Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
On December 24, 2015 10:45:36 AM PST, Greg Freemyer <greg.freemyer@xxxxxxxxx>
wrote:
On Thu, Dec 24, 2015 at 8:56 AM, Patrick Shanahan <paka@xxxxxxxxxxxx>
wrote:
* stakanov@xxxxxxxxxx <stakanov@xxxxxxxxxx> [12-24-15 07:18]:
[...]
Somebody who does not want to use "remote" at all. What can he do to
un-install every remote package. The problem is that if you
un-install
openssh a lot of applications of kde seemed to complain.
[...]

So don't "uninstall", just don't open the firewall ports.

No open ports, no external access. Now only physical access is a
problem.


For completeness:

A modern malware attack often uses a reverse tunnel.

ie. malware gets on the machine via a phishing attack or an infected
website.

Once on your machine it establishes outbound connections to a command
and control site that tells it what to do.

No inbound connections are needed so a traditional firewall blocking
incoming posts has no effect.

I would guess the majority of infections today happily ignore inbound
firewalls.

Greg


If they are very sophisticated they csn hide outbound ports from some tools,
probably not all.

Using netstat you can look at all the outbound connections, and explain every
one of those to yourself.

Fairly easy to do on your own workstation, but quite a task on your gateway.


--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >