[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Help. provider tells me my RAQ is using excessive bandwidth - hacked?
- Subject: RE: [cobalt-users] Help. provider tells me my RAQ is using excessive bandwidth - hacked?
- From: "Paul Alcock" <webmgr@xxxxxxxxxxxxxxxxxx>
- Date: Thu Jun 6 15:36:02 2002
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> Hi Guys,
> RAQ2
> Ok, it seems someone has hit my machine and is using my bandwidth.
>
> How the heck do I see if someone is in here.
>
> My response from the list is normally slow, so if you would copy
> your reply
> to
> webmgr @ agility systems . com (no spaces)
>
> Right now I'm updating my backup of sites and /etc
> So some good clear pointers to see whats going on and where to start to
> eliminate them
>
> Yes, I have the restore disk. But would rather find out what is happening
> before I take that route.
>
> Paul
Actions so far.
Pulled server from net connection.
Attached to a simple network (my pc - hub - RAQ2 nothing else on network)
Changed PWD
Reboot
Pulled var/log, /var/maillog, /var/secure over to my pc.
To my inexperienced eye, the only weird thing in the logs that I could
pick out (anyone written an explaination of the log files contents?)
is that the maillog has 2742 records which seems a lot (I know I get
a lot of spam sent to me but not that much!) but it comes out to
around 66 mails per hour which is reasonable mail traffic in just 41 hours.
(The maillog covers a period of 41 hours.)
Read about using nmap to list open ports but it's (nmap) not on my machine.
Anyone know easy way to get/install nmap on RAQ2?
Reviewing chkrootkit to see if I can install that too.
Paul