Help...am I being hacked?
Conrad J. Sabatier
conrads at cox.net
Thu Nov 25 14:10:34 PST 2004
On Thu, 2004-11-25 at 01:35 -0800, Dino Vliet wrote:
> Hi all,
>
> I'm using freebsd 4.10 on my laptop and I was browsing
> my filesystem and looking at some log files, when I
> stumbled into the file dmesg.yesterday in /var/log/
>
> The contents of this file worried me. Take a look at
> the last lines of it:
>
> Connection attempt to TCP 192.168.1.101:5554 from
> 220.147.188.223:4970 flags:0x02
> Connection attempt to TCP 192.168.1.101:9898 from
> 220.147.188.223:1288 flags:0x02
> Connection attempt to TCP 192.168.1.101:21 from
> 168.126.102.33:57216 flags:0x02
> Connection attempt to UDP 192.168.1.101:1026 from
> 222.88.173.5:31889
> Connection attempt to TCP 192.168.1.101:9898 from
> 67.1.4.194:3161 flags:0x02
These merely indicate connection *attempts*, not actual successful
connections to your machine. They don't mean you've been "hacked".
> But my IP on this machine starts with 130.
>
> But I recognize these IP's (192.168.1.101), because at
> home I'm using a e-tech router and it assigns me
> through DHCP 192.168.1.* as ip address every time I
> connect my laptop with this. At the campus, I'm also
> using dhcp to connect to the network. However, lately
> I haven't used my router at home and was only
> connecting through the network at the campus. There I
> get the ip address 130.37.28.112.
>
> I have removed the old dhcp.leases in /var/db that had
> the information of my e-tech router.
>
> I am using ipfw too now, but still it would be
> convenient to know where to look for hack attempts and
> look for log files which give information about
> connection attempts from outside.
/var/log/security, /var/log/ipfw.*, /var/log/messages, and so on.
With a more "stealthy" firewall setup, you wouldn't even be seeing these
connection attempt logs, as these outsiders would never even manage to
reach your machine at all.
--
Conrad J. Sabatier -- conrads at cox.net -- "In Unix veritas"
More information about the freebsd-questions
mailing list