Gentoo Archives: gentoo-security

From: Tom Hosiawa <tomek32@××××××.com>
To: gentoo-security <gentoo-security@l.g.o>
Subject: [gentoo-security] my security faqs?
Date: Tue, 03 Feb 2004 05:03:20
The previous message about his apache machine being hacked brings up a
question I have. How does one tell they've been hacked from just looking
at the logs?

I know it depends on what service is running, but how do you know what
to look for? Do you routinely scan logs? Is there some program that
automatically scans logs for obvious things?

Which brings me to another question. I've been getting some returned
mails, that I know I didn't send, saying undeliverable mail to such and
such (mostly from aol, hotmail, etc). This one particular returned email
I got on my university account worries me a little more, because it got
returned from another university mail server, saying the possibility the
message contained a virus. How do I make sure this isn't coming from one
of my home computers?

It should be noted that my home network consists of my server (gentoo),
laptop (gentoo 99%, winxp the other time), and a desktop that runs
WinXP. My home network is behind a router, with only ssh port forwarded
to the server. I used to use djbdns, until a ping to my domain once
returned a 192 address, so I shut it down (will move to bind in the
future). I only check email on gentoo laptop, so I'm thinking it's more
likely than not that my email address is being spoofed.


gentoo-security@g.o mailing list


Subject Author
Re: [gentoo-security] my security faqs? Bill McCarty <bmccarty@××××××.net>