Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

comp.security.unix and comp.security.misc frequently asked questions
Section - I just noticed that [something]. Has my machine been compromised?

( Single Page )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Sex offenders ]


Top Document: comp.security.unix and comp.security.misc frequently asked questions
Previous Document: What do the "identd" lines in my syslog mean? Is this a security exposure? Can I turn off identd?
Next Document: What does port number [whatever] mean?
See reader questions & answers on this topic! - Help others by sharing your knowledge
Maybe.  You probably don't know whether it always was like this.  You should
look around your system enough of the time that you get used to how things
look BEFORE you get broken into.  And you should make a practice of following
up oddities you find, so that your judgement as to what is and is not weird
improves with experience.

If it's too late for that, before posting to comp.security.* ask at least
one local expert in the OS you're running, or in the case of unix/linux/gnu,
one local unix expert.  There may be a straightforward, happy explanation
for the behaviour you observe.  Or there may not.  Not all anomalies are the
result of an intrusion; to some extent "My machine has been broken into!" has
replaced the "I have a virus!" default explanation of a few years ago.
On the other hand, machine breakins are very common these days, too.

User Contributions:

Comment about this article, ask questions, or add new information about this topic: