Security Help

Discussion in 'Computer Security' started by Al, Sep 14, 2004.

  1. Al

    Al Guest

    I have a small network set up at home. NetworkEverywhere NAT
    Firewall/Router (http://www.networkeverywhere.com/products/nr041.asp) with 2
    Windows and 1 Debian computer. I recently added the people in the apartment
    downstairs to my network. They have their own router (Lynksys) and 2
    computers. Before I hooked the downstairs people in, I could not port scan
    my network from outside (maybe I had a shitty port scanner, I don't know).
    Today at work (while I had some free time) I decided to port scan my
    computer. I used Network Activ Scanner to do the scan. When it was
    finished there were several ports open on my network.

    A few of these were:

    Port Use
    70 Gopher
    389 LDAP
    7070 ARCP
    5900 ?
    1494 Citrix
    6667 IRC

    When I done the scan all downstairs computers were turned off. I know I
    don't have Citrix, LDAP or anything else running on my machines. I only
    have SSH and a web server (Tomcat) on my Debian box. There are no IRC
    clients on my computer.

    I am a programmer, not a security expert, to me the scan seems to show that
    a back door was installed on my computer. I read about viruses that install
    a IRC client to issue commands to, I think citrix is used for remote logins,
    rlogin was also detected and I never installed this I use SSH. I'm not sure
    if I was taken over by a skiddie or if the computer that I plugged into my
    network were already compromised.

    Here are my questions: Do you think my computer is taken over? Is there a
    tool similar to what skiddies use that I can run against my network that
    will show the vulnerability instead of exploiting it and creating a back
    door. Once my network is clean again what are some security tools I can use
    to better monitor my network? Does this security course that I am thinking
    of doing look good to you experts
    (http://www.polarbear.com/outline_storage/PS613.pdf)? Its only a two day
    course so I'm not sure if its a good one. My security knowledge goes as far
    as a couple of security how-tos for Windows and Linux.

    Thanks in advance for all your input,

    Al
     
    Al, Sep 14, 2004
    #1
    1. Advertising

  2. Al

    dono Guest

    On Tue, 14 Sep 2004 16:41:29 GMT, "Al" <> wrote:

    >I have a small network set up at home. NetworkEverywhere NAT
    >Firewall/Router (http://www.networkeverywhere.com/products/nr041.asp) with 2
    >Windows and 1 Debian computer. I recently added the people in the apartment
    >downstairs to my network. They have their own router (Lynksys) and 2
    >computers. Before I hooked the downstairs people in, I could not port scan
    >my network from outside (maybe I had a shitty port scanner, I don't know).
    >Today at work (while I had some free time) I decided to port scan my
    >computer. I used Network Activ Scanner to do the scan. When it was
    >finished there were several ports open on my network.
    >
    >A few of these were:
    >
    >Port Use
    >70 Gopher
    >389 LDAP
    >7070 ARCP
    >5900 ?
    >1494 Citrix
    >6667 IRC
    >
    >When I done the scan all downstairs computers were turned off. I know I
    >don't have Citrix, LDAP or anything else running on my machines. I only
    >have SSH and a web server (Tomcat) on my Debian box. There are no IRC
    >clients on my computer.
    >
    >I am a programmer, not a security expert, to me the scan seems to show that
    >a back door was installed on my computer. I read about viruses that install
    >a IRC client to issue commands to, I think citrix is used for remote logins,
    >rlogin was also detected and I never installed this I use SSH. I'm not sure
    >if I was taken over by a skiddie or if the computer that I plugged into my
    >network were already compromised.
    >
    >Here are my questions: Do you think my computer is taken over? Is there a
    >tool similar to what skiddies use that I can run against my network that
    >will show the vulnerability instead of exploiting it and creating a back
    >door. Once my network is clean again what are some security tools I can use
    >to better monitor my network? Does this security course that I am thinking
    >of doing look good to you experts
    >(http://www.polarbear.com/outline_storage/PS613.pdf)? Its only a two day
    >course so I'm not sure if its a good one. My security knowledge goes as far
    >as a couple of security how-tos for Windows and Linux.
    >
    >Thanks in advance for all your input,
    >
    >Al
    >

    ##########################
    You said that the people downstairs have their own router. What about
    your router? If you have a router, how did it pass the ports to the
    machines? What internal block are you using? Is it different from
    theirs? Just check the configuration. I don't think your network has
    been owned. I don't use debian if it has an inetd.conf file, comment
    out any services that you don't need.
     
    dono, Sep 15, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. AM
    Replies:
    4
    Views:
    891
  2. Replies:
    0
    Views:
    780
  3. Rick Sears
    Replies:
    0
    Views:
    524
    Rick Sears
    Jul 29, 2003
  4. COMSOLIT Messmer

    IT-Security, Security, e-security

    COMSOLIT Messmer, Sep 5, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    638
    COMSOLIT Messmer
    Sep 5, 2003
  5. Ablang
    Replies:
    2
    Views:
    604
    Gimpy
    Jun 10, 2006
Loading...

Share This Page