wake up this morning and

Discussion in 'OT Technology' started by johnnywallywallace, Apr 26, 2005.

  1. my desktop is offline, my laptop won't vpn to work, my linux router/dhcp server seems fine ... my desktop is displaying my IP addresses in hex??? when I run ipconfig, and there were two "pseudo-tunnel" entries ("serol"? maybe?) in the ipconfig info as well ... released dhcp, rebooted dhcp server/router, removed/reinstalled network adapter in system manager, rebooted desktop, polled dhcp ... no weird "pseudo-tunnel" entries now, but my IP still displays as hex ...

    WTF!?

    hijackthis found nothing ... running ad-aware and spybot now ...
     
  2. J

    J Active Member

    Joined:
    Nov 8, 2004
    Messages:
    31,686
    Likes Received:
    1
    Location:
    LA/OC
    i kept looking at your av in the corner of my eye while i was reading that :mamoru:

    wish i could help you.. i want to say haxx0r though.. :noes:
     
  3. oh and fresh IP info on the laptop from rebooted dhcp, IP's are fine, as normal ...

    and spybot found nothing ...

    also, I keep my grisoft avg up to date and scan regularly ... windows firewall running ... the linux router iptables firewall is probably swiss cheese, I never configured it well ...

    and, adaware found nothing ...

    again, I say, WTF!?
     
  4. that was my thought, but they'd have to have compromised both the linux router, which is probably poorly config'd, as well as my desktop, which is loaded with all the most recent updates to Windows, avg patches, etc. but that pseduo tunnel shit is really bugging me.
     
  5. actually "pseudo interface" might have been the term.
     
  6. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    sounds like ipv6 has been enabled. interfaces don't just create themselves, so ...
     
  7. true ... so I got used. I feel so dirty.

    solution? or at least, minimum cleanup steps? reinstall TCP/IP?
     
  8. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    i've debated the merits of a total reinstall before. some feel it is unnecessary, but my point is if you don't know how you were compromised in the first place, the best solution is a clean install, offline patching, and hardening the OS
     
  9. I kind of wonder if this jagoff didn't manage to cut the machine off before doing much of anything ... I couldn't access the net this morning, and there was no activity showing on the switch ...

    then again, I have had situations in the past when previously compromised machines were reformatted, and network performance for everyone on that switch improved drastically ... despite no obvious signs of ongoing compromise previous to rebuild ...
     
  10. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    you could nessus scan the box and see what it finds
     
  11. not familiar with nessus, I'll have to look into it.
     
  12. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
  13. whew, I'd have to dust off the linux router and actually see what kind of shape it's in. scary, but thx for the link.
     
  14. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    np. it's something to play with on a rainy weekend at least ;)
     
  15. but it doesn't rain in Rochester! it's not like the Ohio Valley and Lake Ontario love to dump (moisture) on us or anything ... ever!
     

Share This Page