|
|||
Am I being hacked?
NM. Just talked to a police officer and he said they have local police that will be able to handle that. I am going to call them first.
|
|
|||
I do not have the unix admin skill that many of the regulars on this forum do but I have tried alot Linux Variations and 3 of the main BSD's. The all have their strengths and weaknesses. There are ways to watch a flash video in a BSD but not with the convience of a browser plugin. For me choosing an OS to install boils down to 3 factors:
1)Hardware - I have a small, low powered Asus C3 Terminator that uses the Via SATA driver. In OpenBSD it only supports 1 drive - I had a SATA hard drive and a SATA DVD drive. NetBSD only supported the chipset as RAID. It works fine in FreeBSD 7 but gives an interupt storm in FreeBSD 8 No issues with linux kernel > 2.6.26 2)What I want to do - If I want to surf the internet and watch flash videos from a browser plugin securely in my opinion your best option is linux and if you have want 64 bit processing, a linux with 32bit libs since the 64bit Flashplugin for linux has a security flaw that has not been fixed. If I want a secure home ftp server, web server OpenBSD is a good choice. The availability of software packages also plays a factor in what you want to do. FreeBSD by far and away has the most packages, the largest community and the most rapid development. 3) A somewhat hard to quantify factor is how well the BSD is working. I recently tried to set up a NetBSD xfce4 desktop on wireless. The NetBSD wiki (with the wireless instructions) went down months ago and the maintainers that set up a new wiki decided to "audit" the wiki content. They must be very busy because the new wiki is still devoid of any content and new users attemping to configure a new NetBSD install have to rely on cache'd web pages. Additionally, the binaries at the NetBSD nyftp site generate a host of errors at install and the NetBSD guide has not even updated the fact that the pkgsrc ftp site moved from California to New York although you can find it in somewhere in the mailing lists. My sense is they support too much with too few developers So I would recommend starting with a description of your hardware and what you want to do with it. |
|
|||
It's doubtful that this is someone attacking your system, but we don't know for sure, even so, it's a common occurrence for automated attempts to happen daily.
Make sure you configure your system software properly, and use the built in firewall, pf. Calling your local authorities was highly premature, and in the case of a successful remote exploitation, there is very little they can do if the attack is taking place from another country. The potential exploit mentioned by shep is utilizing the shared memory functionality of Xorg to exploit the Linux kernel when X is running with elevated (root) privileges. This new vulnerability, while partly an X bug, is currently only a concern when using the Linux kernel.. it will not have any effect on OpenBSD and this is also partly because of the security features enabled by default, an adaptation will not be easy. It is also described as a local privilege escalation, not a remote attack vector. @shep, it would be nice if in the future you would avoid scaring the heck out of new users. |
|
|||
Sorry, I was not trying to scare the H out of new users.
The xorg exploit would not affect an OpenBSD system but I am not sure what would happen with Linux based Opera and fedora-base in OpenBSD as the OP indicated. I am not aware is anyone has looked at whether fedora-base, and Linux Opera are at risk but why chance it particulary when OpenBSD runs so well all by itself? |
|
|||
The vulnerability is possible because of a Linux kernel bug, they used a separate vulnerability in X to exploit the kernel vulnerability.
When you run Linux software on OpenBSD there is no Linux kernel involved, OpenBSD simply emulates the system calls and approximates their behaviour. For example, if hypothetically you managed to run an X server compiled for Linux under an OpenBSD kernel (..which is NOT possible), the available exploit would only crash the X server and that is all. It is possible that a program other than X could trigger this kernel vulnerability, X was just a demonstration.. as until KMS (..kernel mode setting) is widely implemented X has to run a lot of code in userland as root. If you're going to run Linux software on OpenBSD, don't run it as root anyway, that's just asking for trouble. |
|
|||
I see you guys went off topic here. I know for a fact my computer is being attacked by a stalker. I don't have a degree in computers or the relevent experience like you guys. i switched to openbsd to avoid the problem and it has worked to some extent.
