A little while ago I got the following email from an unknown party (using an @alum.cs.[redacted].edu email address):
I'm seeing attack traffic from your Linode. Just a friendly heads up that its likely p0wned. A quick google suggests no one else likes the traffic coming from your Linode either.
<http://ift.tt/1CWDLPv Linode's IP]>
However I couldn't find any evidence to support this assertion. I checked the resource utilization graphs provided by Linode, as well as my firewall logs, system's process list, active connections, recently modified files, user accounts, and so on, and found absolutely no anomalies. The results from the Google search didn't seem to back up the claim that nobody else likes the traffic either; nothing I saw in the first few results raised any red flags. So either the server is fine, or I'm dealing with an adversary who knows how to cover their tracks so well that I can't imagine why they would have any interest in my Linode. (There is no sensitive data on it.)
This leads me to wonder whether the message could have been a form of phishing. In this particular case, I doubt it, but could something like this be a legitimate social engineering tactic? Is there something I would be likely to reveal by replying to this message which could be used against me in some way I can't think of?
If and when this happens in the future, my goal is to respond in a way that allows me to collect the information I need to track down the attack in case it is real, while not revealing anything too compromising in case it isn't real.
Aucun commentaire:
Enregistrer un commentaire