either portsentry is insane, my laptop has been compromised,…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
MKeith Smith via PLUG-discuss at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Rusty Carruth via PLUG-discuss
Date:  
To: Main PLUG discussion list
CC: Rusty Carruth
Subject: either portsentry is insane, my laptop has been compromised, or ...
Hopefully the answer isn't that *I'm* the insane one! ;-)

So, my laptop, which is running Linux Mint 20.2 Uma, and my file server
have suddenly had a falling-out.  They used to talk to each other just
fine, but now the file server, running Linux Mint 19.3 Tricia, slams my
laptop into the deny list as soon as I try to SSH in to it.  And I don't
(believe I have) automatic update enabled on either computer, and I
certainly don't remember doing anything to the laptop or the server
related to networking.  The laptop has an NFS connection to the file
server - or it HAD before the blocking!


The file server has no problem ssh-ing to the laptop (no surprise there,
of course).


Initially I thought it was some problem with port 161, but I added that
(and the laptop IP address!) in to the portsenty ignore file, and it
still got flagged.


It isn't in hosts.deny, nor is it in the portsentry bad guys list.


I looked (find /etc -type f -print0|xargs -0 egrep <laptopIPaddr>') on
the file server:

Tue Jul 09 14:02:30 RustyC ~ $ cat /tmp/finding.laptop
/etc/portsentry/portsentry.ignore.static:myLaptopIP
/etc/portsentry/portsentry.ignore:myLaptopIP
/etc/portsentry/portsentry.ignore.static~:myLaptopIP
Tue Jul 09 14:05:59 RustyC ~ $

(I hacked the local IP to the string 'myLaptopIP'.  What is actually
there is the actual IP addr).


So, I removed (uninstalled) portsentry from the file server, rebooted,
and tried again.  Still blocked!  Waited about a day, still blocked. 
So, I changed the IP address of the laptop - the server blocks the laptop!

Just for fun, I changed my laptop's IP again and tried mounting the file
server via NFS, without doing anything else (no attempt to ssh, etc) -
blocked, as far as I can tell.  BUT!  I can still ping the file server
from the laptop!

Checked iptables - NOTHING in any table on the server.  I'm totally
stumped, and about to re-install Linux on both the Laptop and the file
server.  (One of these days I hope to get time to fool with AI for this
kind of thing, but haven't yet had the time...)

Does anyone have any ideas?  Thanks!

---------------------------------------------------
PLUG-discuss mailing list:
To subscribe, unsubscribe, or to change your mail settings:
https://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Repeat of my Void Linux presentation at PLUG 7/11Re: either portsentry is insane, my laptop has been compromised, or ...->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)