On 9/25/2010 6:38 AM, JB wrote: > some unrelated software package malfunctions ... > You have to consider that you have been hacked, I guess. Normally you should > take your machine offline until you understand what is the damage. > > I am only online long enough to test the ping > Well, where do you get that info from ? System/Administration/Network/ > Are you auto-configured by dhclient ? Not supposed to be eth0 is set to Static IP > Controlled by NetworkManager ? Yes > Automatically obtain IP address settings with DHCP ? Again it is not set to > Automatically obtain DNS info from provider ? No > Also, check: > $ ps aux |grep -i dhc > jb 6982 0.0 0.0 4360 708 pts/3 S+ 15:21 0:00 grep -i dhc > root 14415 0.0 0.0 2984 676 ? S 06:13 0:00 /sbin/dhclient > -d -4 -sf /usr/libexec/nm-dhcp-client.action -pf /var/run/dhclient-eth0.pid -lf > /var/lib/dhclient/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03-eth0.lease -cf > /var/run/nm-dhclient-eth0.conf eth0 > > That's response on my system. On mine # ps aux|grep -i dhc root 1047 0.0 0.1 2828 1192 ? S 08:10 0:00 /sbin/dhclient -d -4 -sf /usr/libexec/nm-dhcp-client.action -pf /var/run/dhclient-eth0.pid -lf /var/lib/dhclient/dhclient-15087fb0-92c7-40fe-ad3e-373bf0997205-eth0.lease -cf /var/run/nm-dhclient-eth0.conf eth0 root 2349 0.0 0.0 4360 736 pts/1 S+ 08:26 0:00 grep -i dhc # > Look at what kind of info you got last time: > # less /var/lib/dhclient/dhclient-5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03-eth0.lease > > Look at your own config settings: > # less /var/run/nm-dhclient-eth0.conf > That's perhaps from: > # # ls -al /etc/dhclient-* > -rw-r--r--. 1 root root 40 Feb 21 2010 /etc/dhclient-eth0.conf > -rw-r--r--. 1 root root 40 Feb 21 2010 /etc/dhclient-wlan0.conf > on mine # ls -al /etc/dhclient-* ls: cannot access /etc/dhclient-*: No such file or directory # /etc/sysconfig/network-scripts/ifcfg-eth0 is as follows # Intel Corporation 82540EM Gigabit Ethernet Controller DEVICE=eth0 BOOTPROTO=none DNS1=68.2.16.30 GATEWAY=x.x.x.1 HWADDR=00:C0:9F:20:FF:BA IPADDR=x.x.x.12 NETMASK=255.255.255.240 ONBOOT=yes DNS2=68.1.203.30 TYPE=Ethernet NM_CONTROLLED=yes IPV6INIT=no USERCTL=no PREFIX=28 DEFROUTE=yes IPV4_FAILURE_FATAL=yes NAME="System eth0" UUID=5fb06bd0-0bb0-7ffb-45f1-d6edd65f3e03 At his point I am thinking about pulling the data for my Bind and Web pages and doing a scorched earth recovery. If this was as I am beginning to think a hack just waiting for a reboot to pounce< I am not sure if my back-up is clean! -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
