Unix/Linux Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

Maybe a security problem involving Linux hosts

Security


Closed    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 08-25-2016
SInt SInt is offline
Registered User
 
Join Date: Aug 2016
Last Activity: 22 November 2016, 5:39 AM EST
Posts: 2
Thanks: 2
Thanked 0 Times in 0 Posts
Maybe a security problem involving Linux hosts

Hello,

with the following problem I feel helpless because I do not know where to look for the problem.
Sorry in advance for my poor English.

At some point the interaction with people on Freenode IRC has become mysterious and offending so that I checked my modem/router device. When I tried to make a change the modem gave me the error message that another admin is logged in. It alerted me because all other computers were disconnected. So I called my ISP and they agreed that my device is listed there at "being attacked". They sent me a replacement and they also sent me a new password.

With the new modem I booted a linux livecd that i got from a linux magazine. And from there I downloaded the ISOs and wiped all my machines using DBAN.

With all the people in my social environment telling me to relax, think positive and all that stuff like "its only your false perceiption on things" I stopped paying attention on mysterious errors, etc. Until I needed the Hexchat client to check a local ircd install. And it launched with 1 network added. I am absolutely sure I had 0 networks in that network list when I went on an IRC break. Several months before there was a similar thing where all 18 or 19 networks had their name changed to EF-Net.

Another thing is that I stored all my website passwords in Lastpass and when I went offline for 3 days to install and configure some things my passphrase was changed to the one I used several months ago and all my stored passwords were deleted.

I could provide several more of these stories.

I hope none of you guys reacts now how most people reacted: "this guy is crazy, give him more meds" or something. I know it sounds crazy and it is crazy. But lets say my observations are correct where could the entry point be for an attacker?


friendly Greetings,
SInt
Sponsored Links
    #2  
Old Unix and Linux 08-25-2016
Corona688 Corona688 is offline Forum Staff  
Mead Rotor
 
Join Date: Aug 2005
Last Activity: 24 February 2017, 3:55 PM EST
Location: Saskatchewan
Posts: 21,938
Thanks: 1,050
Thanked 4,102 Times in 3,800 Posts
Network intrusion happens often enough that they almost certainly weren't after you personally. It's like email spam -- attackers probe thousands of systems hoping to find one easy catch. Did you ask your ISP how many other modems were under attack? For an ISP to even admit that their modems are being attacked hints at a large problem.

When did you lose your LastPass passwords? LastPass has cleared and deactivated accounts by the million to deal with their own intrusion attempts. Once again, probably not personal.

Had HexChat needed to install any updates after not using it for months? Had you installed it from scratch after the big computer-bleach? Once again, probably not personal, just a default setting.

In short, I don't think you're crazy -- I think you have an unclear idea how computer software and computer networking works. These events have very little in common, unclear motivation (why would a hacker want to rename your IRC networks?), and very different methods(random issues in your local computer, vs malicious hacking of a well-known password service, vs intrusion on your ISP's WAN, etc...), too many for me to assume they're all from the same person or have you in particular in mind. Reformatting your computer because someone attacked your modem is akin to burning down your house because someone looked in your window, anyway.

Last edited by Corona688; 08-25-2016 at 06:25 PM..
The Following User Says Thank You to Corona688 For This Useful Post:
SInt (11-22-2016)
Sponsored Links
    #3  
Old Unix and Linux 08-26-2016
Neo's Unix or Linux Image
Neo Neo is offline Forum Staff  
Administrator
 
Join Date: Sep 2000
Last Activity: 25 February 2017, 12:58 PM EST
Location: Asia pacific region
Posts: 13,477
Thanks: 829
Thanked 1,086 Times in 510 Posts
Quote:
Originally Posted by SInt View Post
.... I hope none of you guys reacts now how most people reacted: "this guy is crazy, give him more meds" or something. I know it sounds crazy and it is crazy. But lets say my observations are correct where could the entry point be for an attacker?
Risk is based on many factors, which include:
  1. Threat
  2. Vulnerability
  3. Criticality
If I read your post correctly, it sounds like you feel like there is a threat based on your interaction with some groups on the net and your systems are vulnerable. So, the main question which remains is how critical is the Linux computer system you are worried about?

If the system is really important and a breach would amount to serious loss, then you should really consider getting a professional to help you.

If the system has nothing important running on it; then you could just rebuild it from a scratch if you are worried.

If the system has backups, you could recover the system from a backup that was from a time prior to the hacking incident being discovered.

There are lots of options and the way you move forward depending on the risk profile of the system and that depends on the intersection of the three areas I mentioned above (1) threat, (2) vulnerability and (3) criticality.

Last edited by rbatte1; 08-26-2016 at 04:28 AM.. Reason: Converted text based numbered list for formatted numbered list
The Following User Says Thank You to Neo For This Useful Post:
SInt (11-22-2016)
Sponsored Links
Closed

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Problem in expect script with password involving trailing backslash pradeeptyagi23 Shell Programming and Scripting 4 06-20-2009 05:27 AM
A challenging problem involving symbolic links. ibloom Programming 2 03-24-2008 11:07 AM
problem in script involving month arithmetic rajarp UNIX for Dummies Questions & Answers 6 01-02-2008 12:25 PM



All times are GMT -4. The time now is 02:33 PM.