 2378 1 0 00:25 ? 00:00:00 [pccardd]
    root 2691 5 0 00:25 ? 00:00:00 [kgameportd]
    root 3555 1 0 00:25 ? 00:00:00 [scsi_eh_0]
    root 3560 1 0 00:25 ? 00:00:00 [usb-storage]
    root 3723 1 0 00:25 ? 00:00:00 /sbin/syslog-ng
    root 3726 1 0 00:25 ? 00:00:00 /sbin/klogd -c 1 -x -x
    100 3730 1 0 00:25 ? 00:00:00 /usr/bin/dbus-daemon --
    system
    root 3782 1 0 00:25 ? 00:00:00 /sbin/resmgrd
    root 4214 1 0 00:25 ? 00:00:00 wpa_supplicant -iath0 -
    c/var/run/wpa_supplicant-ath0.conf -
    root 4443 1 0 00:25 ? 00:00:00 /opt/kde3/bin/kdm
    root 4457 1 0 00:25 ? 00:00:00 /sbin/dhcpcd -C -H -D -
    K -N -t 999999 -h linux -c /etc/sysc
    root 4484 4443 3 00:25 tty7 00:00:17 /usr/X11R6/bin/X -br -
    nolisten tcp :0 vt7 -auth /var/lib/xd
    root 4487 4443 0 00:25 ? 00:00:00 -:0
    mdnsd 4801 1 0 00:25 ? 00:00:00 /usr/sbin/mdnsd -f /
    etc/nss_mdns.conf -b
    nobody 4812 1 0 00:25 ? 00:00:00 /sbin/portmap
    lp 4913 1 0 00:25 ? 00:00:00 /usr/sbin/cupsd
    root 4943 1 0 00:25 ? 00:00:00 /usr/lib/postfix/
    master
    postfix 4954 4943 0 00:25 ? 00:00:00 pickup -l -t fifo -u
    postfix 4955 4943 0 00:25 ? 00:00:00 qmgr -l -t fifo -u
    root 4968 1 0 00:25 ? 00:00:00 /usr/sbin/cron
    root 5011 1 0 00:25 ? 00:00:02 /usr/sbin/hald --
    daemon=yes --retain-privileges
    root 5041 1 0 00:25 ? 00:00:00 /usr/sbin/nscd
    root 5179 1 0 00:25 ? 00:00:00 /usr/sbin/powersaved -
    d -v 3
    root 5237 1 0 00:25 ? 00:00:00 /usr/sbin/sshd -o
    PidFile=/var/run/sshd.init.pid
    root 5257 1 0 00:25 ? 00:00:00 /usr/sbin/smpppd
    root 5336 5011 0 00:25 ? 00:00:00 hald-addon-storage
    vscan 5347 1 0 00:25 ? 00:00:01 amavisd (master)
    michael 5488 4487 0 00:25 ? 00:00:00 /bin/sh /usr/X11R6/
    bin/kde
    root 5499 1 0 00:25 tty1 00:00:00 /sbin/mingetty --
    noclear tty1
    root 5500 1 0 00:25 tty2 00:00:00 /sbin/mingetty tty2
    root 5501 1 0 00:25 tty3 00:00:00 /sbin/mingetty tty3
    root 5502 1 0 00:25 tty4 00:00:00 /sbin/mingetty tty4
    root 5503 1 0 00:25 tty5 00:00:00 /sbin/mingetty tty5
    root 5504 1 0 00:25 tty6 00:00:00 /sbin/mingetty tty6
    vscan 5582 5347 0 00:25 ? 00:00:00 amavisd (virgin child)
    vscan 5583 5347 0 00:25 ? 00:00:00 amavisd (virgin child)
    michael 5589 1 0 00:25 ? 00:00:00 /usr/bin/dbus-
    launch --sh-syntax --exit-with-session /usr/X
    michael 5590 1 0 00:25 ? 00:00:00 dbus-daemon --fork
    --print-pid 8 --print-address 6 --sessio
    michael 5623 1 0 00:26 ? 00:00:00 kdeinit Running...
    michael 5626 1 0 00:26 ? 00:00:00 dcopserver
    [kdeinit] --nosid
    michael 5628 5623 0 00:26 ? 00:00:00 klauncher [kdeinit]
    michael 5631 1 0 00:26 ? 00:00:04 kded [kdeinit]
    michael 5674 1 0 00:26 ? 00:00:00 kaccess [kdeinit]
    michael 5675 5488 0 00:26 ? 00:00:00 kwrapper ksmserver
    michael 5677 1 0 00:26 ? 00:00:00 ksmserver [kdeinit]
    michael 5678 5623 1 00:26 ? 00:00:05 kwin [kdeinit] -
    session 10e4696e750001164017877000000586200
    michael 5681 1 0 00:26 ? 00:00:02 kdesktop [kdeinit]
    michael 5683 1 2 00:26 ? 00:00:11 kicker [kdeinit]
    michael 5684 5623 0 00:26 ? 00:00:04 skim
    michael 5685 5623 0 00:26 ? 00:00:03 kinternet [kdeinit]
    --quiet
    michael 5687 1 0 00:26 ? 00:00:00 klipper [kdeinit]
    michael 5690 1 0 00:26 ? 00:00:03 suseplugger
    [kdeinit] -caption SUSE Hardware Tool -icon har
    michael 5692 1 1 00:26 ? 00:00:04 susewatcher
    [kdeinit] -caption SUSE Watcher -icon yast -min
    michael 5694 1 0 00:26 ? 00:00:03 kpowersave
    [kdeinit]
    michael 5697 1 0 00:26 ? 00:00:03 kmix [kdeinit] -
    session 10e4696e750001164017904000000586200
    michael 5699 5623 0 00:26 ? 00:00:02 konqueror [kdeinit]
    --preload
    michael 5701 1 0 00:26 ? 00:00:01 knotify [kdeinit]
    michael 5711 1 0 00:27 ? 00:00:00 /usr/lib/scim-1.0/
    scim-helper-manager
    michael 5716 1 0 00:27 ? 00:00:00 /usr/lib/scim-1.0/
    scim-launcher -d -c kconfig -e all -f soc
    michael 5723 1 0 00:27 ? 00:00:00 /usr/lib/scim-1.0/
    scim-launcher -d -c socket -e socket -f x
    michael 5728 5623 0 00:28 ? 00:00:00 kio_file [kdeinit]
    file /tmp/ksocket-michael/klauncherT8HLJa.s
    michael 5732 5623 3 00:29 ? 00:00:11 konsole [kdeinit]
    michael 5733 5732 0 00:29 pts/1 00:00:00 /bin/bash
    michael 5858 5733 0 00:34 pts/1 00:00:00 ps -ef
    michael@linux:/tmp> ls -la
    total 44
    drwxrwxrwt 7 root root 16384 2007-07-27 00:30 .
    drwxr-xr-x 21 root root 4096 2007-07-27 00:24 ..
    drwxrwxrwt 2 root root 4096 2007-07-27 00:26 .ICE-unix
    drwx------ 2 michael users 4096 2007-07-27 00:26 kde-michael
    drwx------ 2 michael users 4096 2007-07-27 00:28 ksocket-michael
    drwx------ 2 root root 4096 2007-07-27 00:21 ksocket-root
    srw------- 1 michael users 0 2007-07-27 00:27 scim-helper-
    manager-socket-michael
    srw------- 1 michael users 0 2007-07-27 00:27 scim-panel-socket-:
    0-michael
    srw------- 1 michael users 0 2007-07-27 00:27 scim-socket-
    frontend-michael
    -r--r--r-- 1 root root 11 2007-07-27 00:25 .X0-lock
    drwxrwxrwt 2 root root 4096 2007-07-27 00:25 .X11-unix
    michael@linux:~> netstat -a|grep CONNECTED
    unix 3 [ ] STREAM CONNECTED 15506 /tmp/scim-
    panel-socket-:0-michael
    unix 3 [ ] STREAM CONNECTED 15505
    unix 3 [ ] STREAM CONNECTED 15497 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 15496
    unix 3 [ ] STREAM CONNECTED 15495 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 15494
    unix 3 [ ] STREAM CONNECTED 15483 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 15482
    unix 3 [ ] STREAM CONNECTED 15477 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 15476
    unix 3 [ ] STREAM CONNECTED 15472 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 15471
    unix 3 [ ] STREAM CONNECTED 15296 /tmp/ksocket-
    michael/klauncherT8HLJa.slave-socket
    unix 3 [ ] STREAM CONNECTED 15292
    unix 3 [ ] STREAM CONNECTED 15110 /tmp/scim-
    panel-socket-:0-michael
    unix 3 [ ] STREAM CONNECTED 15109
    unix 3 [ ] STREAM CONNECTED 15108 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 15107
    unix 3 [ ] STREAM CONNECTED 15106 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 15105
    unix 3 [ ] STREAM CONNECTED 15066 /var/run/
    smpppd/control
    unix 3 [ ] STREAM CONNECTED 15065
    unix 3 [ ] STREAM CONNECTED 15025 /var/run/dbus/
    system_bus_socket
    unix 3 [ ] STREAM CONNECTED 15024
    unix 3 [ ] STREAM CONNECTED 14984 /tmp/scim-
    panel-socket-:0-michael
    unix 3 [ ] STREAM CONNECTED 14983
    unix 3 [ ] STREAM CONNECTED 14982 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14981
    unix 3 [ ] STREAM CONNECTED 14974 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 14973
    unix 3 [ ] STREAM CONNECTED 14972 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 14971
    unix 3 [ ] STREAM CONNECTED 14964 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 14963
    unix 3 [ ] STREAM CONNECTED 14962 /tmp/scim-
    socket-frontend-michael
    unix 3 [ ] STREAM CONNECTED 14961
    unix 3 [ ] STREAM CONNECTED 14946 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14945
    unix 3 [ ] STREAM CONNECTED 14914 /tmp/scim-
    helper-manager-socket-michael
    unix 3 [ ] STREAM CONNECTED 14913
    unix 3 [ ] STREAM CONNECTED 14805 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14804
    unix 3 [ ] STREAM CONNECTED 14800 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14799
    unix 3 [ ] STREAM CONNECTED 14794 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14790
    unix 3 [ ] STREAM CONNECTED 14789 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14786
    unix 3 [ ] STREAM CONNECTED 14783 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14782
    unix 3 [ ] STREAM CONNECTED 14777 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14776
    unix 3 [ ] STREAM CONNECTED 14775 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14774
    unix 3 [ ] STREAM CONNECTED 14767 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14766
    unix 3 [ ] STREAM CONNECTED 14765 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14764
    unix 3 [ ] STREAM CONNECTED 14755 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14754
    unix 3 [ ] STREAM CONNECTED 14742 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14741
    unix 3 [ ] STREAM CONNECTED 14745 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14738
    unix 3 [ ] STREAM CONNECTED 14734 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14732
    unix 3 [ ] STREAM CONNECTED 14730 /var/run/dbus/
    system_bus_socket
    unix 3 [ ] STREAM CONNECTED 14729
    unix 3 [ ] STREAM CONNECTED 14731 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14727
    unix 3 [ ] STREAM CONNECTED 14722 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14721
    unix 3 [ ] STREAM CONNECTED 14714 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14713
    unix 3 [ ] STREAM CONNECTED 14708 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14707
    unix 3 [ ] STREAM CONNECTED 14706 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14705
    unix 3 [ ] STREAM CONNECTED 14694 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14693
    unix 3 [ ] STREAM CONNECTED 14686 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14685
    unix 3 [ ] STREAM CONNECTED 14683 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14682
    unix 3 [ ] STREAM CONNECTED 14677 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14676
    unix 3 [ ] STREAM CONNECTED 14673 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14672
    unix 3 [ ] STREAM CONNECTED 14669 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14668
    unix 3 [ ] STREAM CONNECTED 14664 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14663
    unix 3 [ ] STREAM CONNECTED 14658 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14657
    unix 3 [ ] STREAM CONNECTED 14653 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14652
    unix 3 [ ] STREAM CONNECTED 14644 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14643
    unix 3 [ ] STREAM CONNECTED 14636 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14635
    unix 3 [ ] STREAM CONNECTED 14634 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14633
    unix 3 [ ] STREAM CONNECTED 14624 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14623
    unix 3 [ ] STREAM CONNECTED 14622 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14621
    unix 3 [ ] STREAM CONNECTED 14615 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14614
    unix 3 [ ] STREAM CONNECTED 14569 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14568
    unix 3 [ ] STREAM CONNECTED 14567 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14566
    unix 3 [ ] STREAM CONNECTED 14547 /tmp/.ICE-
    unix/5677
    unix 3 [ ] STREAM CONNECTED 14546
    unix 3 [ ] STREAM CONNECTED 14543 /var/run/dbus/
    system_bus_socket
    unix 3 [ ] STREAM CONNECTED 14542
    unix 3 [ ] STREAM CONNECTED 14541 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14540
    unix 3 [ ] STREAM CONNECTED 14535 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14534
    unix 3 [ ] STREAM CONNECTED 14520 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14519
    unix 3 [ ] STREAM CONNECTED 14513 /tmp/ksocket-
    michael/kdeinit__0
    unix 3 [ ] STREAM CONNECTED 14512
    unix 3 [ ] STREAM CONNECTED 14507 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14506
    unix 3 [ ] STREAM CONNECTED 14503 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14502
    unix 3 [ ] STREAM CONNECTED 14499 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14498
    unix 3 [ ] STREAM CONNECTED 14466 /var/run/dbus/
    system_bus_socket
    unix 3 [ ] STREAM CONNECTED 14465
    unix 3 [ ] STREAM CONNECTED 14461 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14460
    unix 4 [ ] STREAM CONNECTED 14445 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14444
    unix 3 [ ] STREAM CONNECTED 14049 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 14048
    unix 3 [ ] STREAM CONNECTED 14046 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14045
    unix 3 [ ] STREAM CONNECTED 14028 /tmp/.ICE-
    unix/dcop5626-1185521160
    unix 3 [ ] STREAM CONNECTED 14027
    unix 3 [ ] STREAM CONNECTED 14025
    unix 3 [ ] STREAM CONNECTED 14024
    unix 3 [ ] STREAM CONNECTED 13960 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 13959
    unix 3 [ ] STREAM CONNECTED 13958
    unix 3 [ ] STREAM CONNECTED 13957
    unix 3 [ ] STREAM CONNECTED 13032 /var/run/dbus/
    system_bus_socket
    unix 3 [ ] STREAM CONNECTED 13031
    unix 3 [ ] STREAM CONNECTED 13002 @/tmp/hald-
    local/dbus-pfLetkE3Fi
    unix 3 [ ] STREAM CONNECTED 12999
    unix 3 [ ] STREAM CONNECTED 12706 /var/run/dbus/
    system_bus_socket
    unix 3 [ ] STREAM CONNECTED 12705
    unix 3 [ ] STREAM CONNECTED 11912
    unix 3 [ ] STREAM CONNECTED 11911
    unix 3 [ ] STREAM CONNECTED 11908
    unix 3 [ ] STREAM CONNECTED 11907
    unix 3 [ ] STREAM CONNECTED 11904
    unix 3 [ ] STREAM CONNECTED 11903
    unix 3 [ ] STREAM CONNECTED 11900
    unix 3 [ ] STREAM CONNECTED 11899
    unix 3 [ ] STREAM CONNECTED 11896
    unix 3 [ ] STREAM CONNECTED 11895
    unix 3 [ ] STREAM CONNECTED 11892
    unix 3 [ ] STREAM CONNECTED 11891
    unix 3 [ ] STREAM CONNECTED 11888
    unix 3 [ ] STREAM CONNECTED 11887
    unix 3 [ ] STREAM CONNECTED 11884
    unix 3 [ ] STREAM CONNECTED 11883
    unix 3 [ ] STREAM CONNECTED 11874
    unix 3 [ ] STREAM CONNECTED 11873
    unix 3 [ ] STREAM CONNECTED 11870
    unix 3 [ ] STREAM CONNECTED 11869
    unix 3 [ ] STREAM CONNECTED 11866
    unix 3 [ ] STREAM CONNECTED 11865
    unix 3 [ ] STREAM CONNECTED 11862
    unix 3 [ ] STREAM CONNECTED 11861
    unix 3 [ ] STREAM CONNECTED 11858
    unix 3 [ ] STREAM CONNECTED 11857
    unix 3 [ ] STREAM CONNECTED 11854
    unix 3 [ ] STREAM CONNECTED 11853
    unix 3 [ ] STREAM CONNECTED 11850
    unix 3 [ ] STREAM CONNECTED 11849
    unix 3 [ ] STREAM CONNECTED 11846
    unix 3 [ ] STREAM CONNECTED 11845
    unix 3 [ ] STREAM CONNECTED 11842
    unix 3 [ ] STREAM CONNECTED 11841
    unix 3 [ ] STREAM CONNECTED 11838
    unix 3 [ ] STREAM CONNECTED 11837
    unix 3 [ ] STREAM CONNECTED 11834
    unix 3 [ ] STREAM CONNECTED 11833
    unix 3 [ ] STREAM CONNECTED 11830
    unix 3 [ ] STREAM CONNECTED 11829
    unix 3 [ ] STREAM CONNECTED 11826
    unix 3 [ ] STREAM CONNECTED 11825
    unix 3 [ ] STREAM CONNECTED 11822
    unix 3 [ ] STREAM CONNECTED 11821
    unix 3 [ ] STREAM CONNECTED 11818
    unix 3 [ ] STREAM CONNECTED 11817
    unix 3 [ ] STREAM CONNECTED 11814
    unix 3 [ ] STREAM CONNECTED 11813
    unix 3 [ ] STREAM CONNECTED 11810
    unix 3 [ ] STREAM CONNECTED 11809
    unix 3 [ ] STREAM CONNECTED 11807
    unix 3 [ ] STREAM CONNECTED 11806
    unix 3 [ ] STREAM CONNECTED 11803
    unix 3 [ ] STREAM CONNECTED 11802
    unix 3 [ ] STREAM CONNECTED 11800
    unix 3 [ ] STREAM CONNECTED 11799
    unix 4 [ ] STREAM CONNECTED 10742 /tmp/.X11-
    unix/X0
    unix 3 [ ] STREAM CONNECTED 10695
    unix 3 [ ] STREAM CONNECTED 8910
    unix 3 [ ] STREAM CONNECTED 8909


  2. Re: Could anyone tell me if my suse10.1 has been hacked?

    mike schrieb:
    >
    > BTW: how to enable iptables in suse10.1? I don't see iptables service
    > in my suse, but sure the software package has been installed(I've
    > checked with Yast.)
    >

    iptables is a command line tool to set up the netfilter kernel
    functionality. If you use the Linux kernel delivered by SuSE, netfilter is
    enabled by default. This doesn't mean its properly configured for your
    network setup.

    You may use YaST->Security and Users->Firewall to permanently configure
    netfilter through iptables and configuration files.


    > michael@linux:~> netstat -a|grep CONNECTED
    > unix 3 [ ] STREAM CONNECTED 15506 /tmp/scim-

    ----Schnipp----
    > unix 3 [ ] STREAM CONNECTED 8909
    >

    These are unix domain sockets. They exist only on your local machine and are
    used for communications between processes inside your machine.

    Kind regards

    Jan


  3. Re: Could anyone tell me if my suse10.1 has been hacked?

    mike wrote:
    > Every time when I login in my KDE desktop, no any special services
    > started, but many connections are already there. I am not familiar
    > with linux network security stuff, so wonder if some guys can find
    > some clues here. Many thanks!


    There is no way to tell if you have been hacked from the information you
    provided. The ps command lists the processes that are running or
    sleeping., etc. It is normal to have thousands of processes.

    What you can do is run nmap on your IP address (the one you get assigned
    from your internet service provider), not localhost. nmap will output a
    nice list (easier to read than netstat) of ports you have open to the
    external world (ie. services that are running and listening on a
    particular port for incoming requests). You should then close all
    services you don't need. I don't use Suse, but I'm sure it has some easy
    GUI tool to do that.

    Some services can be configured to listen to localhost only, in case you
    should need them only locally, and don't want them open to remote hosts.
    I do that with apache and X.

    Even if you close all services, there is still the possibility that
    during the time you have had them running, somebody, most likely a bot,
    got through and installed something. Provided there was an exploit for
    the services you were running. That is why one should always secure the
    machine right after performing a clean install of the OS and *before*
    connecting to the net.

    BTW, on some systems one need to be root to run nmap.
    --
    Dawid Michalczyk
    http://www.comp.eonworks.com _Linux SysAdmin and Webmaster scripts_

  4. Re: Could anyone tell me if my suse10.1 has been hacked?

    On 2007-07-27 08:53, mike wrote:
    > Every time when I login in my KDE desktop, no any special services
    > started, but many connections are already there. I am not familiar
    > with linux network security stuff, so wonder if some guys can find
    > some clues here. Many thanks!
    >
    > BTW: how to enable iptables in suse10.1? I don't see iptables service
    > in my suse, but sure the software package has been installed(I've
    > checked with Yast.)


    Just use YaST2 , Security and Users , Firewall and enable it.

    If you need to ssh home , you can open port 22 sshd , but only if you use it.
    If you have configured postfix as a mail server, you can open port 25 smtp ,
    but only if you have a domain and a postmaster@your.domain, and your ISP let you
    have a mailserver.

    To check your tables, you can use iptables -nL
    or if you will see the hit counters for each role iptables -vnL

    If you have problems with repeated attack attempts that fill your logs,
    you can just make a script with special rules that reject them for good.

    My script is to huge to send, but I can show an example for my machine
    that block most services, but still allow transfer of torrents and things.

    (eth0 for Internal networks and routers , eth1 for my Internet connection)

    # hack0r
    iptables -I input_ext -i eth1 -p tcp --destination-port 1:30000 -s 69.93.35.18
    -j REJECT

    # INTERBUSINESS SPAM and http refers
    iptables -I input_ext -i eth1 -p tcp --destination-port 1:30000 -s 82.89.0.0/16
    -j REJECT

    /bb

+ Reply to Thread