Evidently, one should install tripwire...
I am sensing "the burgled person syndrome" where the first thing you want to do is set up alarm systems, bar the windows and so on. The trouble is that it never lasts long, because it consumes all of your time. I think that you are making a job out of protecting your computer. That's fine if it's for recreation, fun or in preparation for highly paid employment, but not otherwise. I realize that an IDS is free and that lots of people have spent money on setting up hardware firewalls, but it isn't free in terms of time. And without a lot of knowledge, it isn't likely to be productive. We had a super network setup (in that it worked all the time for years). Unfortunately the techs who had put it together left and some new ones inherited that network. We got trashed and lost work because of some basic vulnerability which was left unpatched because the new techs were too busy learning about the complicated protections.
We can all get too involved with the complicated stuff, too. Let's keep sight of a summary of the situation.
I'm just saying to relax for a while and think things through. If you'd have had the most secure computer in the world, that wouldn't have helped with someone sending spam through your router. Don't lose sight of the little things. Spam is bad but things could have been worse with your online banking compromised or something illegal done as a joke to bring the police to your door.
You not only had a good wake up call with regard to keeping your router secure, but learned some valuable information with regard to securing your computer properly through learning more about the firewall and running services. You now have experience with Firestarter which gives far more visual feedback. You know about the proper use of rkhunter and getting it's database updated.
Even with your firewall improperly set and with your router wireless not secured, it's highly improbable that someone hacked your computer. JohnBoy and I differ on points - but in your case we're both sure that your computer was fine. I'm far more cautious, but if I was your neighbor who had compromised your router (through wireless) - and had great Linux skills - and had malicious intent toward you - well why would I enter your computer and not trash things? Why wouldn't I use the opportunity of access to your router to spy from there or get at your bank account - or in legal trouble. As I said above, when someone used some exploit to enter our network, they made darned sure that everyone knew and felt the hurt.
It could have happened because of something running which we haven't considered. But now you know how to get an install verified, up and protected, step by step. All of your concerns have been taken seriously, and I sure did the best I knew to reassure - but also to reassure by over-caution.
So far you are well ahead in terms of learning and safety. So are we, because in discussion on this thread, we've considered how simple things can go wrong. At this point you have to look at things realistically in two aspects:
1. If there is an exploit for Linux desktops - then it will be found quickly because of many people like me being over-cautious. But you'll hear of many people being affected, too.
2. A person has to reach a level of comfort with tools like computers. They either serve for work when you might not enjoy them, or for recreation when you should enjoy them. The GRC forum people and others who use all the new and home-made security stuff are not paranoid, but having a lot of fun playing. If you don't have fun learning about security, then it's wasted time in your life. Problems will often come from something simple, just as in life. With the current router exploit being discussed on various forums, people felt safe because of course they'd changed the login and password. Then someone asked about logins being saved on the browser... For most of us, we have to keep the basics in mind like proper backups. We'll probably never get hacked but a lightning storm or flood can just as damaging.
I'm just trying to be helpful because we're getting too focused, and perhaps forgetting some basics.
