Another thing that may cause this problem is someone who has you in their address book was hit by a worm. The worm may have attempted to send itself using your email address (spoof)? I sometimes get these return messages. Bob Bruno - K2KI k2ki@xxxxxxxxx ----- Original Message ----- From: "Scot L. Harris" <webid@xxxxxxxxxx> To: "Fedora List" <fedora-list@xxxxxxxxxx> Sent: Thursday, January 06, 2005 11:34 AM Subject: Re: Suspected Intruder > On Thu, 2005-01-06 at 10:38, Don Flinn wrote: > > I suspect that an intruder may be using my node to send e-mail, because > > I have received some notices from my e-mail daemon that such and such > > was not available when I never sent e-mail to that person/address. > > > > How do I check if someone is logged in/using my machine? I'm running > > FC3. > > First you may just be getting rejects from messages that have used your > email accounts in forged from headers. This is very common. And not > much you can do about it. > > Second, are you running an MTA on your system? If you are then you need > to verify that it is not an open relay. If you are not currently > running an MTA then this should not be an issue. > > If you suspect your system has been compromised you can try running > chkrootkit or rkhunter (I think that is the correct name for the second > one). These packages attempt to identify common root kit traces. > > Check your log files for login activity. Of course if someone has > compromised your system they may be able to cover their traces. > > If you have not done so you should install tripwire. This will keep a > watch on critical files on your system looking for changes. If someone > does compromise your system tripwire should alert you to any changes > they make. But this must be setup when you know your system is secure > not after. > > If really do believe your system has been compromised the only safe > thing to do is rebuild it from scratch. It is virtually impossible to > make sure you have cleaned a system up once it has been compromised. > > Good luck. > > -- > Scot L. Harris > webid@xxxxxxxxxx > > sillema sillema nika su > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
