My Linux Mint 15 may have bots

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post please read this

My Linux Mint 15 may have bots

Postby devenrai on Sun Oct 13, 2013 3:01 pm

Hello All,

I installed Mint 15 on a Lenovo T430S, with an SSD disk. It usually connects to the home wireless network through the Netgear WNR2000 router.

I notice that moments after I boot the laptop, I see strange IP addresses attached to my router:

(IP) -------------------------(Device Name)---------------------------------------------------------------------(MAC Address)
99.44.32.100 , x[i+ 0], 6 , -198630844); d = ii(d, a, b, c, x[i+ 7], 10, 1126891415 0A:20:20:20:20:62
105.103.110.61 d = ii(d, a, b, c, x[i+ 7], 10, 1126891415); c = ii(c, d, a, 78:74:22:3E:30:30
58.53.70.58 , 1126891415); c = ii(c, d, a, b, x[i+14], 15, -1416354905); 39:37:3A:42:41:3C

I have activated MAC filtering at the router, disabled WPS and I expect IP addresses only in the range 10.0.0.X, which is what happens when all my other computers are connected (smartphone, tablet, older laptops).

If I shutdown the T430S and powercycle the router, then I see only the IP addresses in the range I expect: 10.0.0.X.

I should admit that I had once installed a package "PortSentry" on the T430S, but then I un-installed it. I have run chkrootkit and rkhunter, and I do not see any problems.

The problem does not appear to be at the router (it is already been working as expected for three years), but with the Laptop itself (hardware or OS).

Has someone experienced it, or at least tell me how I can confirm if anything is malicious on my laptop?

Thanks a lot.

Best,

Devendra
devenrai
Level 1
Level 1
 
Posts: 10
Joined: Tue Feb 14, 2012 5:35 am

Linux Mint is funded by ads and donations.
 

Re: My Linux Mint 15 may have bots

Postby nomko on Sun Oct 13, 2013 3:16 pm

First tip: turn of MAC filtering. With MAC filtering turned on it is easier for attackers to see which MAC addresses get access. The attacker then can easily copy a MAC address used opn your network and getting access to your network. This is called spoofing. MAC address filtering is just pointless.

Secondly, you mention that it's only on your laptop. Do you have any services running in the background?
ASUS P5KPL-AM SE*Intel Core2 Quad CPU Q8200*4 GiB ram*nVidia GeForce 9500GT*Realtek RTL8101/8102E*Optiarc DVD-RW AD-7200A*HDD:Samsung HD501LJ/HD103SI*Sitecom X5-N600 Router (WLR-5100)

My personal website
User avatar
nomko
Level 9
Level 9
 
Posts: 2524
Joined: Sat Feb 25, 2012 7:28 pm
Location: The Hague, The Netherlands

Re: My Linux Mint 15 may have bots

Postby devenrai on Sun Oct 13, 2013 3:40 pm

nomko wrote:First tip: turn of MAC filtering. With MAC filtering turned on it is easier for attackers to see which MAC addresses get access. The attacker then can easily copy a MAC address used opn your network and getting access to your network. This is called spoofing. MAC address filtering is just pointless.

Secondly, you mention that it's only on your laptop. Do you have any services running in the background?


Thanks nomko.

I will turn off MAC filtering, but to answer your second question: I have a dropbox client and Tor service running (tor relay seems to be enabled by default in recent Mint editions).

I also have the same 'services' running on older laptops running Mint 13 and Mint 14, which do not seem to cause 'attacks' that I referred to in my original post.

Thanks.

Devendra
devenrai
Level 1
Level 1
 
Posts: 10
Joined: Tue Feb 14, 2012 5:35 am


Return to Other topics

Who is online

Users browsing this forum: No registered users and 1 guest