Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
  • From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
  • Date: Thu, 24 Dec 2015 13:45:36 -0500
  • Message-id: <CAGpXXZ+NLUMTHug+jGV=0zSZovzSSQTZnUQM4ruoskTtehpEgg@mail.gmail.com>
On Thu, Dec 24, 2015 at 8:56 AM, Patrick Shanahan <paka@xxxxxxxxxxxx> wrote:
* stakanov@xxxxxxxxxx <stakanov@xxxxxxxxxx> [12-24-15 07:18]:
[...]
Somebody who does not want to use "remote" at all. What can he do to
un-install every remote package. The problem is that if you un-install
openssh a lot of applications of kde seemed to complain.
[...]

So don't "uninstall", just don't open the firewall ports.

No open ports, no external access. Now only physical access is a problem.


For completeness:

A modern malware attack often uses a reverse tunnel.

ie. malware gets on the machine via a phishing attack or an infected website.

Once on your machine it establishes outbound connections to a command
and control site that tells it what to do.

No inbound connections are needed so a traditional firewall blocking
incoming posts has no effect.

I would guess the majority of infections today happily ignore inbound firewalls.

Greg
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >