Sospecho ser víctima de un ataque de hacking. ¿Qué pasos debo seguir para asegurarme de que no se esté ejecutando ningún software de ratas en mi computadora?
Verifiqué el inicio automático ejecutando initctl list
pero no estoy seguro de si esto está bien:
indicator-application start/running, process 2557
unicast-local-avahi stop/waiting
update-notifier-crash stop/waiting
upstart-udev-bridge start/running, process 2304
update-notifier-hp-firmware stop/waiting
xsession-init stop/waiting
dbus start/running, process 2315
no-pinentry-gnome3 stop/waiting
update-notifier-cds stop/waiting
gnome-keyring-ssh stop/waiting
gnome-session (Unity) start/running, process 2502
ssh-agent stop/waiting
unity7 start/running, process 2702
upstart-dbus-session-bridge start/running, process 2435
gpg-agent start/running
indicator-messages start/running, process 2535
logrotate stop/waiting
indicator-bluetooth start/running, process 2536
unity-panel-service start/running, process 2520
hud start/running, process 2491
im-config start/running
unity-gtk-module stop/waiting
session-migration stop/waiting
upstart-dbus-system-bridge start/running, process 2432
at-spi2-registryd start/running, process 2501
indicator-power start/running, process 2537
update-notifier-release stop/waiting
indicator-datetime start/running, process 2540
indicator-keyboard start/running, process 2543
unity-settings-daemon start/running, process 2493
indicator-sound start/running, process 2544
upstart-file-bridge start/running, process 2438
bamfdaemon start/running, process 2423
gnome-keyring stop/waiting
window-stack-bridge start/running, process 2327
indicator-printers start/running, process 2546
re-exec stop/waiting
upstart-event-bridge stop/waiting
unity-panel-service-lockscreen stop/waiting
indicator-session start/running, process 2547
Especialmente me pregunto sobre ssh-agent stop/waiting
y session-migration stop/waiting
¿Qué más puedo verificar para asegurar que no haya nadie conectado a mi máquina?
Aquí está la salida completa de netstat -ap
: enlace
Snippet:
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 *:microsoft-ds *:* LISTEN 1556/smbd
tcp 0 0 localhost:6942 *:* LISTEN 3587/java
tcp 0 0 *:902 *:* LISTEN 1454/vmware-authdla
tcp 0 0 *:netbios-ssn *:* LISTEN 1556/smbd
tcp 0 0 localhost:63342 *:* LISTEN 3587/java
tcp 104 0 172.25.20.1:49752 172.25.255:microsoft-ds VERBUNDEN 13165/gvfsd-smb
tcp6 0 0 [::]:https [::]:* LISTEN 3296/httpd
tcp6 0 0 [::]:4444 [::]:* LISTEN 3480/java
tcp6 0 0 [::]:microsoft-ds [::]:* LISTEN 1556/smbd
tcp6 0 0 [::]:902 [::]:* LISTEN 1454/vmware-authdla
tcp6 0 0 [::]:mysql [::]:* LISTEN 3280/mysqld
tcp6 0 0 [::]:netbios-ssn [::]:* LISTEN 1556/smbd
tcp6 0 0 [::]:http [::]:* LISTEN 3296/httpd
udp 0 0 *:ipp *:* 3893/cups-browsed
udp 0 0 *:8976 *:* 3587/java
udp 0 0 *:54067 *:* 1113/avahi-daemon:
udp 0 0 *:mdns *:* 1113/avahi-daemon:
udp 0 0 *:36345 *:* 3587/java
udp 0 0 172.25.255.2:netbios-ns *:* 1538/nmbd
udp 0 0 172.25.20.1:netbios-ns *:* 1538/nmbd
udp 0 0 *:netbios-ns *:* 1538/nmbd
udp 0 0 172.25.255.:netbios-dgm *:* 1538/nmbd
udp 0 0 172.25.20.1:netbios-dgm *:* 1538/nmbd
udp 0 0 *:netbios-dgm *:* 1538/nmbd
udp6 0 0 [::]:53859 [::]:* 1113/avahi-daemon:
udp6 0 0 [::]:mdns [::]:* 1113/avahi-daemon: