Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
be attacked? how to verify? what to do?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pd1986
Guru
Guru


Joined: 19 Feb 2012
Posts: 404
Location: Paris

PostPosted: Tue Aug 27, 2013 9:51 pm    Post subject: be attacked? how to verify? what to do? Reply with quote

Here is the thing,
Wen I connected to my box, there is more than 200K/s download flux found in the conky window. But I did nothing at that time. and I got nothing from iftop.
Then I disconnected immediately, and connect to an open wifi spot. No such flux was found. When I reconnected to my box, such flux returned. Then I restarted the system, this flux disappeared.

This happens sometimes.

So, was it an attack? if so, what should I do when it happens next time? if not, where is this flux from? How to find it?

Thanks.
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1555
Location: Montréal

PostPosted: Tue Aug 27, 2013 10:40 pm    Post subject: Reply with quote

I would check if I have a public IP and default route addresses. Some ISP dont give some and can have something to do with that in their local network.

I would than try the tcpdump utility to find the IP and domain name addresses of the packets send and receive. So you can know what's going on in and out. Your Gentoo can try to establish connexions to the outside world.

I would check the kernel and log messages. Some kernel sysctl options activate martian packets log. If it report some martian packets, I would start to paranoid. Do you have a firewall?
_________________
Paul
Back to top
View user's profile Send private message
pd1986
Guru
Guru


Joined: 19 Feb 2012
Posts: 404
Location: Paris

PostPosted: Tue Aug 27, 2013 11:03 pm    Post subject: Reply with quote

Logicien wrote:
I would check if I have a public IP and default route addresses. Some ISP dont give some and can have something to do with that in their local network.

I would than try the tcpdump utility to find the IP and domain name addresses of the packets send and receive. So you can know what's going on in and out. Your Gentoo can try to establish connexions to the outside world.

I would check the kernel and log messages. Some kernel sysctl options activate martian packets log. If it report some martian packets, I would start to paranoid. Do you have a firewall?


Thanks

No, I didn't set firewall. It's just a home network. I don't think it is necessary. I guess that it would be someone who wanted to crack my wifi password.
Back to top
View user's profile Send private message
pd1986
Guru
Guru


Joined: 19 Feb 2012
Posts: 404
Location: Paris

PostPosted: Tue Aug 27, 2013 11:09 pm    Post subject: Reply with quote

Logicien wrote:
I would check if I have a public IP and default route addresses. Some ISP dont give some and can have something to do with that in their local network.

I would than try the tcpdump utility to find the IP and domain name addresses of the packets send and receive. So you can know what's going on in and out. Your Gentoo can try to establish connexions to the outside world.

I would check the kernel and log messages. Some kernel sysctl options activate martian packets log. If it report some martian packets, I would start to paranoid. Do you have a firewall?


tcpdump would be very useful.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum