LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-10-2015, 12:10 PM   #1
GreenFireFly
Member
 
Registered: Jul 2013
Posts: 218

Rep: Reputation: Disabled
Question Slackware Security Question


Hello Everyone,

I was surfing the internet and while i was on yahoo site i noticed
my mouse made a circle like motion exepct i did not tell it to do
that.

Is there anyway i can tell if some one has hack into my system?

BTW: Running Slackware 14.1 Firefox 39.0 with noscript.
 
Old 12-10-2015, 01:21 PM   #2
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
What?
 
Old 12-10-2015, 01:35 PM   #3
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Void, Slackware
Posts: 7,341

Rep: Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744
Quote:
Originally Posted by GreenFireFly View Post
Is there anyway i can tell if some one has hack into my system?
There are a few things you can do to prevent being owned like patching your system and having a hardware and software firewall.

You can run the rkhunter utility to see if you have a rootkit on your system. Besides the odd mouse behavior is there any other reason that you think you've been hacked?

http://slackbuilds.org/repository/14...earch=rkhunter
 
Old 12-10-2015, 01:37 PM   #4
Mark Pettit
Member
 
Registered: Dec 2008
Location: Cape Town, South Africa
Distribution: Slackware 15.0
Posts: 617

Rep: Reputation: 297Reputation: 297Reputation: 297
Is it a Microsoft mouse ?


:-) :-)
 
1 members found this post helpful.
Old 12-10-2015, 08:57 PM   #5
STDOUBT
Member
 
Registered: May 2010
Location: Stumptown
Distribution: Slackware64
Posts: 583

Rep: Reputation: 242Reputation: 242Reputation: 242
Not too long ago I was assisting an acquaintance with his Linux Mint laptop. Every so often the mouse cursor would move a bit. this persisted a while until I asked him if his wireless mouse was in his pocket and if so, was it "on".
It was, and I called him a dink.

...Sometimes my pointer moves "by itself" too, especially if I hold my thinkpad's mouse nipple in one direction for too long.

Greenfly, I suggest you rule out things like cat hair and dust under your mouse. But installing a firewall and, like hitest suggests, rkhunter is always good advice.
 
Old 12-10-2015, 09:20 PM   #6
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,272
Blog Entries: 28

Rep: Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124
Are you getting this behavior on any other websites and what are the noscript settings for this one?
 
Old 12-10-2015, 11:59 PM   #7
GreenFireFly
Member
 
Registered: Jul 2013
Posts: 218

Original Poster
Rep: Reputation: Disabled
Exclamation

Hello Everyone,

@Mark Pettit - My mouse is a generic brand.

@STDOUBT - Well my mouse is wired optical mouse.

@frankbell - When i was on yahoo noscript i have allow yahoo.com and yimg.com.

@hitest - Thanks,I'll to do scan see it finds anything.

Btw: This what my netstat -ano showed just after that incident.

tcp 0 0 192.168.1.130:45774 206.190.56.190:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:58913 104.76.110.228:443 ESTABLISHED keepalive (0.76/0/0)
tcp 0 0 192.168.1.130:51752 72.30.2.106:443 ESTABLISHED keepalive (2.10/0/0)
tcp 0 0 192.168.1.130:35674 98.139.180.149:443 TIME_WAIT timewait (44.04/0/0)
tcp 0 0 192.168.1.130:41338 72.30.202.247:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:56733 207.244.77.134:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:41521 206.190.57.61:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:58203 72.21.91.187:443 ESTABLISHED keepalive (2.33/0/0)
tcp 0 0 192.168.1.130:60352 45.79.133.136:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:45976 98.139.21.45:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:45683 206.190.56.190:443 ESTABLISHED off (0.00/0/0)
tcp 0 0 192.168.1.130:36846 52.84.27.193:80 TIME_WAIT timewait (28.17/0/0)

And This is my iptables rules.

Chain INPUT (policy DROP 56 packets, 6876 bytes)
pkts bytes target prot opt in out source destination
12238 15M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
83 4996 ACCEPT all -- lo any loopback/8 loopback/8

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
8588 785K ACCEPT all -- any any anywhere anywhere state NEW,RELATED,ESTABLISHED

Last edited by GreenFireFly; 12-11-2015 at 12:04 AM.
 
Old 12-11-2015, 04:54 AM   #8
ReaperX7
LQ Guru
 
Registered: Jul 2011
Location: California
Distribution: Slackware64-15.0 Multilib
Posts: 6,554
Blog Entries: 15

Rep: Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097Reputation: 2097
Yeah that's dinking and it can happen with a lot of mice. Mainly it affects Bluetooth, RF, and other wireless mice, but I have seen it affect Laser and Optical mice as well as Roller/Ball mice as well, but more rarely. Usually it's from the mouse driver trying to settle into a spot from a previous movement.

Unless you're running an SSH, VNC, or RDP, then it's just the mouse dinking.
 
Old 12-11-2015, 09:52 AM   #9
mralk3
Slackware Contributor
 
Registered: May 2015
Distribution: Slackware
Posts: 1,900

Rep: Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050Reputation: 1050
I assume your system is patched and that you have an effective firewall. If you need a firewall script, I have a very basic one here.

This to me seems like less of a security question and more an issue with paranoia due to being uninformed about how hackers work.

Hackers do not notify their targets before, during, or after a hack. That would defeat the purpose of hacking a system in the first place. It would be a waste of time to execute a hack only to tell the target to clean up the system, or even take that system offline. Hackers do not hack systems of little to no value. So unless you have some super secret data, you work for a company that has valuable data stored on your desktop at home, or you like to keep your financial or tax records in clear text, you are just being paranoid. Also, just so you know, the mouse moving around on your screen is not a symptom of being hacked.


Sure, being the latest addition to a botnet is a scary thing. This usually only happens to systems that are not using a firewall, not patched, and those systems that the end-user is running as administrator or root. Think, low hanging fruit.

If you are really that paranoid about being hacked then there are some easy things to do to check for rootkits. These are the basic commands that will allow you to identify rootkits on your system.
  • lsof - list all open files or processes by a user id
  • netstat - list all open network connections
  • tcpdump - track network activity on suspect ports
  • rkhunter - check for rootkits
  • chkrootkit - check for rootkits

If you are still paranoid after this, use tripwire. It is a host based intrusion detection system that should only be installed onto freshly installed systems. It will guarantee file integrity on your system if you keep the tripwire database up to date. You will be notified by tripwire every time a file has been modified on your system. Not great for home desktops, since files change all the time. Tripwire is better for servers. A fresh installation increases file integrity.

If you are still paranoid after that installing snort.... Use a network intrusion detection system. Install snort on your network gateway, or set up DHCP/DNS on a separate machine that forwards traffic to your gateway. Install snort on this machine and you will be notified by email of any network intrusions. Of course, you have to learn to install and configure snort first.

A browser hack can be averted by using these add ons:
  • Noscript
  • AdBlock - ad servers can be hacked too..
  • HTTPS-Everywhere
  • Ghostery
  • Disconnect
  • Keep browser updated!

Finally, trust in our benevolent dictator and the Slackware development team. These people have the experience and are all knowing. Let them ease your paranoia by releasing security updates when they deem it necessary. After all, these guys have been doing this for decades without error.

EDIT: for typos.

Last edited by mralk3; 12-11-2015 at 09:55 AM.
 
4 members found this post helpful.
Old 12-11-2015, 11:29 AM   #10
hitest
Guru
 
Registered: Mar 2004
Location: Canada
Distribution: Void, Slackware
Posts: 7,341

Rep: Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744Reputation: 3744
Quote:
Originally Posted by mralk3 View Post
Hackers do not notify their targets before, during, or after a hack. That would defeat the purpose of hacking a system in the first place. It would be a waste of time to execute a hack only to tell the target to clean up the system, or even take that system offline. Hackers do not hack systems of little to no value. So unless you have some super secret data, you work for a company that has valuable data stored on your desktop at home, or you like to keep your financial or tax records in clear text, you are just being paranoid. Also, just so you know, the mouse moving around on your screen is not a symptom of being hacked.
For the most part that is true, but, not always. When I started out with Linux (2002) I put a web server on-line; at the time I didn't know a lot about security. It was an old, beige box that was serving nothing of value(a proof of concept just to see if I could do it).
The box got owned. He changed my root password and let me know that he was in control. Some hackers will own you just to f*#@ with you. Good advice in your post.
 
Old 12-11-2015, 12:09 PM   #11
zk1234
4MLinux Maintainer
 
Registered: Oct 2010
Location: Poland
Distribution: 4MLinux, Slackware
Posts: 1,253

Rep: Reputation: 220Reputation: 220Reputation: 220
So many sophisticated theoretical considerations in this thread. The base of science is experiment. Just replace your mouse with a new one and check if the problem still exists.

You can also ask a friend to try your mouse on his/her computer.

Last edited by zk1234; 12-11-2015 at 12:23 PM.
 
1 members found this post helpful.
Old 12-11-2015, 12:52 PM   #12
chemfire
Member
 
Registered: Sep 2012
Posts: 414

Rep: Reputation: Disabled
Swap the mouse first. If this is a desktop also check the power supply. I know this sounds crazy by a mouse moving all by its lonesome is often the first sign you don't have stable power.
 
Old 12-12-2015, 04:09 PM   #13
coralfang
Member
 
Registered: Nov 2010
Location: Bristol, UK
Distribution: Slackware, FreeBSD
Posts: 836
Blog Entries: 3

Rep: Reputation: 297Reputation: 297Reputation: 297
I have had 2 optical mouse, which at times would move by themselves. It was most noticable in first person shooters when you were suddenly looking at the sky. I ended up throwing it out because it was impossible to play games or do any accurate thing on the pixel level, such as drawing a straight line in GIMP. I remember the first time it happened and immediately though the possibility of having a RAT on linux. But soon noticed that when i was testing various live CD's, the self movement continued to happen while not even connected to the network.

Dust/particles on the optical sensor is the first thing to check.
Then the surface your mouse is on. If you are moving the mouse over a multicoloured/shaped graphic on a mousepad, this may cause inaccurate movement, so maybe try a plain black mousemat.

I would probably put it down to the accuracy of the optical sensor itself. The cheaper ones tend to all have this self moving behaviour at times.

But that's to say the movement is sudden / jumpy like. Of course, if your mouse smoothly moves over your applications menu, scrolls to a category and selects a program before browsing through your files... you may want to yank the network cable in this case lol.

Last edited by coralfang; 12-12-2015 at 04:11 PM.
 
Old 12-12-2015, 04:43 PM   #14
speck
Member
 
Registered: Nov 2001
Location: US
Distribution: Slackware 14.2
Posts: 375

Rep: Reputation: 115Reputation: 115
I have a wired USB optical mouse that will disconnect/connect multiple times, usually resulting in a movement that makes the screensaver login screen appear. You can check /var/log/messages right after it occurs to see if it reports anything (it did in my case).
 
Old 12-13-2015, 07:30 AM   #15
GreenFireFly
Member
 
Registered: Jul 2013
Posts: 218

Original Poster
Rep: Reputation: Disabled
Hello Everyone,

Ok thanks everyone for your input. I will take it to heart.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Hardening, auditing, host security and network security on Slackware systems mralk3 Slackware 11 08-11-2015 03:53 PM
Slackware security question melinda_sayang Slackware 2 07-24-2004 07:42 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration