For those who like to solve a mystery...

Blu_2

New Member
After much reading of the forums to find answers, I registered today in hope of getting advice on a problem no single solution really covers.
I considered posting in a security area so people would not look at me as if I had 3 heads and a tail , but I'll take my chances in General.

I've spent some time studying security, on Windows machines, and it was of course inevitable that I'd move to Linux for my own personal and professional needs. I just began that transition and am learning Linux basics.

However, my workspace so to speak was a mess with old pcs and other internet capable devices and here's a problem I need help with:

There seemed to be, in this big house, some device with the annoying habit of polluting any new device with various files for ms file sharing, and if it was just a matter of network files for printing gone wrong or something a good password change would fix, I'd be good. But somehow I wind up with a microsoft network showing up before I even get started checking a new Linux iso burned to a USB and in no time the firewall I activated is no longer activated and won't let me do so.

I'm not a network technician, I'm just learning really after tinkering with any old pc I could bring to life again, or not. A tech on the ms site suggested some Azure network portal having file sharing permissions, and yes I did encounter azure files while digging around but he was pretty vague about it. When pressed, there was some issues, it seems, of attacks on Netgear routers among others and passwords made available to file-sharing um enthusiasts bent on turning everyone's device into a file sharing server.

If you're confused so am I because I did as he said and removed everything from the area I could find, since disabling all file sharing altogether did not work. I think I'll go scorched earth here after getting a new tp-link wired router and getting rid of the Wifi router for now and completely depriving any old computer of all possible power and/or moving that stuff to the storage shed. Odd I know but hey, the ms tech suggested it. Nothing running windows at all is in the house at the moment.
But I have an old Dell 4050 that was a windows machine and would like to make it exclusively a Linux machine. I tried a live Mint usb on a Dell 4020 laptop but had the same results as described above, it seemed I lost control of my own firewall and soon it seemed to be making preparations to become basically a file server. I just shut it down rather than connect to the internet. It had no hard drive in it, I'd taken it out. Only the bootable Mint usb. I didn't make that myself, I bought the usb with Mint already on it. Not sure if I should mention from whom, just happen to see it on amazon.
I do need to download the appropriate distro, probably Mint, check it properly, and have only a windows laptop to do it.

Before I attempt any of that I did want to ask if anyone had had a similar problem, and if someone with more experience with using windows machines exclusively for Linux, and maybe networking experience, can offer advice as the subject kind of has more than one issue with apparently stray windows files and I'm just not certain how to proceed.
 


atanere

Well-Known Member
so people would not look at me as if I had 3 heads and a tail
Hello @Blu_2, and welcome. I'll try not to be so rude as that, and I don't mean to offend you... but I call BS on your story (in a friendly tone). :D

If you have a house full of virus or malware infected machines, then (some of) my comments below may be moot. Rogue malicious programs may do all kinds of things with Windows. But to extend your story of problems on to Linux is much less likely.

In normal circumstances, not even Windows computers in the same home will share files unless, and until, some amount of network configuration is done. Microsoft made that fairly easy with "Windows Home Networking"... but each new device with Windows will NOT automatically connect.... they must first share one or the other computers Windows Home Networking password as a minimum.

If not using Windows Home Networking, and if each of your devices is having files forced on it, it's from the internet (excepting viruses and/or malware). But a fresh install of Windows should not go get weird rogue files... well, except those that Windows Updates gives you. With Windows 10, you can't decline their updates like you could with earlier versions.

Making Windows share files with Linux is quite a bit more difficult than Windows Home Networking, and Linux will not do Windows Home Networking at all. In my opinion, not even a virus/malware would be capable of transferring from Windows to Linux computers in your home network without you first providing that capability.


Only the bootable Mint usb. I didn't make that myself, I bought the usb with Mint already on it. Not sure if I should mention from whom, just happen to see it on amazon.
Linux will in no way download or become corrupted on its own with Microsoft junk, but you did open the door here to another possible malware scenario. No need to accuse the company you bought from, but you should not install anything from untrustworthy sources. With all of your troubles, you should only download a Linux .iso file directly from the developer, and you should run a MD5 or SHA256 checksum on that file to be sure it is complete and uncorrupted before burning it to a USB.


I don't know what problem(s) you are really having, but I don't think it is what you are describing to us. Networking just doesn't work like that, except maybe for a malware infection.

And with all that said, I don't pretend to be a genius... so maybe someone else on here will correct me. I've been corrected before, and I don't mind... I'm more than happy to eat my words. :D

But good luck to you! I mean that! Learning the true problem and finding a solution will probably be a good experience.

Cheers
 

Nik-Ken-Bah

Active Member
@Blu_2
G'day and welcome.
I agree with @atanere about downloading Linux distros from the head source as they provide the MD5 and the SHA 256 check sums so that you can check the integrity of your download.Downloading from some other source is asking for problems.
I run Linux Mint which I downloaded from the Linux Mint web site through windows and used a little program that was made to run on windows to check MD5 and SHA checksums with Linux Mint providing the check sums so that I could verify the integrity of ISO file.
 

poorguy

Well-Known Member
I would never trust anyone to download an OS onto a usb device.

Take and go to Linux Mint and download and create your own bootable DVD.



Take one computer and connect it to your internet via Ethernet cable and insert the bootable DVD you create and boot from that and see what happens.

My point being is you create your own known bootable media for a test drive.

In five years of using Linux I've never checked the MD5 / SHA 256 check sums.

I download and create bootable and use it although others seem to hold a lot of faith in checking the MD5 / SHA 256 check sums.
 

Blu_2

New Member
Thank you all, I agree that I'm likely the source of the problem, as I've deliberately asked for trouble on occasion while studying security issues. Never with any Linux distro even close although I'm sure it would remain unaffected without my input.
I've read much on doing a proper integrity and authenticity check. I think I bought that mint usb only because I passed by it while ordering something else and had no intention of connecting to the internet without the rather lengthy procedure of securing it which I was studying about at the time (I can't remember the man's name who wrote the book in question but I notice his Linux security work all over now). I know it's difficult for many people to imagine a machine with all radio disabled and firewalled suddenly accomplishing an internet connection and disabling that firewall but it's not a spooky ghost or the van across the street, it's malicious code. I think:oops::D
Just kidding. Sort of lol. Not that any here would think so but I fail to get help a lot when people don't believe a botnet or DOS attack happens to normal people.
If I'd not been distracted by my daughter starting a smilie war via text I'd have mentioned that my email logs ip addresses of log ins and I had issues at the time of losing my vpn connection and the ip addresses of half my log in attempts were ms servers. I'm certain I have those written down but I'd aggressively swept the place of any ms OS as well as devices connected. Not recently. I throw it out there only because I'm very curious and know many here are network professionals.
I will most certainly be cautious and download and check the distros I choose carefully, but you Win users will have to forgive me for loathing the very idea of downloading anything onto a Win machine and a usb where ms has promptly placed a file that will remain without drastic measures and is locked tight. I understand it but just don't like it. One gets paranoid studying security. But you want security people paranoid by default I'm sure.
In any case I have no choice as the device I wanted may take another month or so to get here, with the latest Mint release only, and I have 2 routers to set up and secure.
And, several very nice laptops and desktops that started life as win machines but now have no storage drive:rolleyes: but that's for another day.

Did I mention I'm a writer?
No I don't expect people to read all that. Only those determined lol. Thanks for tolerating it, it helps me think.
 

Blu_2

New Member
One question though, I notice people still mentioning DVD and can't see the advantage over live USB at all. I have a nice fresh 64 gb USB stick ready I paid a bit for and am curious.
 

Nik-Ken-Bah

Active Member

Blu_2

New Member
Thanks, I should clarify the question I asked I think...
DVD/USB depending on several factors regarding what I'm trying to do or what I have available but being in the habit years since of not bothering much with DVD at all I wondered if I'd missed an advantage here...
 

Nik-Ken-Bah

Active Member
in the habit years since of not bothering much with DVD at all I wondered if I'd missed an advantage here..
The only advantage I can see that you have a copy that is not liable to accidentally erased by throwing something onto it, unlike the USB stick and also less likely to be lost accidentally by carrying it in a pocket and going somewhere without a second thought.
I have a copy of Ubuntu on a disc as I did not have a USB stick at the time, or so I thought, nor the knowledge about such issues. ( have to dig it out and give it a run now that I am slightly more knowledgeable on the subject of Linux. ) The disc was cut a year or so ago now.
But with USB it is much easier to create a bootable medium and also quicker and less fiddly than cutting a disc.
 

Vrai

Active Member
One question though, I notice people still mentioning DVD and can't see the advantage over live USB at all. I have a nice fresh 64 gb USB stick ready I paid a bit for and am curious.
Actually I can think of at least ONE advantage. Most generally when writing (burning) to an optical disc the option is given to "close" the session. This would preclude any more (potentially unwanted) data from being written to the disc. I cannot remember for sure but I do not recall being given the option to "close" a disc for writing after burning an ".iso" (such as a Linux 'Live' or install disc). I believe the .iso is written as an "image" file - meaning it is written as all one big blob and after being burned to disc cannot be changed unless the disc is purposely written to make it available for additional data (in which case it probably wouldn't boot).
So yes, a DVD may have an advantage over a USB which can be written to by anyone at any time :)
 

atanere

Well-Known Member
Thanks, I should clarify the question I asked I think...
DVD/USB depending on several factors regarding what I'm trying to do or what I have available but being in the habit years since of not bothering much with DVD at all I wondered if I'd missed an advantage here...
With all the weird stuff happening, I think I would go with DVD if it is available for you to put Linux on, and then to use it to boot up other computers in your home (and erase them!). The reason: once you burn Linux to the DVD, it is "closed" by the burning software and it cannot be written to further. Uhhh, be sure to use DVD-R or DVD+R disks, not DVD-RW. Especially do not use USB "with persistence" as it is designed to have more data written to it in order to save things. USB without persistence might be okay, but I still think in your situation that I would use DVD

DVD will be slower than USB. But until you get everything cleaned out, I would put up with that.

It may still be questionable whether you can get a clean Linux download and get it cleanly installed on a DVD without some malicious intervention. I don't know the answer to that. I might enlist the help of a friend to download and burn the DVD for me. You need a good, solid, safe starting point... and a Linux DVD could provide that

You have so many things that seem to be happening that it may be impossible to find the source of your troubles. I would really erase every computer you have, I would do a factory reset on tablets and phones, and I would take a long hard look at your router too! The firmware of routers have been compromised in some cases... I would Google the heck out of your brand/model of router to see if you have any vulnerabilities there. And I would probably reset the router as well and start the network all over again.

I don't think you can work out these issues within a "big picture" model of your current home network environment. I think you need to start over from scratch, and bring back devices slowly, one at a time.

Cheers
 
Last edited:

Vrai

Active Member
After much reading of the forums to find answers, I registered today in hope of getting advice on a problem no single solution really covers.
I considered posting in a security area so people would not look at me as if I had 3 heads and a tail , but I'll take my chances in General.

I've spent some time studying security, on Windows machines, and it was of course inevitable that I'd move to Linux for my own personal and professional needs. I just began that transition and am learning Linux basics.

However, my workspace so to speak was a mess with old pcs and other internet capable devices and here's a problem I need help with:

There seemed to be, in this big house, some device with the annoying habit of polluting any new device with various files for ms file sharing, and if it was just a matter of network files for printing gone wrong or something a good password change would fix, I'd be good. But somehow I wind up with a microsoft network showing up before I even get started checking a new Linux iso burned to a USB and in no time the firewall I activated is no longer activated and won't let me do so.

I'm not a network technician, I'm just learning really after tinkering with any old pc I could bring to life again, or not. A tech on the ms site suggested some Azure network portal having file sharing permissions, and yes I did encounter azure files while digging around but he was pretty vague about it. When pressed, there was some issues, it seems, of attacks on Netgear routers among others and passwords made available to file-sharing um enthusiasts bent on turning everyone's device into a file sharing server.

If you're confused so am I because I did as he said and removed everything from the area I could find, since disabling all file sharing altogether did not work. I think I'll go scorched earth here after getting a new tp-link wired router and getting rid of the Wifi router for now and completely depriving any old computer of all possible power and/or moving that stuff to the storage shed. Odd I know but hey, the ms tech suggested it. Nothing running windows at all is in the house at the moment.
But I have an old Dell 4050 that was a windows machine and would like to make it exclusively a Linux machine. I tried a live Mint usb on a Dell 4020 laptop but had the same results as described above, it seemed I lost control of my own firewall and soon it seemed to be making preparations to become basically a file server. I just shut it down rather than connect to the internet. It had no hard drive in it, I'd taken it out. Only the bootable Mint usb. I didn't make that myself, I bought the usb with Mint already on it. Not sure if I should mention from whom, just happen to see it on amazon.
I do need to download the appropriate distro, probably Mint, check it properly, and have only a windows laptop to do it.

Before I attempt any of that I did want to ask if anyone had had a similar problem, and if someone with more experience with using windows machines exclusively for Linux, and maybe networking experience, can offer advice as the subject kind of has more than one issue with apparently stray windows files and I'm just not certain how to proceed.
I'm not a 'networking guru' but from what you have described it sounds to me like your router may have been infected.
Usually the routers firmware can be overwritten with a known good version downloaded from the manufacturers website [from the "manufacturers" website!].
Try that and see what happens.
When you mention a firewall being turned off are you referring to the software firewall included with your operating system or do you have a hardware firewall appliance?
Something here is not adding up! :) ¯\_(ツ)_/¯
 

Blu_2

New Member
With all the weird stuff happening, I think I would go with DVD if it is available for you to put Linux on, and then to use it to boot up other computers in your home (and erase them!). The reason: once you burn Linux to the DVD, it is "closed" by the burning software and it cannot be written to further. Uhhh, be sure to use DVD-R or DVD+R disks, not DVD-RW. Especially do not use USB "with persistence" as it is designed to have more data written to it in order to save things. USB without persistence might be okay, but I still think in your situation that I would use DVD

DVD will be slower than USB. But until you get everything cleaned out, I would put up with that.

It may still be questionable whether you can get a clean Linux download and get it cleanly installed on a DVD without some malicious intervention. I don't know the answer to that. I might enlist the help of a friend to download and burn the DVD for me. You need a good, solid, safe starting point... and a Linux DVD could provide that

You have so many things that seem to be happening that it may be impossible to find the source of your troubles. I would really erase every computer you have, I would do a factory reset on tablets and phones, and I would take a long hard look at your router too! The firmware of routers have been compromised in some cases... I would Google the heck out of your brand/model of router to see if you have any vulnerabilities there. And I would probably reset the router as well and start the network all over again.

I don't think you can work out these issues within a "big picture" model of your current home network environment. I think you need to start over from scratch, and bring back devices slowly, one at a time.

Cheers
Yes, I've chosen the nuclear option, and I sit sipping my coffee in the middle of a still-smoking scorched-earth environment with only my iPhone, and cellular connection, and if my iPhone is nervous it should be because because it's next as soon as I'm satisfied with my strategy.
Some think it extreme but I think I had 6 cell phones present, 5 laptops in various states of consciousness and 4 desktops. And some other stuff with bothersome internet connection abilities.
I feel certain it was my router involved and those I involved in protecting it are following my progress with interest. They suggested I stick to cellular until I've laid all to waste and began rebuilding Rome here.
The DVD is a wonderful idea, for the reason you both pointed out, thanks so much. I have a shiny new wired router, a wifi router I may activate later, and a better one that needs DD-WRT flashed later.
Software firewall is what it was, and although I pulled the plug on that operation immediately I still have the device and USB elsewhere and will be investigating that mess.
I have a mini with pfsense but never put that guy in the game yet, it's yet another project lol.
 

atanere

Well-Known Member
A firewall won't be (too) critical running a Linux DVD, but when you get to the point of installing Linux on a hard drive, be sure to enable the firewall first thing. With Ubuntu or Linux Mint, a simple terminal command of sudo enable ufw will turn it on immediately and load it with every reboot.

Someone may have explained to me before why Ubuntu and Mint (and maybe others) do not enable the firewall by default, but it sure seems silly to me that they don't. Anyway... don't forget! :cool::p:D
 

poorguy

Well-Known Member
why Ubuntu and Mint (and maybe others) do not enable the firewall by default,
Have a read.

Have a read.

The below is taken from the link above. Go to section 1.2.

Understanding Firewalls
1.2. A firewall is a security tool that monitors and polices network traffic. You can use a firewall to protect your system from malicious incoming traffic.

If your firewall is turned off, then in many cases your system won't be protected. So in this section, you will learn to enable and disable your firewall and check its status.

1.2.1. Firewall: Turning it On, Checking its Status and Disabling it
A firewall is already installed by default. It's called IPtables. IPtables can be managed through the terminal application Uncomplicated Firewall (ufw) and the graphical application Gufw (the G stands for "graphical"), both of which are also installed by default.

By default the firewall isn't activated, because in a default installation it's not needed. Background information for advanced users: this is because behind the ports that are exposed to the internet, there aren't any listening services. At least not in a standard installation. An attacker can't do anything without a listening service that keeps a port open.

However, in certain cases you do need a firewall. For instance when you share an unprotected wireless network in a fastfood restaurant, or when you've activated some services on your computer. So in order to be on the safe side, I advise to turn on the firewall in all cases.

You can turn on the firewall by means of the terminal (yikes!). This is how you do it:

Launch a terminal window.
(You can launch a terminal window like this: *Click*)

Copy/paste the following command line into the terminal:

sudo ufw enable

Press Enter. Type your password when prompted. In Ubuntu this remains entirely invisible, not even dots will show when you type it, that's normal. In Mint this has changed: you'll see asterisks when you type. Press Enter again.

Uncomplicated Firewall (ufw) has a sensible set of default settings (profile), which are fine for the vast majority of home users. So unless you have special wishes: you're done!

With this command line you can check the current status of the firewall:

sudo ufw status verbose

Press Enter.

When it's enabled, the output should resemble this:

[email protected]:~$ sudo ufw status verbose
[sudo] password for pjotr:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing) disabled (routed)
New profiles: skip
[email protected]:~$


I've printed the most important message in red: this output basically means that all incoming traffic is denied and all outgoing traffic allowed.

There are sensible exceptions in the default firewall settings (rules), which should ensure that the firewall is never in the way of normal average use. For example, with the default profile the use of Samba should be no problem. Also downloading torrents (fetch) should be possible; but seeding torrents (serve), might require a temporal disabling of ufw.

It's easy to disable the firewall (should you wish to do so) with this terminal command:

sudo ufw disable

Press Enter.

If you're interested in the full set of firewall rules, see the output of:

sudo ufw show raw

You can also read the firewall rules files in /etc/ufw (the files whose names end with .rules).
 

atanere

Well-Known Member
However, in certain cases you do need a firewall. For instance when you share an unprotected wireless network in a fastfood restaurant, or when you've activated some services on your computer. So in order to be on the safe side, I advise to turn on the firewall in all cases.
From your spoiler. And this paragraph I totally agree with.... turn on the firewall, in all cases. The latest Linux Mint "Welcome Screen" nudges users to enable Timeshift, run Updates, and check the firewall status. Why not turn it on by default, and tell users they may need to disable it if it breaks things? Which is going to be the more likely problem? I would err on the security side instead of fear of breaking a connection that needs a port open.

Well, they are smarter than I am, and they provide the distros to us for free. I just don't happen to agree with this policy. Actually, I don't agree with Mint's changed policy where they now show ***** characters when you type in your password in the terminal either. These seem like a "dumbing down" of security because users get confused. It is possible to again hide the ***** characters, but most people won't take the time or trouble... and most people don't even realize it. Oh well. :D

Cheers
 

poorguy

Well-Known Member
Well, they are smarter than I am,
I sometimes wonder about that and no I'm not as smart as they are.

I know enough about Linux to get keep confused and get me into trouble. :D

Actually, I don't agree with Mint's changed policy where they now show ***** characters when you type in your password in the terminal either. These seem like a "dumbing down" of security because users get confused.

Cheers
Exactly why I've migrated back to Debian and Debian based distros.

I'm going to give openSUSE another go although somewhat of a learning curve however not nowhere close to the learning curve Arch or Fedora comes with.
 

Members online


Latest posts

Top