[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Single Page
Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: What do the "identd" lines in my syslog mean? Is this a security exposure? Can I turn off identd?
Next Document: What does port number [whatever] mean?
-
Search the FAQ Archives
Single Page
Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: What do the "identd" lines in my syslog mean? Is this a security exposure? Can I turn off identd?
Next Document: What does port number [whatever] mean?
I just noticed that [something]. Has my machine been compromised?
Maybe. You probably don't know whether it always was like this. You should look around your system enough of the time that you get used to how things look BEFORE you get broken into. And you should make a practice of following up oddities you find, so that your judgement as to what is and is not weird improves with experience. If it's too late for that, before posting to comp.security.* ask at least one local expert in the OS you're running, or in the case of unix/linux/gnu, one local unix expert. There may be a straightforward, happy explanation for the behaviour you observe. Or there may not. Not all anomalies are the result of an intrusion; to some extent "My machine has been broken into!" has replaced the "I have a virus!" default explanation of a few years ago. On the other hand, machine breakins are very common these days, too.
Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: What do the "identd" lines in my syslog mean? Is this a security exposure? Can I turn off identd?
Next Document: What does port number [whatever] mean?
Single Page
[ Usenet FAQs | Search | Web FAQs | Documents | RFC Index ]
Send corrections/additions to the FAQ Maintainer:
flaps@dgp.toronto.edu (Alan J Rosenthal)
Last Update December 02 2008 @ 00:10 AM