How do i know i am getting hacked? Every flavor of linux/unix i try crashes. My windows crashes. It never used to happen. i have checked the hard drive for error and the memory. i have dos attacks on my router from hundreds of ips. I have had all my email accounts hacked and passwords changed. I have the strictest firewall settings on all OSs. I have 30+ charector passwords. i have a wireless router with a strict firewall running wpa2 with 30+ random keys (numbers, upper, lower case, symbols). I keep up with patches and updates on all systems. I even have sudo disabled. I have to SU to wheel user then su to root to make changes. i have someone who posts to most forums i am in with taunts like, "i am going to start attacking your contacts now." i am pretty sure i am getting stalked. Why? i don't know. I don't have confidential data or any admin access to anything useful. It's probably some loser who knows i don't know much and they decided to make themselves feel powerful by attacking me. Sociopaths are everywhere. some are serial killers others are low level hackers who now they can't mess with people like you guys, who actually know something, so they target people who don't know anything. So can someone help me? how do i trace an attack? i have googled it to death, but nothing i can understand comes up. This week a new problem came up without making any changes. Now when i try to increase the backlight on my laptop, the backlight turns off completely. this happens in openbsd only. |
|
|||
You're sounding paranoid, even delusional.. instead of jumping to the conclusion of a mass conspiracy.. consider the possibility of faulty hardware, or if you're receiving a lot of unsolicited network traffic (..99% of this is automated, not targeted) then ask your ISP to assist you, or even better.. just ignore it!
You can not be physically injured by a individual or group of invidious DoSing your home IP, unless you leave some gaping whole open that we're unaware of.. there is unlikely to be anyone who has remote access to your system. Of course, nobody here can be certain that you aren't being targeted.. but it would take a considerable amount of time, effort (..and technical know-how) to even do what you're suggesting. It sounds like someone has scared you into believing this, FUD, take the time to do some research about these subjects.. avoid such forums and/or antagonizing people.. and abandon the web identities that may be tracked back to you, if possible. You need to be confident, determined, and unwavering.. just keep doing the things that are important to you. I hope that helps, but really, I'm not qualified to be counselling you. |
|
|||||
By searching for factual evidence, & avoiding hyperbolic traps.
Quote:
Quote:
Quote:
Quote:
Quote:
Still, upon review, you have already strayed once before. Your initial inquiry was on "error 1" before digressing into concerns over being hacked. Please, stay on one subject. If you want to discuss something else, start a new thread. Our goal to to faciliate searching as lots of people search these threads. One way to make this simple is to limit threads to a single subject. |
|
|||
|
|
|||
Turn off your computer, go outside, take a deep breath. It's really not that bad out there.
Best of luck to you. |
|
|||
Thanks guys. I will use tcpdump when i get home. i will read up on the pf firewall. i think i am about to switch my router to static from dhcp. The pf firewall seems harder to understand, but i will see if i can make sense of it. Thanks to all the people who responded.
|
|
||||
|
|
|||
Ok. i just an nmap. these are ports i have open:
all tcp: 13 - daytime 25 - smtp 37 - time 113 - auth 587 - submission 6000 - x11 I only use this as a workstation. Which can i close. I don't need server services. i just browse the web. Can I close all of them? Are these open by default? I am running kde and firefox. I still have to go through tcpdump. I think i will look at the rst packets. Does that seem right? port 13 is ntp, right? Why do i need 37? |
|
|||
No, port 13 and 37 are older simple time protocols.. these are offered by the inetd(8) daemon and are enabled by default, there is no harm leaving them running.
How did you carry out this scan? if you're behind NAT these services will not be exposed publicly.. and by default, ports 25/587 (..smtp/sendmail) are bound only to localhost for logging and are not exposed over the network at all. Port 6000 is for networked X connections, the default pf.conf blocks all non-localhost connections to this port (..actually, a range).. typically people use SSH now to do remote X as the protocol offers no encryption. If you're receiving a lot of unsolicited traffic (..DoS) it will probably be ICMP packets, these are pretty much harmless to any modern OS, once upon a time legacy OS's had a very hard time dealing with specially crafted packets.. really though this is not a security risk anymore only a nuisance, and it happens all the time to everybody with a persistent connection to the Internet. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Kobil smartcard reader hacked | J65nko | News | 0 | 4th June 2010 12:50 PM |