[svlug] Caught in the Act

Scott DuBois rhcom.linux at gmail.com
Mon Aug 10 15:36:14 PDT 2015

Previous message: [svlug] not all keyboards are equal (hardware support)
Next message: [svlug] Caught in the Act
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, looks like I got someones attention. Sitting at my desk, just minding my
own business, I started to notice network activity that I did not initiate.
Intrigued, I start up IPtraf and see an ftp connection? Hmmm. Maybe I should set
a specific iptables rule for this individual? I do. Then of course I do a little
digging with whois and dig. Ah, hacker site www.splitdna.com.

I must be becoming popular.

12:19:19.062037 IP splitdna.com.ftp > Flags [P.], seq 1396199288:1396199831, ack 1008036457, win 153, length 543
12:19:19.601023 IP splitdna.com.ftp > Flags [.], ack 544, win 154, length 0
12:24:19.064864 IP splitdna.com.ftp > Flags [P.], seq 543:1086, ack 544, win 154, length 543
12:24:19.600770 IP splitdna.com.ftp > Flags [.], ack 1087, win 155, length 0
12:29:19.069032 IP splitdna.com.ftp > Flags [P.], seq 1086:1629, ack 1087, win 155, length 543
12:29:19.601608 IP splitdna.com.ftp > Flags [.], ack 1630, win 156, length 0
12:34:19.082472 IP splitdna.com.ftp > Flags [P.], seq 1629:2172, ack 1630, win 156, length 543
12:34:19.641583 IP splitdna.com.ftp > Flags [P.], seq 1629:2172, ack 1630, win 156, length 543
12:34:20.441700 IP splitdna.com.ftp > Flags [P.], seq 1629:2172, ack 1630, win 156, length 543
12:34:21.095577 IP splitdna.com.ftp > Flags [.], ack 2173, win 157, length 0

18 packets captured
18 packets received by filter
0 packets dropped by kernel

(note: my IP I took out)

Now, I'm not the expert most of you guys are but it looks like something got through. How do I find out what this is?

I've also made sure to install the iptables-persistant package and intialize it.

Thank You =)
-- 
Scott DuBois      "What it lies in our power to do...
BSIT/SE	          ...it lies in our power not to do."                         
EFF ID: 1731778                          -- Aristotle


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
Url : http://lists.svlug.org/archives/svlug/attachments/20150810/cccb779c/attachment.bin

Previous message: [svlug] not all keyboards are equal (hardware support)
Next message: [svlug] Caught in the Act
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list