Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Security Help

Reply
Thread Tools

Security Help

 
 
Al
Guest
Posts: n/a
 
      09-14-2004
I have a small network set up at home. NetworkEverywhere NAT
Firewall/Router (http://www.networkeverywhere.com/products/nr041.asp) with 2
Windows and 1 Debian computer. I recently added the people in the apartment
downstairs to my network. They have their own router (Lynksys) and 2
computers. Before I hooked the downstairs people in, I could not port scan
my network from outside (maybe I had a shitty port scanner, I don't know).
Today at work (while I had some free time) I decided to port scan my
computer. I used Network Activ Scanner to do the scan. When it was
finished there were several ports open on my network.

A few of these were:

Port Use
70 Gopher
389 LDAP
7070 ARCP
5900 ?
1494 Citrix
6667 IRC

When I done the scan all downstairs computers were turned off. I know I
don't have Citrix, LDAP or anything else running on my machines. I only
have SSH and a web server (Tomcat) on my Debian box. There are no IRC
clients on my computer.

I am a programmer, not a security expert, to me the scan seems to show that
a back door was installed on my computer. I read about viruses that install
a IRC client to issue commands to, I think citrix is used for remote logins,
rlogin was also detected and I never installed this I use SSH. I'm not sure
if I was taken over by a skiddie or if the computer that I plugged into my
network were already compromised.

Here are my questions: Do you think my computer is taken over? Is there a
tool similar to what skiddies use that I can run against my network that
will show the vulnerability instead of exploiting it and creating a back
door. Once my network is clean again what are some security tools I can use
to better monitor my network? Does this security course that I am thinking
of doing look good to you experts
(http://www.polarbear.com/outline_storage/PS613.pdf)? Its only a two day
course so I'm not sure if its a good one. My security knowledge goes as far
as a couple of security how-tos for Windows and Linux.

Thanks in advance for all your input,

Al


 
Reply With Quote
 
 
 
 
dono
Guest
Posts: n/a
 
      09-15-2004
On Tue, 14 Sep 2004 16:41:29 GMT, "Al" <(E-Mail Removed)> wrote:

>I have a small network set up at home. NetworkEverywhere NAT
>Firewall/Router (http://www.networkeverywhere.com/products/nr041.asp) with 2
>Windows and 1 Debian computer. I recently added the people in the apartment
>downstairs to my network. They have their own router (Lynksys) and 2
>computers. Before I hooked the downstairs people in, I could not port scan
>my network from outside (maybe I had a shitty port scanner, I don't know).
>Today at work (while I had some free time) I decided to port scan my
>computer. I used Network Activ Scanner to do the scan. When it was
>finished there were several ports open on my network.
>
>A few of these were:
>
>Port Use
>70 Gopher
>389 LDAP
>7070 ARCP
>5900 ?
>1494 Citrix
>6667 IRC
>
>When I done the scan all downstairs computers were turned off. I know I
>don't have Citrix, LDAP or anything else running on my machines. I only
>have SSH and a web server (Tomcat) on my Debian box. There are no IRC
>clients on my computer.
>
>I am a programmer, not a security expert, to me the scan seems to show that
>a back door was installed on my computer. I read about viruses that install
>a IRC client to issue commands to, I think citrix is used for remote logins,
>rlogin was also detected and I never installed this I use SSH. I'm not sure
>if I was taken over by a skiddie or if the computer that I plugged into my
>network were already compromised.
>
>Here are my questions: Do you think my computer is taken over? Is there a
>tool similar to what skiddies use that I can run against my network that
>will show the vulnerability instead of exploiting it and creating a back
>door. Once my network is clean again what are some security tools I can use
>to better monitor my network? Does this security course that I am thinking
>of doing look good to you experts
>(http://www.polarbear.com/outline_storage/PS613.pdf)? Its only a two day
>course so I'm not sure if its a good one. My security knowledge goes as far
>as a couple of security how-tos for Windows and Linux.
>
>Thanks in advance for all your input,
>
>Al
>

##########################
You said that the people downstairs have their own router. What about
your router? If you have a router, how did it pass the ports to the
machines? What internal block are you using? Is it different from
theirs? Just check the configuration. I don't think your network has
been owned. I don't use debian if it has an inetd.conf file, comment
out any services that you don't need.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Accessing higher security level from higher security level nderose@gmail.com Cisco 0 07-11-2005 10:20 PM
Going from higher security level interface to lower security interface- HELP!!! - AM Cisco 4 12-28-2004 09:52 PM
IT-Security, Security, e-security COMSOLIT Messmer Computer Support 0 09-05-2003 08:34 AM
How secure is the security from my security form? Aaron Java 1 08-04-2003 06:16 PM
MCSA: Security MCSE: Security question Rick Sears MCSE 0 07-29-2003 08:02 PM



Advertisments