Re: pc compromesso [caso chiuso su ML debian-security]

To: debian-italian@lists.debian.org
Subject: Re: pc compromesso [caso chiuso su ML debian-security]
From: Dario <dario.java@gmail.com>
Date: Mon, 17 Mar 2014 12:09:23 +0100
Message-id: <5326D7E3.9080508@gmail.com>
In-reply-to: <20140316230445.D7B34608CA@smtp.hushmail.com>
References: <20140314192419.5E0912038E@smtp.hushmail.com> <53235A80.5050505@gmail.com> <20140315130121.5E162608CC@smtp.hushmail.com> <5324AEE6.30104@gmail.com> <20140315195458.EA80B608AE@smtp.hushmail.com> <28DEF0D2-C10E-42EF-B24D-432BF0E9AAF3@nonsolocomputer.com> <20140315210356.AA491608AE@smtp.hushmail.com> <B9675013-41F9-4E32-A7F3-99EED3AE67D4@nonsolocomputer.com> <20140315211436.3AAF8608AE@smtp.hushmail.com> <33B117F5-1949-430C-9185-20851D34D642@nonsolocomputer.com> <20140315215733.4DE34608CF@smtp.hushmail.com> <2436BE8E-A5E2-4935-8299-28A658DEF741@nonsolocomputer.com> <20140315223950.3D9BD608AE@smtp.hushmail.com> <CC8D72B8-5CEF-4883-AA7E-0C5D00668063@nonsolocomputer.com> <20140316230445.D7B34608CA@smtp.hushmail.com>

Il 17/03/2014 00:04, ybed0@hushmail.com ha scritto:

Ho loggato il trafico con wireshark,
http://stashbox.org/1440698/wireshark

e contemporaneamente l'uscita di lsof
http://stashbox.org/1440699/lsof

e l'uscita di netstat -anp
http://stashbox.org/1440700/netstat

Non ho programmi in esecuzione. Cosa potrebbe essere?


Scusami tanto ....., ma a che pro mandare stesse email
quì e in inglese sulla ml debian-security ????

Per le prossime volte, cerca di chiedere ad una sola ML.
Se non trovi risposte allora chiedi ad un'altra ML.

Riguardo il tuo problema (che dovrebbe essere: ho installato
Debian, sono andato su Internet BAM! macchina compromessa),
per esperienza posso dirti che:

*AA*<<"la maggior causa di una compromissione di un sistema
è da ricercare su ciò che sta tra la tastiera e lo schermo.>>

Riporto quanto ti hanno risposto sull'altra ML, giusto
per rendere partecipe chi in questa ML ti ha risposto.

On Mon, Mar 17, 2014 at 7:10 AM, ybed0 wrote:

I had nothing running (eg browsers or other clients). What could it be?


Looking at the wireshark Statistics -> Protocol Hierarchy tool, it
appears that random machines on the Internet are attempting to connect
to TCP and UDP ports 54424 and 59520. Linux on your computer is
responding to these packets saying that the ports are closed. The data
in the UDP packets is one of these lengths: 20 30 67 101 103. The
longer packets are more interesting. The have some strings like ping1
and find_node1. A web search for them turns up this page where some
folks are discussing a similar issue. It appears that this is to do
with the Kademlia distributed hash table. If the IP you are now using
has ever used any of the peer-to-peer networks listed in the
implementations section of the Wikipedia page about Kademlia, you will
probably see these connections/packets. I guess they will gradually
reduce over time as your IP address gets dropped by clients.

http://es.comp.hackers.narkive.com/jcAAu5K5/puerto-13406
https://en.wikipedia.org/wiki/Kademlia
https://en.wikipedia.org/wiki/Kademlia#Implementations

-- bye, pabs http://wiki.debian.org/PaulWise


A questo messaggio te hai risposto:

I do not know how to thank you!
I am trying snort wireshark etc. to solve,
and did not even know the existence of these tools LOL
Maybe I overdid it with the paranoia.
I apologize for disturbing the list.
So you say that I do not have to worry too much, I'll try.
Again, thank you


Caso risolto e "tutti vissero felici e contenti" .....
ma poi .. hai capito allora quale era la causa ??
(IMHO *AA*)

Buon pranzo
Dario

Reply to:

References:
- pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: Davide Prina <davide.prina@gmail.com>
- Re: pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: Davide Prina <davide.prina@gmail.com>
- Re: pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: mauro <mauro@nonsolocomputer.com>
- Re: pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: mauro <mauro@nonsolocomputer.com>
- Re: pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: mauro <mauro@nonsolocomputer.com>
- Re: pc compromesso
  - From: ybed0@hushmail.com
- Re: pc compromesso
  - From: mauro <mauro@nonsolocomputer.com>
- Re: pc compromesso
  - From: ybed0@hushmail.com

Prev by Date: Re: errore compilazione in sid
Next by Date: Re: processi e /proc e confusione
Previous by thread: Re: pc compromesso
Next by thread: Re: pc compromesso
Index(es):
- Date
- Thread