View previous topic :: View next topic |
Author |
Message |
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Tue Aug 27, 2013 9:51 pm Post subject: be attacked? how to verify? what to do? |
|
|
Here is the thing,
Wen I connected to my box, there is more than 200K/s download flux found in the conky window. But I did nothing at that time. and I got nothing from iftop.
Then I disconnected immediately, and connect to an open wifi spot. No such flux was found. When I reconnected to my box, such flux returned. Then I restarted the system, this flux disappeared.
This happens sometimes.
So, was it an attack? if so, what should I do when it happens next time? if not, where is this flux from? How to find it?
Thanks. |
|
Back to top |
|
|
Logicien Veteran
Joined: 16 Sep 2005 Posts: 1555 Location: Montréal
|
Posted: Tue Aug 27, 2013 10:40 pm Post subject: |
|
|
I would check if I have a public IP and default route addresses. Some ISP dont give some and can have something to do with that in their local network.
I would than try the tcpdump utility to find the IP and domain name addresses of the packets send and receive. So you can know what's going on in and out. Your Gentoo can try to establish connexions to the outside world.
I would check the kernel and log messages. Some kernel sysctl options activate martian packets log. If it report some martian packets, I would start to paranoid. Do you have a firewall? _________________ Paul |
|
Back to top |
|
|
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Tue Aug 27, 2013 11:03 pm Post subject: |
|
|
Logicien wrote: | I would check if I have a public IP and default route addresses. Some ISP dont give some and can have something to do with that in their local network.
I would than try the tcpdump utility to find the IP and domain name addresses of the packets send and receive. So you can know what's going on in and out. Your Gentoo can try to establish connexions to the outside world.
I would check the kernel and log messages. Some kernel sysctl options activate martian packets log. If it report some martian packets, I would start to paranoid. Do you have a firewall? |
Thanks
No, I didn't set firewall. It's just a home network. I don't think it is necessary. I guess that it would be someone who wanted to crack my wifi password. |
|
Back to top |
|
|
pd1986 Guru
Joined: 19 Feb 2012 Posts: 404 Location: Paris
|
Posted: Tue Aug 27, 2013 11:09 pm Post subject: |
|
|
Logicien wrote: | I would check if I have a public IP and default route addresses. Some ISP dont give some and can have something to do with that in their local network.
I would than try the tcpdump utility to find the IP and domain name addresses of the packets send and receive. So you can know what's going on in and out. Your Gentoo can try to establish connexions to the outside world.
I would check the kernel and log messages. Some kernel sysctl options activate martian packets log. If it report some martian packets, I would start to paranoid. Do you have a firewall? |
tcpdump would be very useful. |
|
Back to top |
|
|
|