Ok, here's the deal sparky. I keep comming home and finding wierd this on my Linux system. I usually log out sometimes I don't but anyways I got home from work tonight and there was some information displayed about my internet settings. IP address, mac address, dns, etc. etc.. Does this mean my box has been compromised. I set up the "free version" of Tiny Firewall included with Mandrake 8.1 and IP chains and IP tables are running as services but is there more that should be done. Is there a free fire wall out there that I should be using. I have cable internet so Its fairly important that I'm not sitting there broadcasting my existance to everyone. So what should I do. Ohh, that info about my ip and stuff, it was being displayed at the Linux login prompt (x isn't set to start automatically). Another wierd thing is that some of my directories got moved around somehow. LimeWire got moved to my root home directory as an example. It still works and everything but thats not where It installed to.Well, any help is appreciated. THANX :)

do you have any services open, something like telnet? Do you use irc, and walk around those leech servers where you can download movies and you put dcc rec in auto because you don't have the time to stay there always clicking accept, i say this because you have cable modem, the users of cable modem usualy do this. Thell us more about you computer, services,system,how it is configured, stuff like that.

Sounds like you may indeed have been hacked into.

If you're wondering what you need to do to secure your box, it's not what you should be running that matters, but what you shouldn't be running.

In a shell, run "ps ax", which will give you a listing of all programs running. Then, for each entry find out what it does, and whether or not you need it. The first few entries will start with k and be kernel processes, so don't worry about those, but everything below matters. If you don't think you need it, remove it. Either by uninstalling the package, or by removing the service that starts it (for that I suggest looking up how the init scripts work on your specific distro).

Then, take a look at /etc/inetd.conf or /etc/xinetd.conf and see what services run from there. Most likely more than a few. Comment them out if you don't think you'll need them. (And believe me, you won't need most of them, two of the three linux machines in my home don't even run inetd, and one of them is a server!)

Also, it's very important on any OS to stay up to date with the stuff that's always running. Especially with the stuff for which security fixes exist (mandrake most likely has a site or mailing list where you can find a listing of all the security fixes as they are released)

A firewall is a nice aid, but don't depend on it to keep you safe, because it won't.

I think that he should consider the deamons, because most of the times they are responsible for hackers gain access. Image this cenario, he as telnet deamon running, okey, so far so good, he is at work and he connects to his computer by telnet to chek some data, but what he doesn't know is that there is a hacker sniffing his network, and he caught his passwords, know here i can have a firewall, but he probebly "said" to the firewall accept comunications on port 23, and that's it, the hacker doesn't get filtered because the firewall accepts connections on port 23, yes what is running is also important, it could be some trojan, or a bash profile, it could many things.

A firewall shouldn't be relied on as complete protection, especially if it's not on a separate machine.

Scenario:
You download some warez thingy from some IRC channel and run it. Unknown to you it's a trojan and the moment you run it, it executes ipchains -F or iptables -F. Goodbye firewall.

Now your system might not have been compromised. Linux often does a lot of logging and if you're doing DHCP and if you've set logging to /dev/console in /etc/syslogd.conf, then that's where it's going to log to, your console. More information is required here, such as what exactly was logged.

Do you have PortSentry and Tripwire? Those programs definately help.

You should check your SUID files. If you find new and mysterious ones it means you have been compromised.