Re: Security Help
From: dono (dono_at_queyosepa.net)
Date: 09/15/04
- Next message: dono: "Re: better than ZA"
- Previous message: David H. Lipman: "Re: deleting a hard drive"
- In reply to: Al: "Security Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Sep 2004 01:06:12 GMT
On Tue, 14 Sep 2004 16:41:29 GMT, "Al" <s@s.v> wrote:
>I have a small network set up at home. NetworkEverywhere NAT
>Firewall/Router (http://www.networkeverywhere.com/products/nr041.asp) with 2
>Windows and 1 Debian computer. I recently added the people in the apartment
>downstairs to my network. They have their own router (Lynksys) and 2
>computers. Before I hooked the downstairs people in, I could not port scan
>my network from outside (maybe I had a shitty port scanner, I don't know).
>Today at work (while I had some free time) I decided to port scan my
>computer. I used Network Activ Scanner to do the scan. When it was
>finished there were several ports open on my network.
>
>A few of these were:
>
>Port Use
>70 Gopher
>389 LDAP
>7070 ARCP
>5900 ?
>1494 Citrix
>6667 IRC
>
>When I done the scan all downstairs computers were turned off. I know I
>don't have Citrix, LDAP or anything else running on my machines. I only
>have SSH and a web server (Tomcat) on my Debian box. There are no IRC
>clients on my computer.
>
>I am a programmer, not a security expert, to me the scan seems to show that
>a back door was installed on my computer. I read about viruses that install
>a IRC client to issue commands to, I think citrix is used for remote logins,
>rlogin was also detected and I never installed this I use SSH. I'm not sure
>if I was taken over by a skiddie or if the computer that I plugged into my
>network were already compromised.
>
>Here are my questions: Do you think my computer is taken over? Is there a
>tool similar to what skiddies use that I can run against my network that
>will show the vulnerability instead of exploiting it and creating a back
>door. Once my network is clean again what are some security tools I can use
>to better monitor my network? Does this security course that I am thinking
>of doing look good to you experts
>(http://www.polarbear.com/outline_storage/PS613.pdf)? Its only a two day
>course so I'm not sure if its a good one. My security knowledge goes as far
>as a couple of security how-tos for Windows and Linux.
>
>Thanks in advance for all your input,
>
>Al
>
##########################
You said that the people downstairs have their own router. What about
your router? If you have a router, how did it pass the ports to the
machines? What internal block are you using? Is it different from
theirs? Just check the configuration. I don't think your network has
been owned. I don't use debian if it has an inetd.conf file, comment
out any services that you don't need.
- Next message: dono: "Re: better than ZA"
- Previous message: David H. Lipman: "Re: deleting a hard drive"
- In reply to: Al: "Security Help"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
