LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Novice needing help (https://www.linuxquestions.org/questions/linux-security-4/novice-needing-help-4175627482/)

Danwilliams1989 04-11-2018 07:45 PM
Novice needing help
 
Hi.

Not greatly familiar with linux.
My home network has been breached.
Have tried all the basics changing my password etc.
Have a router supplied by isp called bt smart hub 6.
Attackers used to be my neighbours and think they cracked in and used a man in the middle attack and now everything is screwed.

Port scanning over my router shows net bios port 137 open constantly as well as port 445 showing up as microsoft-ds.

Seems there has been a samba set up on it.

They've recently moved but these people have got something the matter with them because I'm still having random mac addresses crop up on logs. Also they have seemed to have configured every device I've connected to some how tunnel my ip back to them. Even if I'm on mobile data on my phone or at someone else house with Wi-Fi.

Have had open ports related to pptp tmux telnet ssh. Open on my external ip. Also they are using cloud based services such as aws google cloud.

I'm fine apache everywhere on my devices would like some advice if someone knows what that is exactly.

I think they've done a mitm attack once doing this they have then configured each device to strip down ssl and then somehow get my session cookies and be able to snoop on what I'm doing.

My Windows laptop has just been toasted. I'm just wondering whether anyone has any good ideas for a honey trap I can get or a way to catch them. They are constantly using uninstalling apps on my phone adding lib files and reverse engineering and reinstalling.

Just wonder if I can catch them in the act.

Or if someone can suggest a way I can prove this is happening without a doubt. As police and isp are waiting for the indisputable proof would also like to know how I'm supposed to stop them remotely getting into my router. And remotely getting into my phone when I'm using mobile data

frankbell 04-11-2018 08:21 PM
A few thoughts:

Do you have your firewall configured and running? If not, configure it. (Linux firewall capability is built-in; it's called iptables. Linux "firewall applications" are generally utilities to make configuring iptables easier.)

Install fail2ban; it's in the repos.

If you have not done so, change your router password from the default, then close any public-facing ports in the router that you do not actively need; consult your router manufacturer's documentation for how to do this. (You should do this in any case, regardless of the OS you are running on your computer.)

A web search for hardening linux will turn up a number of useful articles.

snowman81 04-13-2018 09:12 AM
You've used a lot of terms but I'm curious what evidence you have that any of them are true? Not to doubt you but your post doesn't make a whole lot of sense.


All times are GMT -5. The time now is 03:07 AM.