A little while ago I got the following email from an unknown party (using an @alum.cs.[redacted].edu email address):
I'm seeing attack traffic from your Linode. Just a friendly heads up that its likely p0wned. A quick google suggests no one else likes the traffic coming from your Linode either.
<http://ift.tt/1JSbNGJ's ip]>
However I couldn't find any evidence to support this assertion. I checked the resources utilization graphs provided by Linode, as well as my firewall logs, system's process list, active connections, recently modified files, user accounts, and so on, and found absolutely no anomalies. The results from the Google search didn't seem to back up the claim that nobody else likes the traffic either. I checked them out, and although I'm not a network professional (and thus don't know how to properly interpret everything I found), nothing I saw in the first few results raised any red flags. So either the server is fine, or I'm dealing with an adversary who knows how to cover their tracks so well that I can't imagine why they would have any interest in it. (There is no sensitive data on my Linode.)
This leads me to wonder whether the message could have been a form of phishing. In this particular case, I highly doubt it, but could something like this be a legitimate social engineering tactic? Is there something I would be likely to reveal by replying to this message which could be used against me in some way I can't think of?
Aucun commentaire:
Enregistrer un commentaire