Newbie security problem

[kamal]

WHat do you guys check for intrusion and hackers? I am getting strange things in my /tmp folder these days and those programs in it are linked back to some IRC relay thing... Am I being hacked?

[cornelis]

You can try to install a hardware firewall to block specific ports so even if a hacker gets in he still can't use it because opening ports in the server will be useless as it will be blocked at firewall level.

[clifford]

I have used snort to check for intrusions and exploits. It's a pretty cool tool.
http://www.snort.org/

You may find some other good ones here:
http://www.hackinglinuxexposed.com/resources/

[Shadow]

get a hardware firewall

[mrswampy]

Are software firewalls no use then?

[apcbill]

Software firewalls are just as good when implemented correctly. And if you think about it a hardware firewall has software running on it. So it is still a software firewall.

Look into using Netfilter(IPtables) most current distros have the firewall on them and an easy gui if you don't want to learn the command line.

As for detecting intrusions. There are alot of different ways to check. A good way is to setup the Netfilter firewall and then check for incoming and outgoing connections that didn't originate from you.

Snort is also a good tool to use to observe network intrusions. It may be too advanced for someone with limited security or networking knowledge.

You can also use the netstat -an command to look at current connections if you know what you're looking for and you haven't been rootkitted.

If you would like I could look at your sytem for you. But you don't know me. The only thing I can offer as credentials is my CISSP number. It is a professional certification that requires me to not hack/crack where not asked to.

Good luck.