Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Paranoid or Under Attack ?

  1. #1
    Join Date
    Feb 2014
    Beans
    1

    Paranoid or Under Attack ?

    Hi guys,

    Admittedly I'm faily new to linux but something just seems very strange. I downloaded alpine Linux because of the Grsecurity, PAX etx and additional protections I feel nessacery. 3 days after being plugged into a BT router things stated going odd.

    Maybe I'm paranoid but firstly,

    1. A script appeared a long with a load of others, one of them was called GFXPAYLOAD

    Now this actualy turns off the graphics on the motherboard if I attempt to change any of the core system files.
    2. A third partition that is only visible under certain circumstances – yet Im faily sure I only setup 1 partition and a swap on SDA2 yet theres 3 visible but only if I bot in with certain disks like M linux – strangely even if I enter as root or with M linux I cannot access or change permissions of most of the file system of the third partition.

    Now heres what makes it interesting, this is
    1. A brand new PC
    2. A brand new copy of Alpine-Linux written off by the computer shop
    3. Brand new phone line, router and ISP

    None of my old media have been near the system and wireless is turned off and I'm ethernet only.
    I also noticed it has created an Atheros wi-fi emulation driver – yet I don't have a wi-fi card and if I did it wouldn't be atheros since they are used for hacking.

    Now, today I attempted to download Lubuntu – the file size was reported by the website at 696mb and would fit on a CDR. The download however was 729mb once finished???

    I've stated to analyse my system more and there are so far 34 TTY connections via the serial bus. Although Terminal reports only 2 belong to me. The root account is now in a group called root as well. I never created a group for it. It was simply a username root account. There appears to be another 16 groups as well which are anonymous logins, samaba shares etc

    Theres a strange directory that is a never ending loop. You click it and it just continues forever /boot/boot/boot/boot/boot/boot/boot etc etc

    My GRSECURITY file seems to of altered and is now a symlik to a program called BUSYBOX. What is this?
    Also a dir appeared called tmp and I looked inside and theres a locked file called orbit.pulse that I cannot access and theres an SSH-xxxxxx dir with a file caled agentxxxx and inside this a PID number.

    I also found in my /SBIN directory ZFS executables although tried ZPOOL but it wouldn't allow me access. I thought no Linux kernals used the ZHS/ZFS filesystem??? I read that in a magazine last week.

    Another file apeared in sbin called OCS-onthefly any idea what this is?

    I just want to know – am I getting worried about nothing – normal Linux processes or is something very bad happening. It just doesn't seem right to me. Oh yeah I also ran some digital forensics and it stated “CD-rom drive has triple octet magic-mime” I don't know what that means though or if it supposed to be there.

    It appears I'm being blocked too, any ISO's I download I cannot write to CD. Ive tried every GUI program out there and they all report “mount” errors.

    The computer seemed fine – until I plugged in my BT router. I changed the admin PW and turned off WIFI for security ut ever since all this stuff has happened. It appears to me to be a government /ISP attack on my system. Unless I'm just paranoid :/
    Last edited by howefield; February 7th, 2014 at 09:04 PM. Reason: tried to make sense of the formatting.

  2. #2
    Join Date
    Apr 2011
    Location
    Mystletainn Kick!
    Beans
    6,575
    Distro
    Ubuntu

    Re: Paranoid or Under Attack ?

    You're paranoid.
    Splat Double Splat Triple Splat
    Earn Your Keep
    Don't mind me, I'm only passing through.
    Once in a blue moon, I'm actually helpful
    .

  3. #3
    Join Date
    Feb 2014
    Beans
    1

    RE: Paranoid or Under Attack ?

    What worries me - is a brand new pc, brand new ISP.

    It has to be a government attack. I'm wondering if this is part of the gov take over of the internet thats been all over the news in past months.

    OK cool - I'm happier to be paranoid!!! Why does a tmo dir appear stating SSH-43643429 and why can't I access files as root anymore though. Seems very odd.

    Also why does Ubuntu have a load of anonymous login groups. Windows does that, I thought unix was more secure finding 20 odd remote login groups that you can't remove is far from secure :/

    Also why does linux have a GFX pay load ? I actually had to take the PC back to the shop and pay to get it working again and we found the script but couldn't remove it. Linux sounds less secure than windows and more like a virus if thats part of it.

    You can't view the scripts either, theres some kind of block in place and leafpad ect etc won't view them but libre office would.

    There all

    !\bin/bash
    and
    elf32 binaries
    Last edited by howefield; February 7th, 2014 at 09:07 PM.

  4. #4
    Join Date
    Mar 2011
    Location
    U.K.
    Beans
    Hidden!
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Paranoid or Under Attack ?

    Start by running a ShieldsUp scan on your ports ...

    https://www.grc.com/x/ne.dll?bh0bkyd2

  5. #5
    Join Date
    Feb 2014
    Beans
    1

    Re: Paranoid or Under Attack ?

    is it normal for Lubuntu to grow in size too? It said it was 696mb

    but downloade it was 729mb :/

  6. #6
    Join Date
    Feb 2008
    Location
    Pelican Bay Correctional
    Beans
    Hidden!

    Re: Paranoid or Under Attack ?

    The "ocs-onthefly" is used to do disk to disk or partition to partition copy on-the-fly. - Clonezilla
    http://en.wikipedia.org/wiki/Zfs#Platforms - zfs

    I'd re-install Alpine-Linux yourself with http://wiki.alpinelinux.org/cgi-bin/...-2.7.4-x86.iso
    Do you realize how hard it is for me to explain to people that I know you?

  7. #7
    Join Date
    Feb 2014
    Beans
    1

    Re: Paranoid or Under Attack ?

    im running traffic analysis and gufw to blobk al ports but theres ICMP packets flying in and out still?

    What is this madness :/

    is the root user suposed to be in a group called root? and how do you secure your root?

    looks like someone else owns it now lol

    I dunno if this PC is broken but it won't burn any ISO files.

    Ive tried and in the end I had to buy a magazine and use Linux Mint or Ubuntu on the cover disc. The cover disc alos seeme to alter a dir call isolinux appears. All kernals change to VMLINUZ
    and .com32 .menu32 has appeared in front of the boot lines. I assume thats normal though?
    Last edited by howefield; February 7th, 2014 at 09:21 PM.

  8. #8
    Join Date
    Feb 2014
    Beans
    1

    Re: Paranoid or Under Attack ?

    Quote Originally Posted by dragonfly41 View Post
    Start by running a ShieldsUp scan on your ports ...

    https://www.grc.com/x/ne.dll?bh0bkyd2


    Thank you - looks like the shields are comprimised though Spock!!!

    I think I'm gonna build a hardware PF-sense firewall, hire a VPN and change the whole setup!

  9. #9
    Join Date
    Nov 2011
    Beans
    2,314
    Distro
    Ubuntu

    Re: Paranoid or Under Attack ?

    I'd never heard of "Alpine Linux" but Google says it's another one of those so-called security distros. They seem to have a forum, so these kind of "so-good-I-posted-it-twice" questions might be better adressed there.

    However... most, if not all, of the OP's questions betray a profound ignorance of Unix/Linux.

  10. #10
    Join Date
    Aug 2013
    Beans
    22
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Paranoid or Under Attack ?

    I really don't know anything about Alpine either, but according to Wikipedia it's "...primarily designed for x86 routers, firewalls, VPNs, VoIP and servers." Perhaps it there lacks some drivers for certain hardware? It also sounds like the C libraries used are not compatible with Gnu C libraries. Meaning, I guess, that Alpine isn't going to work like Ubuntu? Does this shed any light?

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •