DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 9th April 2014
scupper scupper is offline
New User
 
Join Date: Apr 2014
Posts: 1
Default I have a particular problem

Hi. I just installed OpenBSD for the first time only a few days ago. I would wait much longer to post out of respect but I really need help with something.

Word count: 902
TLDR: Sorry for the wall of text. Someone is pranking me and making annoying noises with my computer and is also able to tell how much noise is going through my microphone but can't actually hear the noise. The person is also able to tell how much my activity my computer is doing, like when I go to a website, but not what website it is or anything. This includes what I suppose is the minimal install of OpenBSD 5.4 and a Gentoo LiveCD. The person was able to see absolutely everything on my screen with Windows 7, Mint and Ubuntu but not Windows 8, Gentoo, Puppy or OpenBSD 5.4. Something about the distribution TAILS makes it the safest for me to use. I would do anything have an operating system that doesn't let anybody do this. Ultimately all I need is a web browser.



A person I know is dogging me on my laptop on multiple operating systems and screwing with it. I've never been under any serious threat but the person will cause my computer to make certain annoying noises and the person is able to tell how much activity my computer is doing, like when I go to websites, just not what websites or anything. Also the person is able to apparently tell how much noise is going into my microphone but can't actually hear the noise itself, just the quantity of noise/the volume. I know all of this might sound strange but it's really more of an annoyance and I'm more concerned with the fact that anybody is able to do this rather than the fact that this person is doing it. The reason the person is doing it is just because the person is crazy and has daddy problems (the person is a girl).

The person could see everything I could did on my computer, and also make noises, with Windows 7, everything, as well as with Mint and Ubuntu. My computer is safe in this regard (not the noises) with Windows 8, Gentoo/Sabayon, Puppy and TAILS. There are actually two particular noises the person makes. One is a continuous noise, sort of quiet, like the usual noise of a computer working. The second is a lurching noise that the person will do occasionally, also a noise like a computer working, just louder. For whatever reason, the person is able to make the continuous and lurching noises with Gentoo/Sabayon and Puppy but can only make the lurching noise with TAILS and Windows 8. Also I think maybe the microphone thing doesn't working with TAILS, but maybe not. It does work with Windows 8. The person is apparently also not able to make the continuous noise with OpenBSD, which I have only used with the shell. The person is able to make the lurching noise and I think the person can use the microphone as I described. I installed OpenBSD because I read that it was more secure than Linux. I've given all this information in an effort to figure out how this person is doing all this. A bit more information I can provide is that it took the person, who I know has help from any number of knowledgeable people (since she's a girl), took 18 hours to get through Mint. I don't know if it took that long to find an open port or what (I really don't know and am in general in need of help). Also, weeks after I tried using Mint, I used TAILS and it then took the person and her help 24 hours to be able to get past that, which I guess is interesting. And again there's something different about TAILS so that the person can only make a lurching noise, and that lurching noise is also slightly smaller than on other operating systems.

I don't know if I need to disable SSH or what (just throwing that out there). I know about as little about OpenBSD as a person can after installing (I used 5.4) and I will spend however many hours on it as I have to. I have enjoyed my crash course on OpenBSD and Linux. I will do absolutely anything possible to solve this. Again, for only 24 hours with TAILS I was able to use my computer completely freely. The person is actually consistent with her prank and will let me know indirectly when she has gained access (I'm serious). I will install what anyone asks me to. I never installed Gentoo, I only used a livecd, although I could if anybody asked me to (I did install Sabayon though). I basically just need to be able to use a web browser and open PDFs with whatever I settle on so I don't know if any solution has to work with a desktop environment or what. I'm using TAILS until then. I have a Dell Latitude E6500 laptop and I have to plug my laptop into my router to install OpenBSD and Gentoo, I suppose because of outdated modules (I don't guess a big deal for now).

I would appreciate any help so much, even if you just have one thing to throw out. I'm sorry if this sounds totally ridiculous, everything I've said is true.

Last edited by scupper; 9th April 2014 at 08:23 AM.
Reply With Quote
  #2   (View Single Post)  
Old 9th April 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Hello and welcome.

For the moment, lets assume everything you've typed in to your post is true to the best of your belief and understanding.

I'm not going to be able to assist you with the security issues you perceive you have with other OSes (Windows or Linux). For the most part, neither is anyone else here, as this is outside the scope of this forum.

As for OpenBSD, if I've read your post correctly, I understand that:
  • You have installed OpenBSD, and you are using it with the shell. X Windows filesets may have been installed but X Windows is not currently being used.
  • You enabled SSH during installation, when the option to do so was presented to you by the installation script.
  • Your OpenBSD system has already been compromised, in that the audio speakers produce white noise or pink noise, under external control.
Did I understand this correctly? Please let me know. And, I have some initial follow-on questions:
  1. Did you modify /etc/ssh/sshd_config? If so, what did you change?
  2. What is the make and model of the router you connect with?
  3. Does your adversary use the same router?
  4. Review /var/log/authlog:
    1. Does the file exist?
    2. If so, the entries will show access attempts to connect to your system via your enabled sshd(8) daemon. Are there any logs of access attempts, sucessful or unsuccessful, that you did not make yourself?
Reply With Quote
  #3   (View Single Post)  
Old 9th April 2014
JWJones's Avatar
JWJones JWJones is offline
got root?
 
Join Date: Jan 2014
Location: Cascadia
Posts: 68
Default

Rather than addressing this as a technology issue, perhaps you need to think of this as harassment, and consider a restraining order.
Reply With Quote
  #4   (View Single Post)  
Old 9th April 2014
LeFrettchen's Avatar
LeFrettchen LeFrettchen is offline
Marveled user
 
Join Date: Aug 2012
Location: France
Posts: 405
Default

Hi and welcome !

Quote:
Originally Posted by jggimi View Post
  1. Did you modify /etc/ssh/sshd_config? If so, what did you change?
  2. What is the make and model of the router you connect with?
  3. Does your adversary use the same router?
  4. Review /var/log/authlog:
    1. Does the file exist?
    2. If so, the entries will show access attempts to connect to your system via your enabled sshd(8) daemon. Are there any logs of access attempts, sucessful or unsuccessful, that you did not make yourself?
I would also add
  1. Do you use an ethernet connection, wifi or both ?
  2. Is your router wifi capable, and is wifi activated ?
  3. Can you manage your router ?
__________________
ThinkPad W500 P8700 6GB HD3650 - faultry
ThinkStation P700 2x2620v3 32GB 1050ti 3xSSD 1xHDD
Reply With Quote
  #5   (View Single Post)  
Old 10th April 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

I'll post this follow-up, scupper, since you haven't yet had the time or opportunity to post any further information. Based solely upon the information provided by your first post, I can make the following guesses. These are guesses, based upon your description of a newly installed OpenBSD system and with the assumption that no third party applications have yet been installed.

Immediately compromised OpenBSD systems are possible if:
  • You are running the OS as a guest virtual machine (VMWare, Qemu, Virtualbox, etc.) on a compromised host OS or hypervisor.
  • You enabled the SSH daemon upon install and chose an insecure superuser (root) password. The default SSH daemon configuration permits root login and passwords for authentication, for ease of remote provisioning of newly installed OpenBSD systems.
    • The recommended best practice is to configure PermitRootLogin to no for production SSH servers, and to set PasswordAuthentication to no once an alternative authentication schema has been configured.
That's basically it for the default installation. The default OpenBSD installation itself should not normally be vulnerable to external attacks from the network, even if the router you are using has been compromised.

Please note: it is unlikely that OpenBSD's audio system has been compromised via network attack. The sndiod(1) audio server does not use a network connection unless the admin configures it to do so (see the -L option). You are more likely the victim of social engineering and intimidation than a successful technical attack. At least, against a default OpenBSD installation.
This is why I asked about /var/log/authlog -- if you have permitted root access to others, your actions have compromised your system. Using the SSH daemon as an example -- once you start provisioning services and applications on OpenBSD, you could easily make mistakes through ignorance or inexperience and open your system to being compromised.
Physical access should also be considered. Anyone with physical access to your workstation has access to any unencrypted data stored on it. They do not need your root password. OpenBSD can be deployed with encrypted filesystems, but that is manual customization and not available as component of the installation script.

Last edited by jggimi; 10th April 2014 at 01:35 PM. Reason: fixed man page link, added physical access comment.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM


All times are GMT. The time now is 08:05 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick