Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

How to detect invasions?



I had RedHat 7.3 installed about a year ago.  I set up the firewall with
medium security.  Recently, I've noticed that my rp3 shows send and
receive activity even when I'm not doing anything.  I rebooted to check
this out and it shows activity even when the only programs I'm running are
xterms and rp3 (connected obviously).  

Naturally, this concerns me because I never noticed this before (too
obtuse maybe?) and know that it definitely didn't happen under my previous
RedHat installation (6.x).  The rp3 display shows anywhere from 0 - 84 B,
with 38 B being common.  The activity continues the entire time I'm
connected.  Since I have a dialup connection, unfortunately, I didn't have
the foresight to set up tripwire.  I do take standard precautions like
only downloading software from trusted sites and not opening email
attachments.

Can anyone help me figure out what this activity is and what is generating
it?  I've taken a quick look at netstat and it shows IP and Icmp activity,
but I am not really sure what to look for.  Also, if anyone could send me
a list (or where I could find a list) of the standard set of processes
which run automatically on reboot (this is a RedHat 7.3 standard
workstation minimum install w/Gnome), I could check for suspicious
processes.

I'm pretty computer savvy in general, but rather a novice at system
security.  I've tried to RTFM but without a little direction I'm in over 
my head.  Any advice would be appreciated.

Ilane






BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org