Sospetto di essere vittima di un attacco di hacking. Quali passi devo prendere per garantire che nessun software di ratto sia in esecuzione sul mio computer?
Ho controllato l'avvio automatico eseguendo initctl list
ma non sono sicuro che sia tutto a posto:
indicator-application start/running, process 2557
unicast-local-avahi stop/waiting
update-notifier-crash stop/waiting
upstart-udev-bridge start/running, process 2304
update-notifier-hp-firmware stop/waiting
xsession-init stop/waiting
dbus start/running, process 2315
no-pinentry-gnome3 stop/waiting
update-notifier-cds stop/waiting
gnome-keyring-ssh stop/waiting
gnome-session (Unity) start/running, process 2502
ssh-agent stop/waiting
unity7 start/running, process 2702
upstart-dbus-session-bridge start/running, process 2435
gpg-agent start/running
indicator-messages start/running, process 2535
logrotate stop/waiting
indicator-bluetooth start/running, process 2536
unity-panel-service start/running, process 2520
hud start/running, process 2491
im-config start/running
unity-gtk-module stop/waiting
session-migration stop/waiting
upstart-dbus-system-bridge start/running, process 2432
at-spi2-registryd start/running, process 2501
indicator-power start/running, process 2537
update-notifier-release stop/waiting
indicator-datetime start/running, process 2540
indicator-keyboard start/running, process 2543
unity-settings-daemon start/running, process 2493
indicator-sound start/running, process 2544
upstart-file-bridge start/running, process 2438
bamfdaemon start/running, process 2423
gnome-keyring stop/waiting
window-stack-bridge start/running, process 2327
indicator-printers start/running, process 2546
re-exec stop/waiting
upstart-event-bridge stop/waiting
unity-panel-service-lockscreen stop/waiting
indicator-session start/running, process 2547
Soprattutto mi chiedo di ssh-agent stop/waiting
e session-migration stop/waiting
Che altro posso verificare per accertarmi che non ci sia nessuno collegato alla mia macchina?
Ecco l'output completo di netstat -ap
: link
Snippet:
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:microsoft-ds *:* LISTEN 1556/smbd
tcp 0 0 localhost:6942 *:* LISTEN 3587/java
tcp 0 0 *:902 *:* LISTEN 1454/vmware-authdla
tcp 0 0 *:netbios-ssn *:* LISTEN 1556/smbd
tcp 0 0 localhost:63342 *:* LISTEN 3587/java
tcp 104 0 172.25.20.1:49752 172.25.255:microsoft-ds VERBUNDEN 13165/gvfsd-smb
tcp6 0 0 [::]:https [::]:* LISTEN 3296/httpd
tcp6 0 0 [::]:4444 [::]:* LISTEN 3480/java
tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 1556/smbd
tcp6 0 0 [::]:902 [::]:* LISTEN 1454/vmware-authdla
tcp6 0 0 [::]:mysql [::]:* LISTEN 3280/mysqld
tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 1556/smbd
tcp6 0 0 [::]:http [::]:* LISTEN 3296/httpd
udp 0 0 *:ipp *:* 3893/cups-browsed
udp 0 0 *:8976 *:* 3587/java
udp 0 0 *:54067 *:* 1113/avahi-daemon:
udp 0 0 *:mdns *:* 1113/avahi-daemon:
udp 0 0 *:36345 *:* 3587/java
udp 0 0 172.25.255.2:netbios-ns *:* 1538/nmbd
udp 0 0 172.25.20.1:netbios-ns *:* 1538/nmbd
udp 0 0 *:netbios-ns *:* 1538/nmbd
udp 0 0 172.25.255.:netbios-dgm *:* 1538/nmbd
udp 0 0 172.25.20.1:netbios-dgm *:* 1538/nmbd
udp 0 0 *:netbios-dgm *:* 1538/nmbd
udp6 0 0 [::]:53859 [::]:* 1113/avahi-daemon:
udp6 0 0 [::]:mdns [::]:* 1113/avahi-daemon: