Virus

Kernels & Hardware, configuring network, installing services

Virus

Postby Egerbever » 2004-05-08 07:21

My PC is slower than usual and when I give the command netstat in cli I see that a remote address is conected.
I closed al apps that use internet connection (ximian, mozilla, etc)

Could this be a vires or something like that?
Egerbever
 

Postby lacek » 2004-05-10 10:35

The probability of a virus spreading in Linux environment is low, but of course it is possible. In my opinion, it is more likely that your system is backdoored. To decide this, please close any non-essential applications, and see if the communication channel is still open. Use the 'netstat -ap' command (as root) to see which apps are trying to communicate. If you see anything suspicious, you can track down the offending program.
If you having difficulties understanding the netstat output, you may paste it here, and we will try to give you a hand.
lacek
Moderator Team Member
 
Posts: 769
Joined: 2004-03-11 18:49
Location: Budapest, Hungary

Postby Egerbever » 2004-05-10 19:24

I closed all the apps that had something to do with networking and no foreign addresses where given.
And the computer reacted normal again.

But still:
If there is some kind of suspicious IP connected to my computer, How can I kick it off and block it the next time?
Egerbever
 

Postby lacek » 2004-05-12 09:12

You have to have iptables enabled in your kernel to do firewalling. If you have, you can simply do this:
Code: Select all
iptables -I INPUT -s (offending_ip) -j DROP

If you need a deep explanation what iptables does and why, see the Iptables Tutorial
lacek
Moderator Team Member
 
Posts: 769
Joined: 2004-03-11 18:49
Location: Budapest, Hungary


Return to System configuration

Who is online

Users browsing this forum: No registered users and 20 guests

fashionable