Re: fedora 8 hacked?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Apr 26, 2008 at 8:02 AM, max <maximilianbianco@xxxxxxxxx> wrote:

>
> You think the machine is compromised and you won't shut it down?How about
> running wireshark to see what's going on?


cannot find any hacking related issue. then put back the machine online.

what particually information you recommend to watch?

> How about posting complete log files?

the log fle /var/log/messages contains only this information before reboot:
Apr 23 19:55:33 MyMachineName kernel: possible SYN flooding on port
25. Sending cookies.


> >
> >
> I think the idea is that if it is read-only then it can't be written too,
> things can't be changed, helping you identify what the problem is and
> ensuring perhaps that logs don't get overwritten or lost. If you want help
> you have to provide complete information, not bits and pieces, not why you
> think its dumb. It looks like your more interested in pointing fingers than
> solving problems. IMNSHO.

see, the machine mounted as read-only.
too bad this machine is used for sendng out mail only. no way to know
it has the problem.

 I can still use that machine to send out emails but all emails are
discarded and nobody
knows the problem untill days later when we realize somebody is
supposed to receive the email and get back to us.
I rather have this machine dead so that I know it has the problem
right away. Don't you think so?

not sure what information you think I can provide to help? I will be
glad to provide if you can tell me.

after I power off/on the computer, here is the latest dmesg info:

audit(1209227643.174:577): avc:  denied  { name_bind } for  pid=2049
comm="dbus-daemon" src=818
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
audit(1209227643.174:578): avc:  denied  { name_connect } for
pid=2049 comm="dbus-daemon" dest=111
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
possible SYN flooding on port 25. Sending cookies.

thanks.

Tom

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux