LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-02-2015, 05:56 PM   #1
mazinoz
Member
 
Registered: Mar 2003
Location: Mansfield Queensland Australia
Distribution: Linux Mint - Tara
Posts: 497

Rep: Reputation: 35
Angry


I'm experiencing difficulties connecting to internet - not resolving pages. When I first connect I'm fine then I can't resolv any website. Also ACPI issues, battery not charging whereas on a wiped disk[dd if=/dev/zero of/dev/sda] and clean install this problem disappears. This last time I used hdparm etc to wipe drive and the battery problem did not disaappear.

I don't know how to provide evidence for this but on previous installation when disconnected from internet, but with wifi on, someone tried to mount the external backup drive I was using but failed as it is simply an extended drive with no /boot etc. I saw a terminal?? flash on screen and disappear. They were trying to copy games to the drive eg: World of warcraft.

I also saw dnsmasq listening on one of ports in gufw firewall yesterday. I'm having problems d/l security programs using synaptic and setting them up before experiencing issues eg: port sentry.

I will try to upload a complete tar of backup to dropbox if it helps.

Yesterday rkhunter found the following:

Warning: The following processes are using deleted files:

Process: /sbin/init PID: 1 File:/var/log/upstart/mountall.log.1

Process: /usr/sbin/cups-browsed PID: 1740 File /etc/passwd

Process: /usr/bin/caja PID 2446 File: /home/p359nt..../.local/share/gvfs-metadata/home

I'd appreciate input. My impression is someone is trying to setup a Man in the Middle attack hence can't resolve DNS. I still have the installation on my laptop
for forensic purposes. I'm using an Android tablet at the moment which apart from the FREAK incident does not appear to have issues.

Any advice appreciated. The hacking is non-stop and vindictive. I've had my Amazon account hacked but not my bank account. Zeroed drives hacked within hours.

I'm willing to try to use laptop and see what develops, saving backups of activity if it helps.

I honestly have no idea what is going on. But I am now using the same laptop with no issues, DNS resolves ok. Firewall seems ok. However, I did find under the Network Connection icon / VPN connections / Configure VPN connections that there was a recently used [~5mins ago] Wired Connection setup as well as the wireless one. I deleted the wired one. I only setup the wireless one.

Maybe I'm just a bit jumpy about security. So mark this 'SOLVED' though I have no idea why it appears to be the case.

Last edited by unSpawn; 04-03-2015 at 08:10 PM. Reason: //Merged posts to retain 0-reply state
 
Old 04-03-2015, 08:31 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,393
Blog Entries: 55

Rep: Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565Reputation: 3565
Quote:
Originally Posted by mazinoz View Post
Maybe I'm just a bit jumpy about security.
Yes you are.

As I have been aware of your situation for the approximately past ten years I can safely say you know just enough to be dangerous (in your case only to yourself ;-p). What you should do - and I've said that before - is ditch stuff like Kali or Port Sentry (these aren't the tools you should choose to use), run a common Linux distribution and have fun. Most of the transient problems you seem to have experienced can most likely be attributed to hardware, configuration or temporary network or service outage conditions.

Last edited by unSpawn; 04-08-2015 at 07:33 PM. Reason: //I R can haz typo
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: /var/log/clamav/freshclam.log is locked by another process cccc Linux - General 3 09-23-2014 03:38 AM
[SOLVED] No /var/log/messages , syslog , kern.log -but cat /var/spool/octopussy/octo_fifo masuch Linux - Newbie 4 06-13-2012 09:05 PM
[SOLVED] Won't boot: /etc/rc.d/init.d/rc: line 193: /var/log/boot.log: Read-only file system liquidkaleidoscopes Linux From Scratch 6 11-11-2011 09:53 PM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 05:13 PM
var/log/messages - automount[30198]: >> /usr/sbin/showmount: can't get address nzcarrick Linux - General 0 04-19-2006 06:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration