From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-user+bounces-60343-garchives=archives.gentoo.org@gentoo.org>)
	id 1HKNa7-0000GE-Ra
	for garchives@archives.gentoo.org; Thu, 22 Feb 2007 23:42:36 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1MNfRIv030964;
	Thu, 22 Feb 2007 23:41:27 GMT
Received: from ik-out-1112.google.com (ik-out-1112.google.com [66.249.90.176])
	by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1MNYl31022877
	for <gentoo-user@lists.gentoo.org>; Thu, 22 Feb 2007 23:34:47 GMT
Received: by ik-out-1112.google.com with SMTP id c30so198119ika
        for <gentoo-user@lists.gentoo.org>; Thu, 22 Feb 2007 15:34:47 -0800 (PST)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
        d=gmail.com; s=beta;
        h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=aubymKFSUM1qPOihNH+q899gwPgRYyEV4ij0HLzBD/GLXEvnLcqrhM/toqsVDAYAkPJcCNP+3U6xBSlUHlbPL3Rvg95CMD4O43tToYY3FMk+ThZay9dI6wNwM1VAjK/Y3zsfjOSARj+tjXjX9IgOoJPIiATnh0CL6zxxbz/++MM=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=beta;
        h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
        b=JydFp87DbjjIhrH0d1VPrb4Mbu2V3+5SxIUwTeewK3w/z/0Y8KsTDVR/i0GBOlKmhsOuNS0oVHvInvXQvm7TlUmpKtJy2PHptAyg3pqmerSloUkkqgBwN3hwYVfKVtqDqdsvKqonGScRinicA0V7faKkbmpHlxwdKLUynyTT9Gk=
Received: by 10.114.60.19 with SMTP id i19mr573506waa.1172187285384;
        Thu, 22 Feb 2007 15:34:45 -0800 (PST)
Received: by 10.114.176.16 with HTTP; Thu, 22 Feb 2007 15:34:45 -0800 (PST)
Message-ID: <49bf44f10702221534p2fd8fbd7u7a3d7c3f68b51893@mail.gmail.com>
Date: Thu, 22 Feb 2007 15:34:45 -0800
From: Grant <emailgrant@gmail.com>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Did I just get hacked???
In-Reply-To: <1171165124.381.9.camel@blackwidow.nbk>
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <49bf44f10702101827k199bf270yfb65ed1f4f5195e0@mail.gmail.com>
	 <1171165124.381.9.camel@blackwidow.nbk>
X-Archives-Salt: a9280dcb-31a9-4a74-8929-2491ee43d725
X-Archives-Hash: 63044c6f04d1369eb3d0544678856bb8

> > The contents of my /home/grant/vmware folder have suddenly
> > disappeared.  I haven't noticed anything else strange yet.  I did
> > configure and start shorewall for the first time yesterday instead of
> > using a few iptables commands from the Gentoo Home Router Guide.  I'm
> > also running PenguinTV (a video RSS aggregator with an ebuild in
> > bugs.gentoo.org) and transmission (a bittorrent client in portage)
>
> So someone breaks into your box and the only thing they can think of to
> do is remove your ~/vmware directory?

It occurred to me this morning that a hacker could have gained access
to my system via the vmware guest OS (XP) and then deleted the
contents of vmware/ to cover his tracks.  Does that sound like a
possibility?

- Grant
-- 
gentoo-user@gentoo.org mailing list