someone eavesdropping on me?

hongman · 02-21-2005, 03:31 PM

Hello

I was just typing a post and then a box came up saying it could not grab my mouse, someone may be eavesdropping on me. Then another came up about the keyboard.

The mouse + keyboard still worked but everything stopped responding.

I did Ctrl-Alt-Backspace to bring me back to the login and its been fine since...

Whats happening? I dont have a firewall on here I was under the impression that IPtables was installed by default. Plus this is going thru the internet thru my XP box, which has a firewall.

Help?! I'm not being hacked am I?

Hong

hamish · 02-21-2005, 03:42 PM

Hey
Iptables may be installed by default, but you have to set the rules (ie "computer let me access this port") yourself.

I can't comment on the hacking bit, but I'm sure someone will help you out. In the meantime, I strongly suggest looking to setting up a proper firewall on your server. Your won't need anything difficult.

hamish

hongman · 02-21-2005, 03:59 PM

Quote:

Iptables may be installed by default, but you have to set the rules (ie "computer let me access this port") yourself.

OK...can someone help me/elaborate on this please...

Quote:

I can't comment on the hacking bit, but I'm sure someone will help you out. In the meantime, I strongly suggest looking to setting up a proper firewall on your server. Your won't need anything difficult.

Any reco's?

hamish · 02-21-2005, 04:20 PM

Regarding firewall, I assume that your computer isn't serving anything to the Internet (ie, you don't run a webserver or anything).

Therefore, you basically just want to allow all request OUT of your box, but not allow any into your box.

If you have iptables installed, you should be able to start it by running:
# /etc/init.d/iptables start

Assuming that your disribution has installed the correct iptables as modules, then these will be loaded. Most distros do have iptables in the kernel by default. If not, you will have to recompile the kernel.

Assuming that you do get iptables started, then you should download this code, and paste it into a file called firewall-script.sh

Code:

#!/bin/sh
#The first line is just a regular header for a script.

#I now assume that your network interface is named as eth0.
#Change the following line to match your configuration.
EXT=eth0

#Next,  clean everything, so old firewall confgurations don't get on the way:
iptables --flush
iptables --table nat --flush
#Without arguments, the --delete-chain deletes all the additional chains.
iptables --delete-chain

#Disallows everything not explicitly allowed:
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT DROP

#We want to allow ourself to send anything (this reverts the previous OUTPUT policy)
iptables --policy OUTPUT ACCEPT

#Allow the machine to connect to itself:
iptables --append INPUT --in-interface lo --jump ACCEPT

#Recieve anything from others in case you have first initiated a connection (eg. get a web page when you ask for one):
# Get ping replies from others:
iptables --append INPUT --in-interface $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Recieve ping requests from others:
iptables --append INPUT --in-interface $EXT -p icmp --icmp-type echo-request -j ACCEPT

####### PORT SPECIFIC REQUESTS #######

# ssh this is a service which you will probably be running, and it is a good idea to let yourself SSH into your computer.
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 22 -j ACCEPT

this script assumes that your NIC is eth0.

now, do:
# chmod +x firewall-script.sh
# sh firewall-script.sh

this will load the rules into the firewall.

do:
# iptables -nvL
and you should see something like:

Code:

hamish@pi hamish $ sudo /sbin/iptables -nvL
Chain INPUT (policy DROP 56450 packets, 4800K bytes)
 pkts bytes target     prot opt in     out     source               destination
2223K  338M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
  16M   17G ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 8
  392 22012 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22

Now, assuming you can still do everything you want to do, save those rules to the computer.
# iptables-save

Hope this helps. Basically, it sets out what to do once you have iptables running. Some other members will no doubt be able to help you some more.

hamish

shengchieh · 02-21-2005, 04:37 PM

A bunch of firewalls in

http://www.websamba.com/Linux_Docs_Links
-> Softwares
-> firewll

Firestarter seems to be a commom one.

Sheng-Chieh

cs-cam · 02-21-2005, 04:44 PM

I don't know for sure but I read somewhere that all the linux firewalls like Firestarter and Guarddog are simply GUI front ends for iptables.

brainiac · 02-21-2005, 06:50 PM

I have used Firestarter on my Fedora machine and it is an easy setup for iptables. It also works well.

hongman · 02-22-2005, 02:56 AM

Brilliant, thanks for the replies.

So Guarddog and Firestarter are gui's for iptables...interesting...

Do I have to manually start iptables each time I log on? If so, how would I do that?

And yes, for now just allowing all outgoing is fine. But I will want to use it to serve in the near future as a webserver and ftp...will this be sufficient?

I found one called Smoothwall Express - any opinions on that?

I'll do more when I gt in from work.

Thanks

Hong

hamish · 02-22-2005, 04:22 AM

I assume you have a distro installed on your linux machine, and that you are not just using Knoppix LiveCD.

If you have a distro installed, then you can tell iptables to start on boot. And it will use the rules which you saved, using iptables-save.

Smoothwall might be a distribution in itself. As it, a small distro which you install on a dedicated server for routing.

If you want to allow sharing on FTP and websites, add these two lines to the firewall script:

Code:

# http
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 80 -j ACCEPT
# ftp
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 21 -j ACCEPT

hamish

hongman · 02-22-2005, 11:35 AM

Hi all, in from work now.

Ok, so I am going to try and create this script called fire-script.sh...but where do I create it? Do i just paste that into Kedit and save as firewall-script.sh?

Thanks

Hong

hongman · 02-22-2005, 11:36 AM

Oh, and yes this is a full HDD install, NOT a LiveCD install.

TigerOC · 02-22-2005, 02:49 PM

You need to do the following;

Copy the above to an editor and save it in /etc/init.d as rc.firewall. To make it executable cd to /etc/init.d and do as root in a console chmod +x rc.firewall. Now you need to get it to start automatically at boot time so do the following;
ln -s rc.firewall /etc/rc2.d/S89firewall
ln -s rc.firewall /etc/rc3.d/S89firewall
ln -s rc.firewall /etc/rc4.d/S89firewall
ln -s rc.firewall /etc/rc5.d/S89firewall

A tip here to make this quicker than typing the whole thing each time; when you have done the first one, up-arrow and the line will appear again so just use the left arrow to go back to rc2.d and change it to 3 then go to the end of the line and press return and so on.

fakie_flip · 09-17-2005, 02:29 PM

I had the same pop up in Ubuntu 5.04 about could not grab mouse and eavesdropping. I did not see any problems. Nothing locked up. I was trying to open Synaptic. Synaptic still works. Untill recently I could not login anymore. I used Knoppix as a recovery disk to get all my impoortant files backed up and installed FreeBSD.

AwesomeMachine · 09-17-2005, 11:29 PM

Get a cheap machine, like a Celeron 650 MHz. Put in two network cards. Make sure it has a CD drive. Go online and download the .iso for Smoothwall. Burn it to a CD. Hook up a monitor and keyboard to the Celeron. Boot from the Smoothwall CD you made. Install Smoothwall. After you get done, shut down Smoothwall. Hook up internet to the red interface, and your PC to the green interface. Then, boot Smoothwall. Boot your PC. Now you have a packet dropping firewall with a network address translator. This is not to be confused with a packet filtering firewall, which comes with most linux distros. A port scan can learn a lot about a machine with a packet filtering firewall. A packet dropping firewall looks like an unused IP to a port scanner. Unless someone knows your IP, and knows you have Smoothwall, it is impenetrable. it works flawlessly for years on end. I have never had it fail, or need rebooting. It makes you completely invisible. I tried the famous network security hacker, Saint, on it. I tried every test to hack that firewall. Everything timed out, with no result. Saint thought it was a dead connection. Saint is the most sophisticated network penetration tool available. It comes with SuSE linux. It is great for testing security. Don't use it for anything illegal. Saint is like jail bait. You can really, seriously get into trouble for scanning other people's systems. Scan your own, though.

fakie_flip · 09-18-2005, 02:34 PM

Quote:

Originally posted by TigerOC
You need to do the following;

Copy the above to an editor and save it in /etc/init.d as rc.firewall. To make it executable cd to /etc/init.d and do as root in a console chmod +x rc.firewall. Now you need to get it to start automatically at boot time so do the following;
ln -s rc.firewall /etc/rc2.d/S89firewall
ln -s rc.firewall /etc/rc3.d/S89firewall
ln -s rc.firewall /etc/rc4.d/S89firewall
ln -s rc.firewall /etc/rc5.d/S89firewall

A tip here to make this quicker than typing the whole thing each time; when you have done the first one, up-arrow and the line will appear again so just use the left arrow to go back to rc2.d and change it to 3 then go to the end of the line and press return and so on.

A better way to do that is to program a for loop, while loop, or do while loop.