Mailinglist Archive: opensuse (3637 mails)

< Previous Next >
Re: [SLE] hacked?
  • From: "Claudio E. Elicker" <elicker@xxxxxxxxx>
  • Date: Wed, 02 May 2001 21:43:56 -0300
  • Message-id: <3AF0A9CC.BB8F853B@xxxxxxxxx>
dizzy73 wrote:
>
> Is the machine on line all the time? If so, then you really should have
> precautions such as
> a firewall
> applying harden suse
> and as Nick Z suggested edting necessary files (removing un necessary
> services that would appear running on your machine)
>
> If the machine is not on all the time the risk is greatly minimised (still
> a good idea to edit the suggested files though)
> although probably not necessary to run the harden suse as that just really
> locks down your machine (un necesarillly so)

The machine is a dial-up box. This issue happens last sunday when I was
on line, downloading KDE2, almost the whole day. It seems that I left
open the front door for too much time... (By the way, KDE2 is pretty
cool)

So, I will follow your advice and install hardsuse and close some ports.


> popper is a mail program that 'pops" (post office protocol) mails
>
> initially it looked suspicious (from brazil) however I see you are from
> brazil... could this be your isp ;-)
>
Yes, I'm from Brazil.

> I would suggest you try this
> cat /var/log/messages |grep 200.204.201.138 >suspectip.log
> and post it to the list
> my guess is this is your isp

No, my isp is 200.248.something (I don't remember now), and the "attack"
came from 200.204.201.138
I did some search and found that this ip is assigned to a *big* phone
company located very far from my home town. Maybe it was someone in a
dial-up box trying to get some more scalps.

[]'s
Claudio


> btw - you have a funky mail address --> @w3.nh.conex.com.br

Oh, this was a mistake in Netscape configuration. I hope it is fixed
now.


< Previous Next >
References