Gentoo Archives: gentoo-security

From: Tom Hosiawa <tomek32@××××××.com>
To: gentoo-security <gentoo-security@l.g.o>
Subject: [gentoo-security] my security faqs?
Date: Tue, 03 Feb 2004 05:03:20
1 The previous message about his apache machine being hacked brings up a
2 question I have. How does one tell they've been hacked from just looking
3 at the logs?
5 I know it depends on what service is running, but how do you know what
6 to look for? Do you routinely scan logs? Is there some program that
7 automatically scans logs for obvious things?
9 Which brings me to another question. I've been getting some returned
10 mails, that I know I didn't send, saying undeliverable mail to such and
11 such (mostly from aol, hotmail, etc). This one particular returned email
12 I got on my university account worries me a little more, because it got
13 returned from another university mail server, saying the possibility the
14 message contained a virus. How do I make sure this isn't coming from one
15 of my home computers?
17 It should be noted that my home network consists of my server (gentoo),
18 laptop (gentoo 99%, winxp the other time), and a desktop that runs
19 WinXP. My home network is behind a router, with only ssh port forwarded
20 to the server. I used to use djbdns, until a ping to my domain once
21 returned a 192 address, so I shut it down (will move to bind in the
22 future). I only check email on gentoo laptop, so I'm thinking it's more
23 likely than not that my email address is being spoofed.
25 Tom
28 --
29 gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] my security faqs? Bill McCarty <bmccarty@××××××.net>