Probably referring to a HPA (Host Protected Area) on ATA disks. Can be detected using disk_stat which is part of TSK (The Sleath Kit). Can be temporarily accessed for imaging purposes using disk_sreset. Both utilities are on the Helix CD.

Thank you Unspawn.

Due to e2fsck errors on booting laptop, and experiencing weird results when looking for and saving files I decided to do a DoD long no read format of hard drive using Dariks Boot and Nuke. Got on to internet only to be hacked almost immediately by a yo-main.net wireshark hack. When I did connect also the speeds were still dialup ~6Kb/s. Contacted new ISP, after experiencing similar problems with the former one, and being told problem was 'network congestion'. Told by new ISP 'network interference in your area, engineers looking into it, don't know when it will be fixed'. 'You are one of the lucky ones, most people can't even connect!! Back to the public library network which was only down for one day.

I will read your comments and restore dd backup of hard drive. I obviously need to raise the bar with security. But can't help feeling there is something seriously wrong here, that ISP's are not divulging. Apologise for delay in responding, didn't book public library as I thought I could get things going from home. Please understand if there are delays, it is not me being rude.

Thank you once again, and best wishes.

Dear Unspawn

My apologies for not getting back sooner, but was tempted to use my laptop on internet, but appear to be getting hacked quickly by someone using ssh. I removed it from my programs but keep getting a /~ .ssh directory being setup in users directory as soon as I connect, using wireshark to detect connections, after I noticed a wireshark connection on my firewall screen. I added offending IP to hosts.deny and it disappeared from firewall screen and I was connecting to my ISP.

Also when I cd /var/log
ls -la
I found several empty files and a user 'admin', at which point my laptop appeared to be doing a self destruct and my USB ports stopped working, my keyboard would print 3 of every character and my USB sticks were wiped and my DVDRW burner has not recovered. At this point I decided to DoD it. Hence unable to save anything to send to you.

A DoD short version format of hard drive not surprisingly removed it from my directory.
And when I did a skdet -c -s it detected no open ports this time, whereas previously if I just reinstalled Lenny which formats the drive, skdet would detect open ports.

Back to the library system.

I will try to read through your reply as soon as possible. I am beginning to realise how naive I am regarding security, and will really have to ramp it up. Thank you for taking the effort to analyse the logs etc I sent you. I still have a dd save of hacked hard drive on an external hdd and may be able to restore it if needed. I do not expect you to do any further work, but will try to answer your questions. Once again thank you and best wishes.

My apologies for not getting back sooner Unspawn. New network provider has offered an opt out with no penalties. Had been getting a reaonable wireless service but a bit unreliable, then frequent disconnections, now no service at all! Other users in Qld have similar problems (www.whirlpool.net.au).

Now at library, looking for cable plans. The library now is trialling bing which is a nuisance.

BTW, earthquake in Melbourne, bushfires and red dust storms in the cities as well as earthquakes and tsunamis in the area - Indonesia, Tonga and Samoa are probably disrupting things as well.

Sorry - one question, when you install selinux in Debian Lenny, should you get a file in /tmp/tsr*. Opening it you get a list of programs- apache, telnet,ftp,rlogin,webalizer and others. Is this suppose to happen?

This led me to take the CMOS battery, flat pack battery, RAM, disconnect power and reinstall, this actually helped enormously with problems with USB devices, performance, battery problems.

Apologies once again, best wishes and will get back ASAP. I do appreciate the help.

NP. Just update when you actually can report back results or questions.