Comp got owned. Need advice.

Resently I totaly got owned. I left my computer on while I was sleeping and awoke to my firewall crashed, a proxy service running on my comp and a backdoor trojan. Also another prog was running which was spamming tons of people with windows messages. Along with my permissions on my power user account was tottaly f'ed up.

Well anyways, I disabled everything and tried to clean up and fix everything I could. I also checked my logs and I tracked it down to one ip. Im still debating on what I should do. Im guessing this person is going through a proxy or proxy's so its proly some other poor suckers ip. Any advise on what I should do. I was kinda thinkin about going after the ip I have and maybe go down the line ;-p.

Im done for now with windows lol. Back to Linux. Im deciding what linux distib I should install. Im wanting something thats more security oriented. I know they all are, how about instead just say what your favorite non windows os is and why you like it ;-p

http://www.antionline.com/showthread...&highlight=faq

THanks val, you make it too easy!

Quote:

---

how about instead just say what your favorite non windows os is and why you like it ;-p

---

linux ... cuz it's not windows :)

Quote:

---

What’s the best operating system?
There is no best operating system. Windows is the most dominant and easy to use but it has lots of problems. Linux is the most liked in the computer world. Versions of Linux include Mandrake, Red Hat, and SuSE.

---

http://www.antionline.com/showthread...hreadid=134076

I know there is no best OS. Im askin what peoples favorites are and why. Right now I have fairly uptodate versions of Redhat, Mandrake, SuSE, Slackware, Lindows and FreeBSD. Ive used Redhat a lot and Mandrake a little. As for the rest ive never used. Im just trying to figure out which one to install.

"Im just trying to figure out which one to install."

not lindows

Ok, do the following:

1. Unplug machine from network.
2. Make a complete backup, but ensure that you didn't overwrite your previous complete backup
3. Reformat the machine. This is the only sure way to remove all possibly mal-ware.
4. (this is the tricky bit)
After reinstalling necessary software such as AV,
Carefully restore your backup, making sure that any files with executable content are not restored from the
possibly modified backup files. Remember that AV won't detect all mal-ware.

When doing this you will want to be very careful. If you have company accounts or other similarly important things, you will want to validate them against previous versions on a clean backup, or a paper version, to ensure that they haven't been modified while the system was compromised.

Do not restore an executable files of any kind, either re-obtain them from the distribution media, or rebuild from source (get a clean copy of the source if possible and/or paranoid)

Anything which hasn't been modified since the pre-compromise backup should probably be restored from there instead for maximum safety.

5. Reinstall necessary software. Fully patch all programs that have any bearing on security
6. When you're completely happy with it, plug the network back in.

Slarty

I have worked on Redhat and Caldera. They are good.

But all depends on how much knowledhe u have. I woudnt recommend slackware for abeginner.
:)

Hi,

just a few paranoid remarks.............

1. If you have been "totally owned" there is no real alternative other than to start from scratch, format HDD and re-install OS. I would beware of ANY backups......you may just re-install the problem. The Arctic Hare is correct...as usual. (sorry slarty :) )

2. You went to sleep with your computer turned on..................... you are lucky to be alive....suppose it caught fire? I always turn all my stuff off at night....... it saves me about $140 a year in electricity anyways. That is a reasonable amount of beer, as I see/drink it.

3. Use whatever operating system(s) you feel comfortable with...there is no "best" I am quite happy with Windows, I like Sun Solaris (but cannot afford it personally :( ), I have used a variety of *nix, RPG with OS/38, OS/400..............

4. Life is as safe as you make it for yourself...........Afghanistan...........???.......do you carry an AK47 or an M16?.....sorry you must be an officer AR-15?

:D

God Bless and stay lucky

Well Smiles, I hate to be the one to do it, but I think it needs to be done... so I am gonna lay into you a little.

Quote:

---

Resently I totaly got owned. I left my computer on while I was sleeping and awoke to my firewall crashed, a proxy service running on my comp and a backdoor trojan. Also another prog was running which was spamming tons of people with windows messages. Along with my permissions on my power user account was tottaly f'ed up.

---

What did you learn from all of this? Well I have a few questions for you...

Why does your system remain online if the firewall is down? This is an awful design for obvious reasons.
Why do you allow remote installtion of software?
Why do you allow remote maniptulation of the security policy?
Why do you allow remote activation of services?

Quote:

---

Well anyways, I disabled everything and tried to clean up and fix everything I could. I also checked my logs and I tracked it down to one ip. Im still debating on what I should do. Im guessing this person is going through a proxy or proxy's so its proly some other poor suckers ip. Any advise on what I should do. I was kinda thinkin about going after the ip I have and maybe go down the line ;-p.

---

http://www.cert.org/tech_tips/win-UN...ompromise.html
I think it is likely the "attacker" did not originate from the logged IP (and it seems odd they would let these logs survive when they had such complete control of such a poorly configured system.) and I think we both know that the likelihood of you tracking anyone down is slim to none.
Moving right along...

Quote:

---

Im done for now with windows lol. Back to Linux. Im deciding what linux distib I should install. Im wanting something thats more security oriented. I know they all are, how about instead just say what your favorite non windows os is and why you like it ;-p

---

This is the part that bugged me... "wah! I can't use this system so I am just going to switch to something else because I once heard it was better. Perhaps this would be a good time to learn how to administer a system to be secure (the NT line has significant centralized documentation and auditing tools for this exact topic) rather than just jumping from one system to the next and blaming the system for the problems.

You say you want something that is more security oriented, yet you wish to switch to a system that uses a monolithic kernel, less finely grained access controls, no segregation of administrators and operators, no trusted paths, no secure logon sequence, no secure subsystems, a lack of integrated file system key management, single command/multi actioned security policy (impossible to predict rights propigations), and the lack of a trusted facilities manual (which is really what you need most it would seem).

My favorite non-windows OS? Normally I'd say AITOS, but that is still in development and not overly useful for anything other than an integrated ERP guard OS just yet... so I'd have to say that KSOS running a collection of various project software from a NeXTStep inspired GUI to multi level secure aware NFS, HTTP, FTP, and SMTP servers all on PDP 11/70 emulation on a 21364 system. Why? Because I like running an OS designed by Ford and I like having a system that is theoretically secure from remote attacks (ah the beauty of finite state machines) makes for good bragging rights... ;)

catch

Nice post catch,


I would have given you greenies just for the hell of it...but the system won't let me...got to spread them or something.........PDP11/70...................arrrrrrrrrrgh! the nostalgia :bawling:

Fine kit, and an excellent answer IMHO

Cheers