![next page: 05 What does port number [whatever] mean?](../../../images/nav/page_next.gif){kind=small}
04 I just noticed that [something]. Has my machine been compromised?
Description
This article is from the comp.security.unix and comp.security.misc FAQ, by Alan J Rosenthal flaps@dgp.toronto.edu with numerous contributions by others.
04 I just noticed that [something]. Has my machine been compromised?
Maybe. You probably don't know whether it always was like this. You should
look around your system enough of the time that you get used to how things
look BEFORE you get broken into. And you should make a practice of following
up oddities you find, so that your judgement as to what is and is not weird
improves with experience.
If it's too late for that, before posting to comp.security.* ask at least
one local expert in the OS you're running, or in the case of unix/linux/gnu,
one local unix expert. There may be a straightforward, happy explanation
for the behaviour you observe. Or there may not. Not all anomalies are the
result of an intrusion; to some extent "My machine has been broken into!" has
replaced the "I have a virus!" default explanation of a few years ago.
On the other hand, machine breakins are very common these days, too.
Continue to:
My Books
