-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kamaraju Kusumanchi escribió: > Hi all > > I am using Debian Etch (currently testing). Today from the abuse > department of my ISP, I received the following warning (pasted in the end). > My ISP has suspended my internet connection due to this. However, I am not > able to track down the cause of the problem. I am wondering if anyone could > help me out or tell me a better place to contact... > > I have used kopete sometime back to contact debian IRC channels. Other > than that I have never heard of this undernet.org. I also cannot imagine a > debian machine (especially with etch being so near to becoming stable) being > compromised as a zombie. > > Here is what I have done so far > 1) I have looked in various log files but could not find any suspicious > activity. > > 2) I tried to register at http://forum.undernet.org but their system is not > allowing me register my account. > > 3) I was not able to contact the original sender of the abuse report as there > is no from address in the report forwarded to me. My ISP's abuse department > is closed for the weekend and I am trying to resolve this issue before > approaching them on Monday. > > Any ideas on how to determine+eliminate the root cause of this problem? Has > anyone faced a similar problem before on Debian machines? > > thanks > raju > > > *************************** > abuse report forwarded to me > *************************** > Good day, > > We are contacting you in order to inform the Abuse Department of your ISP > that the following IPs have been compromised by unknown persons: > > Ip: 128.253.28.128 > > Complaint ticket: PJBP-2564 > > Abusers have been caught on IRC (Undernet.org Network) using > the above IPs for loading IRC clients (floodbots, spambots, trojan > spreading clients, etc.) involved in illegal activities such as DDoS, > SPAMMING or Infected links/trojans spreading. > > We would kindly appreciate your action to solve the hacked boxes > or inform your customers about it in order to make sure the > abusers wont be able anymore to use your services for such > activities. > > As we are a non-profit Anti Abuse Project organized on an IRC > Network, please reply to our reporting e-mail, so this way we can > keep track of our Solved/Declined requests. > > Sincerely, > > Lucia Munteanu > *************************** > > Using netstat to check network activity? Closing all ports with iptables?... I don't believe that your machine were compromised just by using an IRC network...
We need more info Jose Luis, - -- ghostbar on Linux/Debian 'sid' i686 - #382503 Weblog: http://ghostbar.ath.cx/ - http://talug.org.ve http://debian.org.ve - irc.debian.org #debian-ve #debian-devel-es San Cristóbal, Venezuela. http://chaslug.org.ve Fingerprint = 3E7D 4267 AFD5 2407 2A37 20AC 38A0 AD5B CACA B118 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGGC3fOKCtW8rKsRgRAhCKAJ9Gnu73hGprqrgD6qu4xgUyX4GcgACgyn9T ukEZXvxGo+NDpm62iZ7srkc= =eh6J -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
