LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-03-2019, 04:30 PM   #16
mailbox96321
LQ Newbie
 
Registered: Dec 2019
Distribution: Linux TAILS
Posts: 16

Original Poster
Rep: Reputation: Disabled

... and the end of the SS command output from Terminal:

Code:
u_str  ESTAB      0      0      @/tmp/dbus-QLBG4NuV 32941                 * 0                    
u_str  ESTAB      0      0       * 48501                 * 49726                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 31793                 * 30057                
u_str  ESTAB      0      0      /run/user/1000/bus 133594                * 136503               
u_str  ESTAB      0      0      @/tmp/dbus-doLTE62G 45972                 * 45971                
u_str  ESTAB      0      0       * 52096                 * 54288                
u_str  ESTAB      0      0      /var/run/dbus/system_bus_socket 29933                 * 24527                
u_seq  ESTAB      0      0       * 97666                 * 97665                
u_str  ESTAB      0      0       * 49893                 * 49894                
u_str  ESTAB      0      0       * 48086                 * 48655                
u_str  ESTAB      0      0       * 100375                * 100376               
u_str  ESTAB      0      0      /run/user/1000/bus 50287                 * 51373                
u_str  ESTAB      0      0      @/tmp/dbus-IhKGT7DV 55185                 * 55184                
u_str  ESTAB      0      0      @/tmp/.X11-unix/X1 50363                 * 51494                
u_str  ESTAB      0      0       * 48249                 * 45988                
u_str  ESTAB      0      0       * 135522                * 135523               
u_str  ESTAB      0      0       * 47657                 * 47656                
u_str  ESTAB      0      0      /run/user/113/bus 29079                 * 29034                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 33115                 * 34290                
u_str  ESTAB      0      0       * 63274                 * 63275                
u_str  ESTAB      0      0       * 57560                 * 56989                
u_str  ESTAB      0      0       * 50369                 * 50370                
u_str  ESTAB      0      0      /run/user/1000/pulse/native 51220                 * 48708                
u_str  ESTAB      0      0       * 46976                 * 48469                
u_str  ESTAB      0      0      @/tmp/dbus-IhKGT7DV 58007                 * 58736                
u_str  ESTAB      0      0      /run/user/1000/bus 53023                 * 51022                
u_str  ESTAB      0      0      /run/user/113/pulse/native 31789                 * 30034                
u_str  ESTAB      0      0       * 26325                 * 26326                
u_str  ESTAB      0      0       * 34119                 * 34120                
u_str  ESTAB      0      0      /run/user/113/bus 29080                 * 27191                
u_str  ESTAB      0      0       * 65892                 * 67061                
u_str  ESTAB      0      0       * 134630                * 134629               
u_str  ESTAB      0      0      /run/user/1000/bus 49479                 * 48340                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 19412                 * 20045                
u_str  ESTAB      0      0       * 99612                 * 99611                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 22395                 * 22394                
u_str  ESTAB      0      0       * 20959                 * 20960                
u_str  ESTAB      0      0       * 51022                 * 53023                
u_str  ESTAB      0      0      /run/user/1000/bus 49738                 * 48009                
u_seq  ESTAB      0      0       * 98828                 * 98829                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 48079                 * 48622                
u_str  ESTAB      0      0       * 49879                 * 50304                
u_str  ESTAB      0      0      @/tmp/.X11-unix/X0 31802                 * 32846                
u_str  ESTAB      0      0      /run/user/1000/bus 60427                 * 60426                
u_str  ESTAB      0      0       * 51494                 * 50363                
u_str  ESTAB      0      0      /var/run/dbus/system_bus_socket 47438                 * 45051                
u_str  ESTAB      0      0       * 46012                 * 47659                
u_str  ESTAB      0      0       * 133892                * 133893               
u_str  ESTAB      0      0      @/tmp/.X11-unix/X1 134740                * 133855               
u_str  ESTAB      0      0       * 97909                 * 99622                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 53265                 * 50533                
u_str  ESTAB      0      0      /run/user/113/bus 34120                 * 34119                
u_str  ESTAB      0      0       * 27191                 * 29080                
u_str  ESTAB      0      0       * 23049                 * 23050                
u_str  ESTAB      0      0       * 95227                 * 95226                
u_str  ESTAB      0      0       * 65895                 * 65896                
u_str  ESTAB      0      0       * 136503                * 133594               
u_str  ESTAB      0      0       * 99555                 * 95212                
u_str  ESTAB      0      0       * 49798                 * 47056                
u_str  ESTAB      0      0      @/tmp/dbus-qrdoSMnA 30204                 * 30203                
u_str  ESTAB      0      0       * 51188                 * 51189                
u_str  ESTAB      0      0      @/tmp/dbus-gFH2Z7i3Sj 29400                 * 29399                
u_str  ESTAB      0      0      /run/systemd/journal/stdout 47433                 * 45049                
u_str  ESTAB      0      0       * 46037                 * 47711                
u_str  ESTAB      0      0       * 21836                 * 22692                
u_str  ESTAB      0      0       * 100365                * 100366               
u_str  ESTAB      0      0      /run/user/1000/bus 54444                 * 54443                
u_str  ESTAB      0      0       * 49885                 * 51392                
u_str  ESTAB      0      0       * 24533                 * 31773                
u_str  ESTAB      0      0       * 22394                 * 22395                
u_str  ESTAB      0      0       * 100378                * 100377               
u_str  ESTAB      0      0      /run/systemd/journal/stdout 65903                 * 65901                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48230                
tcp    ESTAB      0      0      127.0.0.1:48300                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48300                
tcp    ESTAB      0      0      127.0.0.1:48264                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48276                
tcp    ESTAB      0      0      127.0.0.1:48302                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48262                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48304                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48282                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48268                
tcp    ESTAB      0      0      127.0.0.1:48282                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48292                
tcp    ESTAB      0      0      127.0.0.1:48238                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48236                
tcp    ESTAB      0      0      127.0.0.1:48294                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48238                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48294                
tcp    ESTAB      0      0      127.0.0.1:9051                 127.0.0.1:36194                
tcp    ESTAB      0      0      127.0.0.1:48284                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48260                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48258                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48260                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48272                
tcp    ESTAB      0      0      127.0.0.1:48292                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48268                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48296                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48228                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48270                
tcp    ESTAB      0      0      127.0.0.1:48232                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48298                
tcp    ESTAB      0      0      127.0.0.1:48276                127.0.0.1:9150                 
tcp    ESTAB      0      0      76.188.233.37:43542                93.186.202.32:9001                 
tcp    ESTAB      0      0      127.0.0.1:48234                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48304                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48284                
tcp    ESTAB      0      0      127.0.0.1:36194                127.0.0.1:9051                 
tcp    ESTAB      0      0      127.0.0.1:48298                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48228                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48296                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48258                
tcp    ESTAB      0      0      127.0.0.1:48280                127.0.0.1:9150                 
tcp    ESTAB      0      0      76.188.233.37:37824                195.154.156.5:https                
tcp    ESTAB      0      0      127.0.0.1:48286                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48262                
tcp    ESTAB      0      0      127.0.0.1:48266                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48308                
tcp    ESTAB      0      0      127.0.0.1:48272                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48264                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48232                
tcp    ESTAB      0      0      127.0.0.1:48230                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:48270                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48286                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48234                
tcp    ESTAB      0      0      127.0.0.1:48308                127.0.0.1:9150                 
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48302                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48266                
tcp    ESTAB      0      0      127.0.0.1:9150                 127.0.0.1:48280                
tcp    ESTAB      0      0      127.0.0.1:48236                127.0.0.1:9150                 
root@amnesia:~#
Thank you.
 
Old 12-03-2019, 04:42 PM   #17
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,133

Rep: Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929
Quote:
Originally Posted by mailbox96321 View Post
Long, miserable, 2+ year story shorter than a book... I'm a writer and was paid to put together a report to be submitted to a state agency about a multi-million-dollar case of public corruption. Parties involved found out I was the one hired to be the writer on that and future whistleblowing efforts. Since then, dealing with the retaliation has been unpleasant and expensive. Recently a computer forensic specialist in my region took a look at the case and quoted me a $4,000 retainer to reverse engineer what was on my windows devices and cell phones/SIM cards, etc., to trace and prove its origin to sue for damages.

In his words, it was "professional and aggressive." If I had the $4k I wouldn't be struggling, but here I am searching for options because I'm fighting battles on several fronts (cancer, divorce, etc.) and money is an issue for me. My degrees are in management, not IT, so I'm hopeful somebody who lives and breathes this has a simple solution for me... Other than unplugging from civilization and taking up a new profession as a cave dweller carving figurines for a living.

On the advice of a Windows tech replacing yet another one of my burned up hard drives, he put a blank hard drive in my computer, told me to use a Linux live distro on a USB, and use all new cloud accounts. It worked for maybe 3-4 days and then, despite using a Linux TAILS live USB, it was reconnected to the criminal's remote Windows 7 server again. A Synaptic Package Manager appeared on my desktop, and all of these packages appeared, with permissions changing and everything going wrong again just like on Windows.

Before this, I literally never had a problem with any of my devices, other than an occasional virus that everybody else gets, and I've been using computers daily as either a financial services manager or freelance writer for 18 years. This is unlike anything else I have ever experienced.
As scasey said, why do you think you have a security breach? Because this sounds **VERY** familiar; same sorts of 'retaliation', a vague 'them' who is out to get you, who has somehow hacked SIM cards, cell phones, computers, routers, etc. And all somehow without any evidence of a breach of any sort, past vague technical terms that don't string together in a way that makes sense. Amazingly, all within the past year, all from 'newbies', all with a similar story. Last one from mid-November, this one from early December. What a coincidence.

https://www.linuxquestions.org/quest...ed-4175664440/

Again: what is your actual EVIDENCE that your Windows system/phone/SIM card/whatever was actually tampered with??? And say you have 'burned up' hard drives from some mystery hacker/virus is absolute nonsense.
 
Old 12-03-2019, 05:10 PM   #18
mailbox96321
LQ Newbie
 
Registered: Dec 2019
Distribution: Linux TAILS
Posts: 16

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by TB0ne View Post
As scasey said, why do you think you have a security breach? Because this sounds **VERY** familiar; same sorts of 'retaliation', a vague 'them' who is out to get you, who has somehow hacked SIM cards, cell phones, computers, routers, etc. And all somehow without any evidence of a breach of any sort, past vague technical terms that don't string together in a way that makes sense. Amazingly, all within the past year, all from 'newbies', all with a similar story. Last one from mid-November, this one from early December. What a coincidence.

https://www.linuxquestions.org/quest...ed-4175664440/

Again: what is your actual EVIDENCE that your Windows system/phone/SIM card/whatever was actually tampered with??? And say you have 'burned up' hard drives from some mystery hacker/virus is absolute nonsense.

Well, TB0ne, you've certainly helped me out this evening... you're showing me that I should stick to the professional computer forensics consultant in my local region and just find a way to come up with the money. He already communicated with the technicians doing the warranty work on the hard drive and the cell phone repair specialists who dealt with the phones and tablets in question. I appreciate his professionalism, knowledge, and respectful communication. Especially since I'm not a computer expert and answer in more general terms until steered toward specifics... If I don't understand what he's looking for when he asks a question, he simply asks more specific questions to get the information he needs instead of prematurely resorting to insults and accusations. Good day to you.
 
Old 12-03-2019, 05:16 PM   #19
uteck
Member
 
Registered: Oct 2003
Location: Elgin,IL,USA
Distribution: GalliumOS on Chrombook
Posts: 298

Rep: Reputation: 60
If you want to check your Linux, then you could install rkhunter (rootkit hunter).

But if you have a pro targeting you, they might be in your router so they can access all network traffic. Check if there is a firmware update. If not, see when the last one came out and if it has been some time, then get a new router.
 
Old 12-03-2019, 05:43 PM   #20
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,133

Rep: Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929
Quote:
Originally Posted by mailbox96321 View Post
Well, TB0ne, you've certainly helped me out this evening... you're showing me that I should stick to the professional computer forensics consultant in my local region and just find a way to come up with the money. He already communicated with the technicians doing the warranty work on the hard drive and the cell phone repair specialists who dealt with the phones and tablets in question. I appreciate his professionalism, knowledge, and respectful communication. Especially since I'm not a computer expert and answer in more general terms until steered toward specifics... If I don't understand what he's looking for when he asks a question, he simply asks more specific questions to get the information he needs instead of prematurely resorting to insults and accusations. Good day to you.
So now it's:
  • Phone
  • SIM cards
  • Tablet
  • PC
  • "Burned" hard drives
You are the one making accusations; you are accusing some vague 'someone' of hacking you and (somehow) 'burning up' hard drives, yet don't produce any proof or evidence of ANYTHING, past accusations. Same as those other posters mentioned previously...nothing new here. Again: WHERE IS YOUR PROOF/EVIDENCE???

And yes, I *DO* security/consulting professionally and have for decades..which is precisely why your story makes no sense. You want to spend $4k for someone to tell you something?? I'm sure they'd be happy to take your money to produce whatever story you want to hear. We'd not do it, because we need more than a vague story with disjointed logic to take it seriously, and wouldn't rob someone.

Again: your story falls apart at your very first post in this thread, and in fact, the subject line. Because it says, "....Lenovo Desktop running TAILS" (bolded for emphasis). For a 'newbie', you certainly seem to have some skills, since you not only:
  • Located a security-focused distro
  • Downloaded it
  • Burned the ISO image correctly
  • Booted it
  • ...and, despite it being a LIVE DISTRO that's not meant to be installed on a fixed hard drive without some considerable effort, DID JUST THAT.
..seem to have ignored what TAILS is. That is, a distro meant to run solely from a thumbdrive with zero persistence. Not to be installed without some effort/skills. Want to try again on 'newbie' angle?

https://tails.boum.org/support/faq/i....html#index6h2
https://tails.boum.org/
 
Old 12-03-2019, 05:54 PM   #21
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,133

Rep: Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929Reputation: 5929
Quote:
Originally Posted by uteck View Post
If you want to check your Linux, then you could install rkhunter (rootkit hunter).

But if you have a pro targeting you, they might be in your router so they can access all network traffic. Check if there is a firmware update. If not, see when the last one came out and if it has been some time, then get a new router.
Does this sentence make sense to you, uteck?
Quote:
Originally Posted by mailbox96321
...and then, despite using a Linux TAILS live USB, it was reconnected to the criminal's remote Windows 7 server again. A Synaptic Package Manager appeared on my desktop, and all of these packages appeared, with permissions changing and everything going wrong again just like on Windows.
Bolded for emphasis only.

So, a TAILS install (which is live, with zero persistence by design), is somehow 'reconnected' to "the criminal". For a newbie, it's amazing that they were able to somehow 'know' that it was a Windows 7 machine (make sense for a pro hacker to user Windows 7???) Or that the Synaptic manager just 'appeared', since you have to manually enable such things as an admin? (again, not pointing to 'newbie')
https://tails.boum.org/doc/first_ste.../index.en.html

And the 'newbie' somehow spotting these permission changes? How would a 'newbie' know what they were SUPPOSED to be, or how they changed??? Again, a 'pro hacker' wouldn't do anything visible on a screen, nor COULD they using live TAILS. This is much like the previous threads this past year....nothing new.

Last edited by TB0ne; 12-04-2019 at 01:42 PM.
 
Old 12-03-2019, 06:22 PM   #22
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.7.1908
Posts: 4,099

Rep: Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393Reputation: 1393
Quote:
Originally Posted by mailbox96321 View Post
Since the netstat command in Terminal wasn't working correctly, I googled "netstat alternative in linux terminal" and saw some recommended the SS command, so here's that output, in case that's relevant to you (?)... Again, thank you for any of your time and expertise.
[snip]
To be continued because results were too many characters for one post...
Generally speaking, if the output of the command is longer than the post limit, it's also likely to be of not much use. Posting all that just clutters the thread. Use pastebin or some such instead.
Try
Code:
ss -tnp
...and please post the results

Last edited by scasey; 12-03-2019 at 08:34 PM.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Just starting in linux from windows 10. Have a tails USB version I'm running on my PC. Tails won't recognize or start using my A6100 Netgear Rhix59 Linux - Newbie 3 07-08-2019 04:48 AM
Tails Site is 'Port Scanning' Computers that download 'Tails.iso' !!! ??? SethJ Incognito 8 09-03-2016 03:55 AM
LXer: Tails 2.3 Anonymous Live CD Gets Tor Browser 5.5.5, Tails 2.4 Coming June 7 LXer Syndicated Linux News 0 04-27-2016 06:12 AM
LXer: The Tails Project's The Amnesic Incognito Live System (Tails) LXer Syndicated Linux News 0 09-17-2011 02:51 AM
can you tell me what operting system the best for what i tell you here ? thanks SlackwareMan Linux - General 5 07-27-2004 03:24 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration