Re: how to detect hack attempts.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 2020-02-21 06:49, home user wrote:
> (on 02/20/2020 at 2:10pm mountain time, Ed said)
>
> > Do you have a fixed IP or dynamic IP?
>
> I believe it's fixed, provided by the ISP (comcast).
>
> > What services do you run on your system?  It helps to know what area you're concerned with.
>
> * Firefox, Thunderbird, Tor (rarely), dnf, zoom (for meetings). (What counts as "services" here?)

None.  Those are all clients.

Examples of a service are

sshd - for allowing incoming ssh connections
httpd - for running a web server
named - for a dns server

> * Other uses of internet are "under the hood" and mostly unknown/invisible to me.
> * Oddball: when logged in as root, and I launch a terminal, several seconds later, I see a short wave of internet activity; this is very consistent.  What's going on there?

If you want to know what is going on you'd need to use something like "wireshark" to capture the network
activity and examine it.

> * No one is authorized to connect in from outside; I myself do not try to do so.

I don't know what that means. 

>
> This morning, I got 2 messages from the bank saying 2 attempts to make purchases via paypal were rejected because the card had not yet been activated.  I called the bank.  The messages were legitimate.  Curious: the card is near expiration, and a new one (same number) had just been made/mailed.  The bank then de-activated the card.  I do not know what other personal info the malicious person/group got, where the info came from, or who the malicious person/group is.  I think it wise for me to check that no one is getting into my system.  Thus this thread.  By the way, both chkrootkit and rkhunter reported my system is clean later this morning.  I do realize they don't check everything.

Well, that sounds much more you information was leaked by PayPal.  Not your system.


-- 
The key to getting good answers is to ask good questions.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux