Mailinglist Archive: opensuse-security (51 mails)

< Previous Next >
Re: [opensuse-security] System attacked, need help
On 2014-09-13 11:43, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2014-09-13 20:28, Jon Cosby wrote:
On 2014-09-13 11:21, Carlos E. R. wrote:


Thanks. What about the universal permissions on ifdown?

It is a symlink. *ALL* symlinks have universal permissions. The real
permissions are those of the link target.


sbin> ls -l ifdown lrwxrwxrwx 1 root root 4 Sep 12 18:05 ifdown ->
ifup

And again, there’s a long signal going out when I come back from
suspension. I'm assuming it's coming from ifup.

What's a "signal"? What do you mean?

When the machine awakes, it has to restart the network. Details differ
depending on what network setup you use, but if it is "automatic", ie,
dhcp, it certainly has to probe for a lease (new or renewed). And if
it is wireless, it has to restart it, check what access points are
available, choose one, and attempt to connect... Nothing strange
there. And there may be other activities, like clock sync, mail check,
browswers awakening and checking things, apper checking...

You would have to setup another machine with a sniffer to find out
exactly what network packages are goin in/out.


Maybe I'm paranoid after what happened. I'll have to follow yours and Lyle's suggestions for some reassurance.


Jon
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups