Compromised machine...help would be appreciated.

Status
Not open for further replies.

lg4l

New Member
Joined
Jan 18, 2020
Messages
5
Reaction score
0
Credits
0
I'm a recent Linux convert and it's been a blast these past sev mos. breaking Mint, re-installing, learning....rinse, repeat. But this a bit more serious.

Linux Mint 19.3...I'm contantly tinkering on this machine. I had every intention of learning how to PROPERLY utilize "secure boot" today and possibly attempt a FDE install. However, after realizing I was supposed to have installed Mint w/ secureboot DEactivated initially, I put it off.

Hours later, with some careless browsing behind me, I noticed something strange. I hadn't been online for hours and Network Manager was disco'd. GFW was also set to deny/deny bc I had tinkered with ITS interface some, too. I happened to peruse System Info and immediately noticed that a couple of mysterious USB devices were present. One was virtual USB Networking device (Realtek RL888...something), the other was labled as a Bluetooth device.

I should have been more vigilant gathering onfo, but I sort of panicked. I went to CLI and began looking at things admittedly, I understand little of. Iwconfig and ifconfig produced seemingly normal outputs. But several TTY's were being used and "C processes"(?) as well. I checked the GUI Sys Monitor and in the section after processes and resources (I believe it lists the drives/devices), instead of the usual 3-5 entries representing just MY partitions and removable media....there were over a dozen various devices at work.

One was in sys/F/ ....I believe. In CLI the Who command confirmed that at least two "devices" or processes were "online". I had remembered hearing about Virsch command for killing VM's, but I don't have it installed. I opened the folder in file sys as Root and tried to just delete the folder representing "C2" user/device/processes but it "wasn't allowed". I couldn't change ownership, permissions...so I shut down and here I am. On mobile. Asking for help if anybody has a moment, please.

I would have screenshots and better info but I wanted to shut down ASAP. Sorry for the noob verbosity, as well. I'm sure that I butchered the jargon and proper terminology. I'll be right here waiting/hoping for help. THANK YOU in adv.
 


My bad, this is in the right place.

Wiz

BTW any help appreciated
 
Hello, Wizard.

Long-time lurker, 1st-time poster.

I should also mention that I had DL'd quite a lot of various files of the P2P variety throughout the morning. I'm all but sure this is related.
 
About to format and re-install. The only real option in a situation such as this. Luckily, no important data lost. Well, aside from the aforementioned, dodgy DL's themsleves (Mr. Rogers Neigborhood, Seasons 3-6...).

I'm done with Mint and SystemD, I think.

All ears for any secure distro suggestions. Not that Mint can't be just fine and secure when you don't go willy-nilly DL'ing Mr Roger's episodes. I'd just like to try something else.

Void, perhaps? Better yet, Artic??
 
It very much sounds like you were downloading torrents without a vpn.

Either that or your browser has not been secured at all, and some dodgy site has chosen to load you up with a gob full of crap

I say this because I download an enormous number of torrents each week.....and have done for the past 5 (approx) years on this Linux machine without any adverse effects whatsoever.

I use airvpn.
I use Firefox browser with malwarebytes and ublock origin
 
Greetings.


No. VPN's do literally nothing for actual security. Unless you're calling "obfuscation" security -- which, it isn't -- that is false premise. VPN's are snake oil, by and large. They have some use-cases, of course. DL'ing torrents is definitely one of them. It's the most effective use of a VPN, these days, in fact.

In the past, VPN's were indeed tools of information security. No longer so but having access to one used to be absolutely essential to protect savvy users on public WiFi. In the early 90's, corporate entities' found they had a profound need for secure, 3rd party access to remote employees. This was the very genesis of VPN's as we know them today. But they have finally begun to migrate over to Software Defined Perimiter....zero-trust. "Black Cloud".

VPN's actually provide a massive attack surface. From domain controllers and infrastructure DHCP to DNS, switches and routers themselves. Again, they have a place. But their usefulness is waning on all fronts. In many more ways than I have already mentioned.

I, too, currently have an airVPN acct, as it were. It wouldn't have made a bit of difference today. These were direct DL's. Well, not actually "direct", per se. But I wasn't torrenting. Unless I care(d) to transfer access to my activities from one party (my ISP) over to several others (airVPN in Italy and the myriad, 3rd party data centers they employ al9ng the way in their so-called, private tunnel), there would not have been any benefit.
 
...as for the security of my browser, it's usually right where I need it to be in the tug-of-war, trade-offs between privacy and security (eg, OCSP stapling, CSP reports and the like).

Today, not so much...and I'm glad you said that, actually. It had been lost on me these past hours, that I had been so wanton. I'm meticulous in my typical browser prep and upkeep. Firefox, hardened replete with user.js, sanitized search engine data from the browser field (oft-overlooked by most), the bare-essential extensions such as uMatrix, cssexfilprotect, httpz, POOP, Temporary Containers, Decentraleyes, Request Control, Site Bleacher...little, if anything more.

I eschew more towars the privacy side. Iften forgo the CA certs and always avoid anyrhing Google and anything from Cloudflare. No EvilCorp safe browsing, no DoH or site access via Crimeflare, etc. But this morning, having just re-installed, I just completely forgot. LoL And certain measures would have likely protected me from myself had I employed them as I usualy do.

Stock Firefox, as is...it's no better than Google Chrome. I'm glad you mentioned this. Therein lies the biggest exploitable of them all: human error.
 
Last edited:
Not entirely sure if you have a question, or what your point is. However, if you have a security related issue, just remember there is not perfectly safe computing system, and SystemD has nothing to do with anything either.

In fact the closest you can come to a safe computer, is one that has been pounded into a pile of rubble, mixed into a few yards of concrete, with no power cord or network connection, and dumped to the bottom of the Marianas Trench.

Other than that, normal security, constant system and application updates, judicious use of elevated permissions, and user awareness will keep you safe.
 
Not entirely sure the OP actually cares too much....maybe he simply wished to have a rant......

has not been seen or heard from, since Jan 19 2020
 
He's a "player", and obviously does not use Linux for production or actual personal use. Which is fine, just don't need to grumble when applying random things which result in an undoing of an otherwise stable platform.
 
He's a "player", and obviously does not use Linux for production or actual personal use. Which is fine, just don't need to grumble when applying random things which result in an undoing of an otherwise stable platform.
That's the strangest thing! When I messed about with Fedora, removing programs I didn't need, things got unstable, not so with Zorin OS. Don't know why.

Anyway, my Zorin installation is doing fine. In my country they banned cigarettes and beer! Terrible! At least I still have Linux!
 
I'm just going to lock this thread, with a potential to delete pretty much all the new activity.
 
I concur. I am deleting the FUD, and other comments from Members in good standing. Those Members will understand the need to be accurate in Forum.

Chris Turner
wizardfromoz
 
Status
Not open for further replies.

Members online


Top