Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
  • From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
  • Date: Thu, 24 Dec 2015 13:45:36 -0500
  • Message-id: <>
On Thu, Dec 24, 2015 at 8:56 AM, Patrick Shanahan <paka@xxxxxxxxxxxx> wrote:
* stakanov@xxxxxxxxxx <stakanov@xxxxxxxxxx> [12-24-15 07:18]:
Somebody who does not want to use "remote" at all. What can he do to
un-install every remote package. The problem is that if you un-install
openssh a lot of applications of kde seemed to complain.

So don't "uninstall", just don't open the firewall ports.

No open ports, no external access. Now only physical access is a problem.

For completeness:

A modern malware attack often uses a reverse tunnel.

ie. malware gets on the machine via a phishing attack or an infected website.

Once on your machine it establishes outbound connections to a command
and control site that tells it what to do.

No inbound connections are needed so a traditional firewall blocking
incoming posts has no effect.

I would guess the majority of infections today happily ignore inbound firewalls.

To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >