Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
had a bit of a scare tonight playing around at the very newbie level with my wireless. I had never taken time to make wireless work on my old distro because I didnt feel I knew enough about it, but now with a new distro I carelessly thought it was time to play with the wireless.
From my old experience I thought that I would have to compile some driver from source to make this work and was looking around at different posts on the subject on the web. I switched the wireless toggle on front of my computer on and played around trying different things. I don't rememeber it all, but I did do
Code:
modprope ath5k
and at some point
Code:
iwconfig wlan0 up
Afterwards I did
Code:
iwconfig
which gave output similar to
Code:
lo no wireless extensions.
eth0 no wireless extensions.
wmaster0 no wireless extensions.
wlan0 IEEE xxxxxxxx ESSID:""
Mode:Managed Frequency:xxxxxx GHz Access Point: Not-Associated
Tx-Power=20 dBm
Retry min limit:7 RTS thr:off Fragment thr=2352 B
Power Management:off
Link Quality:0 Signal level:0 Noise level:0
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0
I noted the "no wireless extension" and thought I wasnt connected and started reading some posts on my particular card, maybe I did some more (stupid things), less than 5 minutes later I again did
Code:
iwconfig
And lo and behold, now the line wich earlier was
Code:
wlan0 IEEE xxxxxxxx ESSID:""
read
Code:
wlan0 IEEE xxxxxxxx ESSID:"LOLZ NO PW PWNED!!"
with the exception that the nice little greeting had yet a derogatory word, but in my native language
I pulled my cable and started worrying !
So my questions are:
Could someone briefly give me the overall picture of what happened ?
I have internet connection through a local LAN I think its called. I connect on an intra net and enter a pw to get net-access.
Why did I "broadcast" myself, all I wanted to do was using the local open network in the building. I want to connect but not open for incoming stuff.
What sources online or books would be good to get a basic at first understanding of everything related to these issues and later a solid understanding ?
If this person hadn't changed the ESSID I would likely never have known that I had somehow blundered. Are there some log files that can reveal if this happens and which can show me if it has happened before and if something bad has been done usingmy connection ?
Lastly, what is the sure way to check that everything wireless is shut off ?
Sorry for all the questions, I know I have a lot of reading to do before I consider getting wireless working properly again. A very humbling experience that motivates me study this network stuff
Actually, when you got a wireless router (I assume you did) there should have been documentation (perhaps on disk) addressing the security settings. The FIRST thing you do with a wireless device router should be to configure security on the device (admin password). The second should be to lock down the wireless to one of the better encryption standards with a passphrase or key, and a non-default SSID.
Before you turn on a wireless client, you get that information in front of you (or at the front of your mind at least) that you used to set up the router, and configure the wireless client security early - so that it connects ONLY to your secured router (using that passphrase or key).
That said, you should be able to google for some how-to pages that run through the step-by-step of the client side. The router side is somewhat vendor and model specific.
There is, somewhere in your neighborhood, a worm. That is a shame, but not YOUR shame. You did nothing wrong, the worm did.
Still: Please do not feed the worm again: if encouraged they tend to reproduce.
There is, somewhere in your neighborhood, a worm. That is a shame, but not YOUR shame. You did nothing wrong, the worm did.
Still: Please do not feed the worm again: if encouraged they tend to reproduce.
Given the evidence presented so far, the idea that this is a worm, or any other sort of malware, is HIGHLY speculative at best.
Quote:
Originally Posted by Axel Meyer
Why did I "broadcast" myself, all I wanted to do was using the local open network in the building. I want to connect but not open for incoming stuff.
I'm assuming this means that you tried to connect to a an open access point that you don't control. That brings up a couple of questions. First, is this an access point you have permission to connect to? Second, did you actually manage to connect to it?
What you're seeing in the iwconfig output is the SSID broadcast of a wireless access point, which the owner of the access point can change at any time. If you didn't have permission to connect to the AP, it is possible you got noticed and the owner changed the SSID to see if they could scare you.
Now that said, take a look at a few things and see if anything has really happened. Connecting to an AP requires root privileges, so look in /root/.bash_history and see if there is anything there that looks suspicious and that you don't remember doing. Then go look at your log files (usually in /var/log) and do the same thing. You're looking for events that you don't recognize. Feel free to post things that you don't understand.
Lastly, it will be helpful to know a few things like the distro you're using and any network exposed services like ssh or http.
Hangdog42:
No, not that kind of worm. The two-legged kind.
Nice signature on that post! ;-)
Axel:
If you have no router and are connecting to one that does not require any security (passphrase, certificate, etc) then you are connecting to an unsecured and risky wireless network. If you have a software firewall and intrusion detection, that may not be a bad thing: as long as you know to expect trouble and are ready to deal with it. Otherwise I would avoid connecting to it, and consider if it is worth the risk.
I read back over your post again. There is clear evidence that the router was not protected, and that someone was able to get into the router configuration and change it. This is bad. There is no clear evidence that anyone even tried to get into your computer. While it is certainly possible, we KNOW that for part of that time they were involved in breaking into the router, not your PC.
Axle asked how to be sure that his wireless is NOT active. He also for asked book or references that would help him deal with this when he wants/needs to access the network again.
Has anyone additional suggestions that address these questions?
I read back over your post again. There is clear evidence that the router was not protected, and that someone was able to get into the router configuration and change it.
Unless I'm really spacing on something, no there isn't. In his second post, Axel stated that he doesn't have a router, which was in response to your question about a wireless router. At least to me, that suggests that the router being seen in the iwconfig output isn't under his control, but rather belongs to someone else. We actually need Axel to clarify this, and add some more info about what he was doing if we're going to help him. I also suspect a fair bit of misunderstanding of how wireless works, but again, without some more input, it is just speculation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.