Thanks, ozar, but those are not service names, as nmbd & smbd are what I think of as the "service names" for samba.
Here is a real problem. I know it sounds incredible, but I'm only reporting what I see. If any hacker can help me, I'd really appreciate it:
I removed (physically) the hard drive & floppy of a 2001 NetVista PC, running about 1k Mhz, with 256K RAM, and a CD-ROM. A Lynksys router is connected to the PC, and I have very high-speed cable (Ethernet cables) modem.
Each day I want to go online, I start with the Ethernet cable connected between router and PC, but NOT between router and cable modem. I insert the MEPIS 6.5 CD (which I downloaded and burned earlier this year, when I had an "offline" PC running XP which has a CD burner). So any variability in my OS is not coming from a hard drive -- my OS is not installed, and the CD cannot be written over, I've been told repeatedly.
I am having extremely serious hacker problems, which is why I've gone to this limited system. Over the past couple of days, when I shutdown (on Konsole, shutdown now, which recently I have to also enter halt), I get within one of the shutdown messages:
OpenBSD Source Shell server
(as something else it's shutting down).
The first couple of times I saw this, I had been connected to the Internet for a couple of hours. So, as a test, this morning I turned on the PC, got to the login, logged in as root (no permanent installation, so why not?), then immediately shut down. And I did see the message again.
All I can tell you is that the hackers are physically very close to my machine (actually in the apartment above mine), and they have been running various systems since late October 2007. OpenBSD is apparently their latest attempt.
Please don't flame this thread. I just want to know the names of (or folders in which to find) other network-related services I should be shutting down, so I can get online all alone.
Here's what I do so far: Bring up Konsole as soon as I've got a task bar, open a couple root shells. Bring up the syslog, and switch to view the CUPS (I mean printer) info, then remove relevant /var/run/ and /var/cache files (I'm not intending to use my own printer, after all). In particular, I think I
rm /var/cache/samba/printing/* and also rmdir ppd.
Also I rm /dev/pty* and tty*, then remove all the getty processes -- to do this, I normally get ksysguardd (the one that lists the PID for all processes).
I also rm /etc/cron.hourly/.placeholder and then rmdir /etc/cron.hourly
and rm /etc/samba/smb.conf
I hope I'm describing this properly: I'm at the library, and recall is less accurate than recognition.
I kill all the weird hald daemon-related and ssh PIDs shown in netstat -lanap. From the netstat -lanap listing and ksysguard listing, I also kill all processes I recognize as related to online services, including cups, NetworkManager, inet, dhcp__, nmbd, smbd, and even python (I didn't open a python shell myself).
Then I use passwd to alter the root password. After that, I usually fire up FireFox, then plug in the Ethernet cable from router into the cable modem, and I can browse.
Now that they're running the BSD (I think formerly they were trying to hack via Netbios, so a Win OS?), I'm a bit worried they might try to spoof my ISP to generate information to frame me for something. (Visiting a terrorist site? child porn? Sites for spammers? I have no idea.
) So, can anyone suggest other network interfaces they might be exploiting? These are heavy-duty hackers, obviously; I already know what I'm describing is thought to be impossible. Not asking how they're doing what they're doing anymore, just asking for other things to shut down. (VPN is not the name of the VPN service, for example -- anyone know what it is?)
I really am fairly new to Linux, and very new to "hacking." Not new to computing, and used to working with many different languages and OSes (I was a professional documenter over 20 years in NYC). But I'm in way over my head, and could use some help.
Linear Mode
