Virus

Message

Egerbever · #1 Post by **Egerbever** » 2004-05-08 07:21

My PC is slower than usual and when I give the command netstat in cli I see that a remote address is conected.
I closed al apps that use internet connection (ximian, mozilla, etc)

Could this be a vires or something like that?

lacek · #2 Post by **lacek** » 2004-05-10 10:35

The probability of a virus spreading in Linux environment is low, but of course it is possible. In my opinion, it is more likely that your system is backdoored. To decide this, please close any non-essential applications, and see if the communication channel is still open. Use the 'netstat -ap' command (as root) to see which apps are trying to communicate. If you see anything suspicious, you can track down the offending program.
If you having difficulties understanding the netstat output, you may paste it here, and we will try to give you a hand.

Egerbever · #3 Post by **Egerbever** » 2004-05-10 19:24

I closed all the apps that had something to do with networking and no foreign addresses where given.
And the computer reacted normal again.

But still:
If there is some kind of suspicious IP connected to my computer, How can I kick it off and block it the next time?

lacek · #4 Post by **lacek** » 2004-05-12 09:12

You have to have iptables enabled in your kernel to do firewalling. If you have, you can simply do this:

Code: Select all

iptables -I INPUT -s (offending_ip) -j DROP

If you need a deep explanation what iptables does and why, see the Iptables Tutorial