techwatcher

Hi... I have some unique problems, which I don't really want to get into; basically I can't download stuff (can't store anything anywhere) just now. So could someone please tell me network-related 'services' that I can read about in the man pages?

In particular, I want the abbreviation/initials for the virtual private network. (What I mean is, the equivalent for vpn that smbd and nmbd are what one needs to know with regard to samba, for example.) If there were a list of all the 'services' somewhere, that would be super -- just point me at them, please!

ozar

Try this site.

__________________
oz

New Members: * README *

techwatcher

Thanks, ozar, but those are not service names, as nmbd & smbd are what I think of as the "service names" for samba.

Here is a real problem. I know it sounds incredible, but I'm only reporting what I see. If any hacker can help me, I'd really appreciate it:

I removed (physically) the hard drive & floppy of a 2001 NetVista PC, running about 1k Mhz, with 256K RAM, and a CD-ROM. A Lynksys router is connected to the PC, and I have very high-speed cable (Ethernet cables) modem.

Each day I want to go online, I start with the Ethernet cable connected between router and PC, but NOT between router and cable modem. I insert the MEPIS 6.5 CD (which I downloaded and burned earlier this year, when I had an "offline" PC running XP which has a CD burner). So any variability in my OS is not coming from a hard drive -- my OS is not installed, and the CD cannot be written over, I've been told repeatedly.

I am having extremely serious hacker problems, which is why I've gone to this limited system. Over the past couple of days, when I shutdown (on Konsole, shutdown now, which recently I have to also enter halt), I get within one of the shutdown messages:
OpenBSD Source Shell server
(as something else it's shutting down).

The first couple of times I saw this, I had been connected to the Internet for a couple of hours. So, as a test, this morning I turned on the PC, got to the login, logged in as root (no permanent installation, so why not?), then immediately shut down. And I did see the message again.

All I can tell you is that the hackers are physically very close to my machine (actually in the apartment above mine), and they have been running various systems since late October 2007. OpenBSD is apparently their latest attempt.

Please don't flame this thread. I just want to know the names of (or folders in which to find) other network-related services I should be shutting down, so I can get online all alone. Here's what I do so far: Bring up Konsole as soon as I've got a task bar, open a couple root shells. Bring up the syslog, and switch to view the CUPS (I mean printer) info, then remove relevant /var/run/ and /var/cache files (I'm not intending to use my own printer, after all). In particular, I think I
rm /var/cache/samba/printing/* and also rmdir ppd.

Also I rm /dev/pty* and tty*, then remove all the getty processes -- to do this, I normally get ksysguardd (the one that lists the PID for all processes).

I also rm /etc/cron.hourly/.placeholder and then rmdir /etc/cron.hourly
and rm /etc/samba/smb.conf
I hope I'm describing this properly: I'm at the library, and recall is less accurate than recognition.

I kill all the weird hald daemon-related and ssh PIDs shown in netstat -lanap. From the netstat -lanap listing and ksysguard listing, I also kill all processes I recognize as related to online services, including cups, NetworkManager, inet, dhcp__, nmbd, smbd, and even python (I didn't open a python shell myself).

Then I use passwd to alter the root password. After that, I usually fire up FireFox, then plug in the Ethernet cable from router into the cable modem, and I can browse.

Now that they're running the BSD (I think formerly they were trying to hack via Netbios, so a Win OS?), I'm a bit worried they might try to spoof my ISP to generate information to frame me for something. (Visiting a terrorist site? child porn? Sites for spammers? I have no idea. ) So, can anyone suggest other network interfaces they might be exploiting? These are heavy-duty hackers, obviously; I already know what I'm describing is thought to be impossible. Not asking how they're doing what they're doing anymore, just asking for other things to shut down. (VPN is not the name of the VPN service, for example -- anyone know what it is?)

I really am fairly new to Linux, and very new to "hacking." Not new to computing, and used to working with many different languages and OSes (I was a professional documenter over 20 years in NYC). But I'm in way over my head, and could use some help.

coopstah13

My guess is you need to better configure your router for protection. It should have come with a built in firewall. You should make sure it is enabled and also make sure that you set the router password to something other than the default if it isn't. Make sure you don't have any ports opened up to the outside world.

techwatcher

Thanks for the quick reply. Can you help me find out what ports are open? I don't think man ports produced any documentation -- in general, my problem is that the man pages are invoked by giving the service name (such as smb.conf), rather than by offering a function (keyword). Since I can't download any other documentation just now, it's hard for me to get a grasp of what is going on. (I recently learned that networks such as eth0 and lo (localhost) are called "interfaces" in Linux, for example. I don't know the proper vocabulary.)

coopstah13

well since you are using the router for your internet connection sharing you should use the firewall on that in my opinion. Usually you log in to the router by going to your browser and navigating to http://192.168.0.1 or http://192.168.1.1 and then you log in there. It should have an interface there with some more stuff. Second option is to use iptables to set up a firewall but that would only apply to your machine. Also unless you are running any server or anything like that, you don't need any ports open.

budman7

If you have a linksys router go to the 192.168.1.1 web page type in admin for the password(unless you changed it).
Go to the "Administration" tab, there you will be able to disable wireless access to your router.
I am not sure about other routers but there should be a way to turn off wireless access.

__________________
Go RedWings
How to know if you are a geek.
when you respond to "get a life!" with "what's the URL?"
- Birger

New users read The FAQ

elija

You can use shields up to test your router for the common service
ports. It can be accessed from here

If you can use WEP or preferably WPA to encrypt your network to
stop people getting in without you knowing.

Stop broadcasting your SSID and limit access to your router to your
MAC addresses.

None of these router changes are infallible, but they all make it harder
for outsiders to get in.

__________________
"I complement you - your facility of understatement is exceeded only by your mastery of silence, but measuring this with the word 'shame' surpasses all your previous achievements in articulation"

The Fifth Continent

coopstah13

I don't see anywhere in his original post where he referred to having a wireless connection, only that he was connected via ethernet cable. I can understand people using his wireless connection so easy if it is unencrypted, but he never mentioned that.

elija

Most routers (soho) anyway seem to be both these days, so reading
between the lines, the advice is still good to check out.

__________________
"I complement you - your facility of understatement is exceeded only by your mastery of silence, but measuring this with the word 'shame' surpasses all your previous achievements in articulation"

The Fifth Continent