LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 09-29-2003, 07:33 PM   #16
J.W.
LQ Veteran
 
Registered: Mar 2003
Location: Milwaukee, WI
Distribution: Mint
Posts: 6,642

Rep: Reputation: 69

Yeah, or maybe lead aprons, pants, and facemasks to protect you from the radiation. If you put a cup of water in front of the mouse and double click a couple of times, does it start to boil?
 
Old 09-29-2003, 07:33 PM   #17
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
LOL. As bizarre is that is, I've actually had something similar happen with a cordless mouse/keyboard combo. It happens more than you think.

BTW, read unSpawn's security post at the top of the forum or it's very likely that you will get hacked for real. In fact it would be pretty trivial, considering that you have X wide open:

6000/tcp open X11

If you need to run services, especially local ones, then restrict access using a firewall. Having quasi-vulnerable services like rpc, samba-shares, and lpd (printer) open to the world is really dangerous. So now that you know what it feels like to get hacked (without actually getting hacked), use that as your motivation to lock your box down or at least make it less of a target.

Last edited by Capt_Caveman; 09-29-2003 at 07:35 PM.
 
Old 09-29-2003, 07:55 PM   #18
BruceCadieux
Member
 
Registered: Apr 2002
Location: Wales MA.
Distribution: openSuSE 11.1
Posts: 409

Original Poster
Rep: Reputation: 32
Quote:
Originally posted by unSpawn
I was assumming it was through the ftp ports / I am only guessing that somehow they are using
You're not helping us help you, so this will get you nowhere. Read the advice given, act on it and supply us with factual info instead of talking *about* it.
Clacour is right about checking the rpm database from the rescue cdr, but this does not necessarily means that when it turns out OK you're in the green. Without proper response though exploring any other angles is going to be a waste of time.


My next question would be, if I reformat and set it back up what can I do to prevent this again.
I could sum up a lot, but in short: read the docs on hardening your box and act on it.
Thing of it is I did act on everything everone told me, short of the format advice.

I didn't see anything in any of the log files, or the commands I was asked to run. I didnt want to clutter the thread up with pages and pages of them, I poored over them for hours all day long. Googled the life out of myself and even booted with knoppix, and and checked most everything I could think of and then even looked in places that wouldn't be logical to look in. Also ran nmap from another machine.

I couldn't provide the info everyone was looking for cause I just couldn't find it.

I do thank everyone for their time. I search and read here quite a bit, so I rarely need to ask, most everything I need has been asked and answered already.

This was one of the times I just couldn't find anm answer anywhere.

Thanks again for your time and patience.

I guess pretty much the reason I couldn't figure it out, or find anything at all, was becasue there was nothing to find.
 
Old 09-29-2003, 07:57 PM   #19
BruceCadieux
Member
 
Registered: Apr 2002
Location: Wales MA.
Distribution: openSuSE 11.1
Posts: 409

Original Poster
Rep: Reputation: 32
Quote:
Originally posted by Capt_Caveman
LOL. As bizarre is that is, I've actually had something similar happen with a cordless mouse/keyboard combo. It happens more than you think.

BTW, read unSpawn's security post at the top of the forum or it's very likely that you will get hacked for real. In fact it would be pretty trivial, considering that you have X wide open:

6000/tcp open X11

If you need to run services, especially local ones, then restrict access using a firewall. Having quasi-vulnerable services like rpc, samba-shares, and lpd (printer) open to the world is really dangerous. So now that you know what it feels like to get hacked (without actually getting hacked), use that as your motivation to lock your box down or at least make it less of a target.
X isn't available to anyone who isn't behind my firewall/router. My router blocks access to everything but http and ftp.

Going to read the pinned topic now thanks.

Last edited by BruceCadieux; 09-29-2003 at 07:58 PM.
 
Old 09-29-2003, 08:10 PM   #20
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Quote:
Originally posted by BruceCadieux
X isn't available to anyone who isn't behind my firewall/router. My router blocks access to everything but http and ftp.

Going to read the pinned topic now thanks.
I guess that nmap output was from inside your LAN then. Cool. Sounds like you're ahead of the game already
 
Old 09-29-2003, 08:24 PM   #21
BruceCadieux
Member
 
Registered: Apr 2002
Location: Wales MA.
Distribution: openSuSE 11.1
Posts: 409

Original Poster
Rep: Reputation: 32
Quote:
Originally posted by Capt_Caveman
I guess that nmap output was from inside your LAN then. Cool. Sounds like you're ahead of the game already
Absolutelty the nmap scan was from inside my network. Scanning from outside on a neighbors Pc reveals nothing but my ftp and http.

I am certainly not an expert in securioty and I know I have allot to read, but I always block everything, and always try to shutdown things I think I will not need.

I am pressed for a little sleep time right now, so I downloaded Bastille linux, from one of the links provided here Im going to install it tonight and tinker with it some. I will delve into more security issues tommorrow.

Thanks all.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
System possibly compromised kloppster Linux - Security 7 07-12-2004 03:30 PM
high speed system compromised witeshark Linux - Security 3 04-14-2004 03:53 PM
do these symptoms mean my system is compromised? jimlaur Linux - Security 10 03-18-2004 12:20 PM
System compromised? Comatose51 Linux - Security 3 07-11-2003 08:28 AM
Help: I think my system has been compromised! Comatose51 Linux - General 2 06-29-2003 05:00 PM


All times are GMT -5. The time now is 07:11 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration