Re: Am I being paranoid about intrusion or what?
From: Moe Trin (ibuprofin_at_painkiller.example.tld)
Date: 03/10/05
- Next message: ynotssor: "Re: server goes to sleep"
- Previous message: al: "server goes to sleep"
- In reply to: Mike K: "Am I being paranoid about intrusion or what?"
- Next in thread: Durk van Veen: "Re: Am I being paranoid about intrusion or what?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 09 Mar 2005 20:20:46 -0600
In article <XFmXd.63821$W16.36664@trndny07>, Mike K wrote:
>While using pan on linux newsgroup, all of a sudden, pan started
>downloading all message bodies. In a panic, I closed pan.
OK... I don't use pan as my newsreader. What is the command there to
download the "next" article? Is it possibly hitting the spacebar?
>Then I noticed the cursor on kate, which was opened, started scrolling to
>the right and then the next line... I logged off.
Hmmm
>In the GUI username box, the cursor still scroll. I turned off my computer.
The GUI app shouldn't be listening to the network. Your 'netstat -tupa'
output doesn't seem to show it. Honestly, this sounds more like a stuck
keyboard than anything else.
Fedora defaults to a journaled file system, so killing power isn't as big of
a problem as before, but using the '/sbin/shutdown' command is very much
preferred. What might be preferable in this type of situation would be to
yank the network connection - or killing the _external_ DSL modem.
>In one separate instance, I also experienced programs opening up on
>their own, such as the screen shot program. In another instance, the
>OOo.writer started popping up. I googled on intrusions on linux box.
Try operating your system without the access to the network - unplug the
network cable, or telephone line, or what-ever. I dunno, use the system
to look through the HOWTOs or something. Does the system start doing
strange things then?
>Mostly what I saw were silent intrusions trying to intall trojans or
>hijacking computer to do DOS attacks. In short, the behavior I
>experienced is not typical of linux boxes, and more typical of viruses
>wrecking the other OS.
Are you running as a common user, or root? From the tone of my question,
you _know_ you should not be root. As an ordinary user, it's much more
difficult to get "infected". Not impossible, but the percentages get lots
of leading zero behind the decimal.
>Here is a list of all services running in my linux box with a state of
>LISTEN which are started by default:
I don't know why your portmapper is listening to the world, but nothing
looks gross,
>I learned that there was a vulnerability in rpc.statd a while back in
>2000 but should have since been patched.
It was.
>I know there are some services that I don't need that should be stopped.
>Basically, this is a standalone machine with dsl connection doing basic
>stuff as a windoze replacement. I have the basic fedora firewall enabled
>and I also disable icmp, which was on by default.
ICMP shouldn't be that critical. You're on Verizon DSL, and you have 11
bazillion skript kiddiez and worms and such, but they're going after the
windoze boxes, and possibly stroking your ssh port, but your firewall should
be blocking that.
>I'm just looking for a peace of mind from viruses and spyware, and want to
>be sure that when I do online banking and online shopping I'm secure, well,
>at least on my end.
Viruses and spyware are windoze problems and barely on the *nix radar. The
on-line banking and shopping - as long as you are not promiscuous with the
personal data, and do NOT run as root, you should be OK.
>Can someone advise me on how I can be sure my basic machine is secure
>from intrusion? I read a lot about logging but can't find more info on
>how to do it. Thanks very much for putting up with my ignorance.
Above I suggested unplugging the system, and using it off-line (it sounds
like a stuck key or hardware problem to me). A good thing to be doing
while waiting is to be reading the HOWTOs. Some of these should be on your
system (or at least on the distribution CDs) - if not, get them from an
LDP mirror, such as http://en.tldp.org/HOWTO/HOWTO-INDEX/howtos.html or
http://ibiblio.org/pub/linux/docs/HOWTO/
280344 Feb 22 14:05 HOWTO-INDEX
212647 Jul 22 2002 DSL-HOWTO
155096 Jan 23 2004 Security-HOWTO
287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO
Obviously, that HOWTO-INDEX is newer than what's on Fedora. There are about
480 documents to read there - some are a total waste of time, some are quite
valuable. Likewise, there are about 24 books at http://tldp.org/guides.html
some of which may be on your system too.
Old guy
- Next message: ynotssor: "Re: server goes to sleep"
- Previous message: al: "server goes to sleep"
- In reply to: Mike K: "Am I being paranoid about intrusion or what?"
- Next in thread: Durk van Veen: "Re: Am I being paranoid about intrusion or what?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
