Message-ID:
From: "Carson, Chuck"
Date: Tue, 26 Dec 2000 17:26:23 -0800
Subject: Possible Hack??
First one question, Is SuSE susceptible to the LPD hack that affects red
hat?
Second, I saw some strange in.telnetd connections in /var/log/messages from
an unknown IP address (I have traced it but do not wish to disclose at this
time)
but performing (last root, etc.. for all my user accounts) I see no
connections from this IP address, so I am guessing it was a port scan.
However, after performing (netstat -a) I see active sockets,
/tmp/.ICE-unix/some_number. Is this normal, or is this one of the hacks
going around. (I have seen hacks in the past utilize the .ICE directory is
why I am asking)
Also, will TCP wrappers log the so-called half-connect port scans in
/var/log/messages?
My passwords are pretty strong but I am guilty of using ftp and telnet so
anyone with a sniffer will have my passwords with little effort.
Lastly, does anyone know if it is possible to sniff Pac Bell's DSL network?
I am on a 255.255.255.248 subnet (5 static's), so I was under the impression
only the router and all machines on my address range could sniff my info. Am
I right or wrong?
Thanks,
Chuck
