How to understand if i have been hacked and being monitored?!?!

On 2010-10-22 01:06, phantom74 wrote:

> this thought of mine is also because i suspect my chief to be sniffing
> my traffic and trying to filter my content. have any idea on how would i
> make sure he is not doing this without him noticing?

You could install snort. I don’t see it now in the main repos… it was, time ago. Ah, now it is in
“server:/monitoring”. Also ntop could be interesting. Both are passive, listen only.

Then, make sure what you is encrypted: mail, sessions…


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

On 2010-10-22 12:06, phantom74 wrote:
>
> by the way, i have noticed that im not having suse updates for a long
> time now, for 2 weeks now and i continue to have a key error regarding
> packman repo.

It has been commented somewhere else in the forums.
About not getting updates, I don’t see an update repo in your list, so that would be why.

> here are my repos:

> baseurl=http://packman.inode.at/suse/11.3
> baseurl=cd:///?devices=/dev/sr0
> baseurl=http://download.opensuse.org/distribution/11.3/repo/non-oss/
> baseurl=http://download.opensuse.org/distribution/11.3/repo/oss/
> baseurl=http://download.opensuse.org/source/distribution/11.3/repo/oss/

About your sessions, yes, they could be reopening. Nice feature, I did not know.


Cheers / Saludos,

Carlos E. R.
(from 11.2 x86_64 “Emerald” at Telcontar)

phantom74 wrote:
> this thought of mine is also because i suspect my chief to be sniffing
> my traffic and trying to filter my content. have any idea on how would i
> make sure he is not doing this without him noticing?

i assume the ‘chief’ is your boss, at work?

if so, and depending on what country you are working in and the terms
of your work’s personnel policies and/or union contracts, your chief
may have the authority to both sniff and filter…as well have you
removed if you try to tamper with his ability to legally do so…

until and unless you declare which country you are in, and provide
evidence you have legal immunity the from control of your electronic
communications while on the job–then, i won’t help you any more in
this matter…

and, i believe it would be counter to this forum’s Terms of Service
for anyone here to help you break the law…

if i’m wrong, i’m sorry i misunderstod what you wrote and ask your
pardon as you inform me of my mistake and offer rebuttal…


DenverD
When it comes to chocolate, resistance is futile.
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]
*

I second DenverD here. It seems like this is not your system, and your boss has the right to “sniff” what traffic you are causing. If you have any concerns about that, you should discuss it with your boss or the admin of your office, not with this forum.

thank you for your reply friend.

i am aware that in my country it is illegal to spy or collect personal data from employees, i am from Portugal, you can check this out at the site of the http://cnpd.pt which is the ‘national commission of data protection’.

applications like sniffers, key loggers, traffic sniffing, e-mail sniffing is completely forbidden to use against employees. there are some cases in some projects we implement because in terms of security we have to implement security tools but we cannot use them to spy on employees, only in very specific cases. we only use them to sniff suspicious traffic to specific servers and not to local workstations.*

not at all my friend, this is the company’s portable which i use to do my everyday tasks. but thank you anyway, i think i wont be having your help.

thx anyway.

Nonono, DenverD and me were asking, right?

Again, I recommend to talk to your boss about it. We actually can not help much.

ok, forget about it, its not a problem, ill deal with this.

thank you for your attention anyway.

hey buddy, thank you for your tip.

i made the output to that script if you wanna chek it out, i just ran it without any specific config:

output here: http://pastebin.com/rB97tSny

i am happy to hear you live in a country which still protects
individual rights…i wish it were the case in all countries…

there are lots of ways to keep folks out of your machine but none of
them are worth much if a boss (or anyone else) can boot the machine
when you are not around…and, there are ways to “set traps” so that
you can see if your machine has been tampered with (tripwire and
rkhunter spring to mind, but there are others) but you must take some
steps before the intrusion/attempt occurs…

depending on how technically inclined your boss is, he might be easy
to keep out or VERY difficult to detect (but, if you are protected by
law, why would he try? i’d say if you can’t trust your boss, MOVE)…

anyway, here is the kicker: just about 99.999% of the things you need
to do have nothing whatsoever to do with openSUSE only…i’d GUESS
over 99% of the applications/tips/tricks you seek are one of two
categories, and the one percent (or less) balance in category three:

  1. general computing security applicable to Linux, Mac, OS/2, Windows,
    iPods, etc etc etc

  2. security applicable to Linux and all/most *nix-like systems

  3. security applicable only to openSUSE.

which is why (or one of the reasons why) we have no security forum
here (though it has been asked for many times)–it is just too large
and too not-specific-to-openSUSE for the USERS who volunteer their
time here to get bogged down in…

see, i could tell you what i do but then none of that might be
applicable to your situation…and, anyhow i don’t really wanna say
exactly how i do what since that might invite some to try to actually
sneak in…

i’ll suggest this: immediately after your initial format/install,
install and run rkhunter…investigate the warnings it will throw up,
and if ok then mark them as ok…then run it often thereafter…


DenverD
When it comes to chocolate, resistance is futile.
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

If you’re worried about that kind of thing, it’s an impossible situation if you’re using the company network. Zillions of ways to monitor your computing behavior without touching your machine at all.

Tony

thanks for the comment D, i too still appreciate too much my freedoms to just give up of any of it just because someone is entitled “my boss” in a professional enviroment.

here is the result to chkrootkit, but it aperantly shows everything is ok:

http://pastebin.com/rB97tSny

would love to have some tips from you though, maybe you can pm me if you feel more confortable, i would appreciate them :slight_smile:

phantom74 wrote:
> would love to have some tips from you though, maybe you can pm me if
> you feel more confortable, i would appreciate them :slight_smile:

no, i don’t wanna go down that path with you (or anyone
else)…security is such a HUGE area (and i’m not a security guru by
any stretch of the imagination)…you need to dig into it if you feel
the need for more security than you have with a default
install…there are millions of words on it on the net and i wouldn’t
know the best place for you to start…

by the way, you used chkrootkit…i suggest you install and run
rkhunter…but, neither of them tell you anything worthwhile unless
you established a base line to compare to BEFORE any intrusion is
likely to have occurred…(crackers will salt your system to give the
“right answers” and hide their log entires, etc etc etc…once cracked
the next step is format and restore from a pre-crack backup)

well, you can start here:
http://www.novell.com/documentation/opensuse113/
which links to here:
http://www.novell.com/documentation/opensuse113/book_opensuse_reference/?page=/documentation/opensuse113/book_opensuse_reference/data/book_opensuse_reference.html


DenverD
When it comes to chocolate, resistance is futile.
CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]