My Linux Mint 15 may have bots

Questions about other topics - please check if your question fits better in another category before posting here
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
devenrai
Level 1
Level 1
Posts: 11
Joined: Tue Feb 14, 2012 5:35 am

My Linux Mint 15 may have bots

Post by devenrai »

Hello All,

I installed Mint 15 on a Lenovo T430S, with an SSD disk. It usually connects to the home wireless network through the Netgear WNR2000 router.

I notice that moments after I boot the laptop, I see strange IP addresses attached to my router:

(IP) -------------------------(Device Name)---------------------------------------------------------------------(MAC Address)
99.44.32.100 , x[i+ 0], 6 , -198630844); d = ii(d, a, b, c, x[i+ 7], 10, 1126891415 0A:20:20:20:20:62
105.103.110.61 d = ii(d, a, b, c, x[i+ 7], 10, 1126891415); c = ii(c, d, a, 78:74:22:3E:30:30
58.53.70.58 , 1126891415); c = ii(c, d, a, b, x[i+14], 15, -1416354905); 39:37:3A:42:41:3C

I have activated MAC filtering at the router, disabled WPS and I expect IP addresses only in the range 10.0.0.X, which is what happens when all my other computers are connected (smartphone, tablet, older laptops).

If I shutdown the T430S and powercycle the router, then I see only the IP addresses in the range I expect: 10.0.0.X.

I should admit that I had once installed a package "PortSentry" on the T430S, but then I un-installed it. I have run chkrootkit and rkhunter, and I do not see any problems.

The problem does not appear to be at the router (it is already been working as expected for three years), but with the Laptop itself (hardware or OS).

Has someone experienced it, or at least tell me how I can confirm if anything is malicious on my laptop?

Thanks a lot.

Best,

Devendra
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Top
nomko

Re: My Linux Mint 15 may have bots

Post by nomko »

First tip: turn of MAC filtering. With MAC filtering turned on it is easier for attackers to see which MAC addresses get access. The attacker then can easily copy a MAC address used opn your network and getting access to your network. This is called spoofing. MAC address filtering is just pointless.

Secondly, you mention that it's only on your laptop. Do you have any services running in the background?
Top
devenrai
Level 1
Level 1
Posts: 11
Joined: Tue Feb 14, 2012 5:35 am

Re: My Linux Mint 15 may have bots

Post by devenrai »

nomko wrote:First tip: turn of MAC filtering. With MAC filtering turned on it is easier for attackers to see which MAC addresses get access. The attacker then can easily copy a MAC address used opn your network and getting access to your network. This is called spoofing. MAC address filtering is just pointless.

Secondly, you mention that it's only on your laptop. Do you have any services running in the background?

Thanks nomko.

I will turn off MAC filtering, but to answer your second question: I have a dropbox client and Tor service running (tor relay seems to be enabled by default in recent Mint editions).

I also have the same 'services' running on older laptops running Mint 13 and Mint 14, which do not seem to cause 'attacks' that I referred to in my original post.

Thanks.

Devendra
Top
Locked

Return to “Other topics”