I'm being hacked!

Craig White craigwhite@azapple.com
Thu, 8 Mar 2001 09:22:47 -0700 

> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Rick
> Rosinski
> Sent: Wednesday, March 07, 2001 6:07 PM
> To: PLUG
> Subject: I'm being hacked!
>
>
> I really need help!!!
>
> A buddy of mine knows a couple of hackers who have done sh*t to
> his system
> without informing him.   They acquired all of his information
> from his laptop
> and his WebTV.  He was paranoid about what they might do to his
> information
> (c cards, social, etc).  I told him enough to scare him into
> talking to those
> hackers.  They confessed, and they told him what they did, and
> what they are
> capable of.   But, what scared me the most is what he said they did to me
> without me knowing.  They told him about what I do with Linux based on my
> command prompt history.   My buddy wasn't messing with my head, because
> before they told him that, he didn't know what a command prompt
> was.   This
> guy accessed my system through my ppp connection with Inficad,
> even through
> the random ip addresses that they send.
>
> The point to all of this is:  I want to find out how to stop this from
> happening.  I have a few ideas of my own, and I have lots of questions.
>
> Besides setting up a firewall, what other security measures
> should I consider
> implementing?
>
> What will it take to keep this guy out of my system?  What is he
> capable of
> doing besides knowing my command history in my term windows.  Would it be
> effective if I set up a user for myself (I am always root) to
> keep him out?
> I am not on a LAN, just ppp to inficad, and I don't know if being root is
> dangerous or not.
>
>
> If it helps...
> I use Slackware 7.1 (I modified it to incorporate kernel 2.4.1),
> and I use
> dial-up internet pppd with kppp - and the ISP assigns random ip addresses.
> I don't have a firewall set up yet, and I am working on getting
> that up (I am
> reading the howto now).
>
> Thanks!!!
>
>
> --
5. Rusty's Really Quick Guide To Packet Filtering

Most people just have a single PPP connection to the Internet, and don't
want anyone coming back into their network, or the firewall:

     ## Insert connection-tracking modules (not needed if built into
kernel).
     # insmod ip_conntrack
     # insmod ip_conntrack_ftp

     ## Create chain which blocks new connections, except if coming from
inside.
     # iptables -N block
     # iptables -A block -m state --state ESTABLISHED,RELATED -j ACCEPT
     # iptables -A block -m state --state NEW -i ! ppp0 -j ACCEPT
     # iptables -A block -j DROP

     ## Jump to that chain from INPUT and FORWARD chains.
     # iptables -A INPUT -j block
     # iptables -A FORWARD -j block

the above is all you need. If you want to read more...
<http://netfilter.filewatcher.org/unreliable-guides/index.html>

Craig

----:----|----:----|----:----|----:----|----:----|----:----|
- Craig White - PO Box 8634 - Scottsdale, Arizona - 85252
- e-mail address ................ - CraigWhite@AzApple.com
- world wide web address ........ - http://www.AzApple.com
- e-mail my pager address ....... - 6023779752@airtouch.net
- cellular phone ................ - (602) 377-9752
- voice/facsimile ............... - (480) 945-8445
----:----|----:----|----:----|----:----|----:----|----:----|