Re: Security Help

From: dono (dono_at_queyosepa.net)
Date: 09/15/04


Date: Wed, 15 Sep 2004 01:06:12 GMT

On Tue, 14 Sep 2004 16:41:29 GMT, "Al" <s@s.v> wrote:

>I have a small network set up at home. NetworkEverywhere NAT
>Firewall/Router (http://www.networkeverywhere.com/products/nr041.asp) with 2
>Windows and 1 Debian computer. I recently added the people in the apartment
>downstairs to my network. They have their own router (Lynksys) and 2
>computers. Before I hooked the downstairs people in, I could not port scan
>my network from outside (maybe I had a shitty port scanner, I don't know).
>Today at work (while I had some free time) I decided to port scan my
>computer. I used Network Activ Scanner to do the scan. When it was
>finished there were several ports open on my network.
>
>A few of these were:
>
>Port Use
>70 Gopher
>389 LDAP
>7070 ARCP
>5900 ?
>1494 Citrix
>6667 IRC
>
>When I done the scan all downstairs computers were turned off. I know I
>don't have Citrix, LDAP or anything else running on my machines. I only
>have SSH and a web server (Tomcat) on my Debian box. There are no IRC
>clients on my computer.
>
>I am a programmer, not a security expert, to me the scan seems to show that
>a back door was installed on my computer. I read about viruses that install
>a IRC client to issue commands to, I think citrix is used for remote logins,
>rlogin was also detected and I never installed this I use SSH. I'm not sure
>if I was taken over by a skiddie or if the computer that I plugged into my
>network were already compromised.
>
>Here are my questions: Do you think my computer is taken over? Is there a
>tool similar to what skiddies use that I can run against my network that
>will show the vulnerability instead of exploiting it and creating a back
>door. Once my network is clean again what are some security tools I can use
>to better monitor my network? Does this security course that I am thinking
>of doing look good to you experts
>(http://www.polarbear.com/outline_storage/PS613.pdf)? Its only a two day
>course so I'm not sure if its a good one. My security knowledge goes as far
>as a couple of security how-tos for Windows and Linux.
>
>Thanks in advance for all your input,
>
>Al
>
##########################
You said that the people downstairs have their own router. What about
your router? If you have a router, how did it pass the ports to the
machines? What internal block are you using? Is it different from
theirs? Just check the configuration. I don't think your network has
been owned. I don't use debian if it has an inetd.conf file, comment
out any services that you don't need.



Relevant Pages

  • RE: How to find a changing IP on ethernet network
    ... Cisco Aironet 1200 Aps). ... part of their newCisco Self-Defending Network Initiative. ... Port Security is a good Cisco feature for a small LAN but when working with ... conjunction with Port Security. ...
    (Security-Basics)
  • RE: How to find a changing IP on ethernet network
    ... Port Security is a good Cisco feature for a small LAN but when working ... with large networks with roaming users, I would use Port Authentication ... Identity Based Network Security and uses 802.1x at the client ... firewall with virus/spam protection, URL filtering, ...
    (Security-Basics)
  • RE: How to find a changing IP on ethernet network
    ... Port Security is a good Cisco feature for a small LAN but when working ... with large networks with roaming users, I would use Port Authentication ... Network Security Specialist ... firewall with virus/spam protection, URL filtering, ...
    (Security-Basics)
  • RE: network auditing
    ... I was just reading the thread on the "NASA security Audit" ... Port scan the target network IP. ...
    (Security-Basics)
  • RE: How to find a changing IP on ethernet network
    ... called "port security". ... tell it how many MAC ... to issue an SMTP trap to your Network Management ...
    (Security-Basics)