hacked

Top Page
This message is part of the following thread:
M-+\the complete thread tree sorted by date
M.MM 
M\Jeremy C. Reed at ->
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Jason Etchason
Date:  
To: plug-discuss
Subject: hacked
I'm pretty sure that my linux box at home has been hacked, and am not sure
what to do next. I found a samba share called [radio] and directory /tmp at
root that was just recently created with suspicious files.

The box in question has slackware 10.2 and is sitting behind a netgear
router. The only hole between the internet and the box was port forwarding
for SSH on a non standard port. I am pretty sure I disabled root the login
via SSH. I suppose that this could have been bruteforced - My SSH login is
10 chars and only 3 of them are non-alpha. Because I'm just running the box
at home, and still learning, I have been lax about setting up any rights
management. So if someone did get in thru SSH, they pretty much had full
access immediately.

Once I get home from work today, I want to be able to bring my system back
up, but not before I am certain I have closed off all vulnerabilities. Then
I'd also like to setup some form of IDS, but I do not know if that is above
my skill level. Of course, I gotta learn some time, so I might as well now?

Any advice is appreciated. And I'll see you at the east side user group
tomorrow.

Thx
Jason
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: SCC computer swapmeet this Sunday 4/16Re: hacked->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)