Re: fedora 8 hacked?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Apr 26, 2008 at 8:02 AM, max <maximilianbianco@xxxxxxxxx> wrote:

>
> You think the machine is compromised and you won't shut it down?How about
> running wireshark to see what's going on?


cannot find any hacking related issue. then put back the machine online.

what particually information you recommend to watch?

> How about posting complete log files?

the log fle /var/log/messages contains only this information before reboot:
Apr 23 19:55:33 MyMachineName kernel: possible SYN flooding on port
25. Sending cookies.


> >
> >
> I think the idea is that if it is read-only then it can't be written too,
> things can't be changed, helping you identify what the problem is and
> ensuring perhaps that logs don't get overwritten or lost. If you want help
> you have to provide complete information, not bits and pieces, not why you
> think its dumb. It looks like your more interested in pointing fingers than
> solving problems. IMNSHO.

see, the machine mounted as read-only.
too bad this machine is used for sendng out mail only. no way to know
it has the problem.

 I can still use that machine to send out emails but all emails are
discarded and nobody
knows the problem untill days later when we realize somebody is
supposed to receive the email and get back to us.
I rather have this machine dead so that I know it has the problem
right away. Don't you think so?

not sure what information you think I can provide to help? I will be
glad to provide if you can tell me.

after I power off/on the computer, here is the latest dmesg info:

audit(1209227643.174:577): avc:  denied  { name_bind } for  pid=2049
comm="dbus-daemon" src=818
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:hi_reserved_port_t:s0 tclass=tcp_socket
audit(1209227643.174:578): avc:  denied  { name_connect } for
pid=2049 comm="dbus-daemon" dest=111
scontext=system_u:system_r:system_dbusd_t:s0
tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket
possible SYN flooding on port 25. Sending cookies.

thanks.

Tom

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux