|
Slackware Security Question
Hello Everyone,
I was surfing the internet and while i was on yahoo site i noticed my mouse made a circle like motion exepct i did not tell it to do that. Is there anyway i can tell if some one has hack into my system? BTW: Running Slackware 14.1 Firefox 39.0 with noscript. |
What?
|
Quote:
You can run the rkhunter utility to see if you have a rootkit on your system. Besides the odd mouse behavior is there any other reason that you think you've been hacked? http://slackbuilds.org/repository/14...earch=rkhunter |
Is it a Microsoft mouse ?
:-) :-) |
Not too long ago I was assisting an acquaintance with his Linux Mint laptop. Every so often the mouse cursor would move a bit. this persisted a while until I asked him if his wireless mouse was in his pocket and if so, was it "on".
It was, and I called him a dink. ...Sometimes my pointer moves "by itself" too, especially if I hold my thinkpad's mouse nipple in one direction for too long. Greenfly, I suggest you rule out things like cat hair and dust under your mouse. But installing a firewall and, like hitest suggests, rkhunter is always good advice. |
Are you getting this behavior on any other websites and what are the noscript settings for this one?
|
Hello Everyone,
@Mark Pettit - My mouse is a generic brand. @STDOUBT - Well my mouse is wired optical mouse. @frankbell - When i was on yahoo noscript i have allow yahoo.com and yimg.com. @hitest - Thanks,I'll to do scan see it finds anything. Btw: This what my netstat -ano showed just after that incident. tcp 0 0 192.168.1.130:45774 206.190.56.190:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:58913 104.76.110.228:443 ESTABLISHED keepalive (0.76/0/0) tcp 0 0 192.168.1.130:51752 72.30.2.106:443 ESTABLISHED keepalive (2.10/0/0) tcp 0 0 192.168.1.130:35674 98.139.180.149:443 TIME_WAIT timewait (44.04/0/0) tcp 0 0 192.168.1.130:41338 72.30.202.247:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:56733 207.244.77.134:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:41521 206.190.57.61:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:58203 72.21.91.187:443 ESTABLISHED keepalive (2.33/0/0) tcp 0 0 192.168.1.130:60352 45.79.133.136:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:45976 98.139.21.45:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:45683 206.190.56.190:443 ESTABLISHED off (0.00/0/0) tcp 0 0 192.168.1.130:36846 52.84.27.193:80 TIME_WAIT timewait (28.17/0/0) And This is my iptables rules. Chain INPUT (policy DROP 56 packets, 6876 bytes) pkts bytes target prot opt in out source destination 12238 15M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 83 4996 ACCEPT all -- lo any loopback/8 loopback/8 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 8588 785K ACCEPT all -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED |
Yeah that's dinking and it can happen with a lot of mice. Mainly it affects Bluetooth, RF, and other wireless mice, but I have seen it affect Laser and Optical mice as well as Roller/Ball mice as well, but more rarely. Usually it's from the mouse driver trying to settle into a spot from a previous movement.
Unless you're running an SSH, VNC, or RDP, then it's just the mouse dinking. |
I assume your system is patched and that you have an effective firewall. If you need a firewall script, I have a very basic one here.
This to me seems like less of a security question and more an issue with paranoia due to being uninformed about how hackers work. Hackers do not notify their targets before, during, or after a hack. That would defeat the purpose of hacking a system in the first place. It would be a waste of time to execute a hack only to tell the target to clean up the system, or even take that system offline. Hackers do not hack systems of little to no value. So unless you have some super secret data, you work for a company that has valuable data stored on your desktop at home, or you like to keep your financial or tax records in clear text, you are just being paranoid. Also, just so you know, the mouse moving around on your screen is not a symptom of being hacked. Sure, being the latest addition to a botnet is a scary thing. This usually only happens to systems that are not using a firewall, not patched, and those systems that the end-user is running as administrator or root. Think, low hanging fruit. If you are really that paranoid about being hacked then there are some easy things to do to check for rootkits. These are the basic commands that will allow you to identify rootkits on your system.
If you are still paranoid after this, use tripwire. It is a host based intrusion detection system that should only be installed onto freshly installed systems. It will guarantee file integrity on your system if you keep the tripwire database up to date. You will be notified by tripwire every time a file has been modified on your system. Not great for home desktops, since files change all the time. Tripwire is better for servers. A fresh installation increases file integrity. If you are still paranoid after that installing snort.... Use a network intrusion detection system. Install snort on your network gateway, or set up DHCP/DNS on a separate machine that forwards traffic to your gateway. Install snort on this machine and you will be notified by email of any network intrusions. Of course, you have to learn to install and configure snort first. A browser hack can be averted by using these add ons:
Finally, trust in our benevolent dictator and the Slackware development team. These people have the experience and are all knowing. Let them ease your paranoia by releasing security updates when they deem it necessary. After all, these guys have been doing this for decades without error. :hattip: EDIT: for typos. |
Quote:
The box got owned. He changed my root password and let me know that he was in control. Some hackers will own you just to f*#@ with you. Good advice in your post. |
So many sophisticated theoretical considerations in this thread. The base of science is experiment. Just replace your mouse with a new one and check if the problem still exists.
You can also ask a friend to try your mouse on his/her computer. |
Swap the mouse first. If this is a desktop also check the power supply. I know this sounds crazy by a mouse moving all by its lonesome is often the first sign you don't have stable power.
|
I have had 2 optical mouse, which at times would move by themselves. It was most noticable in first person shooters when you were suddenly looking at the sky. I ended up throwing it out because it was impossible to play games or do any accurate thing on the pixel level, such as drawing a straight line in GIMP. I remember the first time it happened and immediately though the possibility of having a RAT on linux. But soon noticed that when i was testing various live CD's, the self movement continued to happen while not even connected to the network.
Dust/particles on the optical sensor is the first thing to check. Then the surface your mouse is on. If you are moving the mouse over a multicoloured/shaped graphic on a mousepad, this may cause inaccurate movement, so maybe try a plain black mousemat. I would probably put it down to the accuracy of the optical sensor itself. The cheaper ones tend to all have this self moving behaviour at times. But that's to say the movement is sudden / jumpy like. Of course, if your mouse smoothly moves over your applications menu, scrolls to a category and selects a program before browsing through your files... you may want to yank the network cable in this case lol. |
I have a wired USB optical mouse that will disconnect/connect multiple times, usually resulting in a movement that makes the screensaver login screen appear. You can check /var/log/messages right after it occurs to see if it reports anything (it did in my case).
|
Hello Everyone,
Ok thanks everyone for your input. I will take it to heart. |
| All times are GMT -5. The time now is 09:59 AM. |