Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 08-25-2009, 09:51 AM   #16
Registered: Jan 2009
Location: /dev/ph
Distribution: Fedora, Ubuntu, Redhat, Centos
Posts: 299

Rep: Reputation: 62

Anyone know what program he is referring to and what Helix CD it is on?
Probably referring to a HPA (Host Protected Area) on ATA disks. Can be detected using disk_stat which is part of TSK (The Sleath Kit). Can be temporarily accessed for imaging purposes using disk_sreset. Both utilities are on the Helix CD.
Old 08-27-2009, 06:44 PM   #17
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Original Poster
Rep: Reputation: 35
Thank you Unspawn.

Due to e2fsck errors on booting laptop, and experiencing weird results when looking for and saving files I decided to do a DoD long no read format of hard drive using Dariks Boot and Nuke. Got on to internet only to be hacked almost immediately by a wireshark hack. When I did connect also the speeds were still dialup ~6Kb/s. Contacted new ISP, after experiencing similar problems with the former one, and being told problem was 'network congestion'. Told by new ISP 'network interference in your area, engineers looking into it, don't know when it will be fixed'. 'You are one of the lucky ones, most people can't even connect!! Back to the public library network which was only down for one day.

I will read your comments and restore dd backup of hard drive. I obviously need to raise the bar with security. But can't help feeling there is something seriously wrong here, that ISP's are not divulging. Apologise for delay in responding, didn't book public library as I thought I could get things going from home. Please understand if there are delays, it is not me being rude.

Thank you once again, and best wishes.
Old 09-09-2009, 07:10 PM   #18
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Original Poster
Rep: Reputation: 35
Dear Unspawn

My apologies for not getting back sooner, but was tempted to use my laptop on internet, but appear to be getting hacked quickly by someone using ssh. I removed it from my programs but keep getting a /~ .ssh directory being setup in users directory as soon as I connect, using wireshark to detect connections, after I noticed a wireshark connection on my firewall screen. I added offending IP to hosts.deny and it disappeared from firewall screen and I was connecting to my ISP.

Also when I cd /var/log
ls -la
I found several empty files and a user 'admin', at which point my laptop appeared to be doing a self destruct and my USB ports stopped working, my keyboard would print 3 of every character and my USB sticks were wiped and my DVDRW burner has not recovered. At this point I decided to DoD it. Hence unable to save anything to send to you.

A DoD short version format of hard drive not surprisingly removed it from my directory.
And when I did a skdet -c -s it detected no open ports this time, whereas previously if I just reinstalled Lenny which formats the drive, skdet would detect open ports.

Back to the library system.

I will try to read through your reply as soon as possible. I am beginning to realise how naive I am regarding security, and will really have to ramp it up. Thank you for taking the effort to analyse the logs etc I sent you. I still have a dd save of hacked hard drive on an external hdd and may be able to restore it if needed. I do not expect you to do any further work, but will try to answer your questions. Once again thank you and best wishes.
Old 10-06-2009, 06:52 PM   #19
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Original Poster
Rep: Reputation: 35
My apologies for not getting back sooner Unspawn. New network provider has offered an opt out with no penalties. Had been getting a reaonable wireless service but a bit unreliable, then frequent disconnections, now no service at all! Other users in Qld have similar problems (

Now at library, looking for cable plans. The library now is trialling bing which is a nuisance.

BTW, earthquake in Melbourne, bushfires and red dust storms in the cities as well as earthquakes and tsunamis in the area - Indonesia, Tonga and Samoa are probably disrupting things as well.

Sorry - one question, when you install selinux in Debian Lenny, should you get a file in /tmp/tsr*. Opening it you get a list of programs- apache, telnet,ftp,rlogin,webalizer and others. Is this suppose to happen?

This led me to take the CMOS battery, flat pack battery, RAM, disconnect power and reinstall, this actually helped enormously with problems with USB devices, performance, battery problems.

Apologies once again, best wishes and will get back ASAP. I do appreciate the help.
Old 10-07-2009, 10:39 AM   #20
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599Reputation: 3599
NP. Just update when you actually can report back results or questions.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Repair Hard Drive Sectors raylhm Linux - Hardware 7 02-05-2008 09:33 AM
Bad sectors in hard drive Johnnio Linux - Hardware 5 07-31-2007 03:38 PM
Possible hacking; wiped - now hard drive space missing? - hidden files? trekk Linux - Security 9 11-10-2006 10:17 AM
Hidden hard drive Thulemanden Linux - Hardware 9 02-14-2006 10:01 PM
How to I check a Linux formated hard drive for bad sectors NewtoLinuxWorld Linux - Hardware 1 02-27-2004 03:46 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:27 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration