Hi all, I will try to explain my problem in a field I am totally ignorant
For almost tree months I did not use internet; hardware problems with my d-link box... I did not bother to fix it as I was in no mood to check mail or browse internet, ( it happens...) - I connect through a local area network - It came as a surprise when , a couple of days ago, my friend network administration told me that he saw me online ...as a first step , after fixing the d-link problem I changed my password but the "problem " persisted, I could actually see on my friends computer screen my name online, and I was not able to connect from my PC; I was receiving the message "network unreacheble" after pinging my IP...
He tryed unsuccesfully to localise from where this guy was connecting, but only could define the area...he used the phrase about the guy being "behind the firewall" ...and his MAC address getting lost...and using my IP with a different MAC... Sorry, I can not be more specific as networking is definetly not my field,
The MAC has being disabled now and my IP has to be changed I believe...I was wondering if there is a way to find out who did it, and if that changing the IP would be enough... Any help would be appreciated... santo
Les réponses au message de Santo (nanci@auroville.invalid.org)
> Hi all, > I will try to explain my problem in a field I am totally ignorant > For almost tree months I did not use internet; hardware problems with my > d-link box... I did not bother to fix it as I was in no mood to check mail > or browse internet, ( it happens...) - I connect through a local area > network - It came as a surprise when , a couple of days ago, my friend > network administration told me that he saw me online ...as a first step , > after fixing the d-link problem I changed my password but the "problem " > persisted, I could actually see on my friends computer screen my name > online, and I was not able to connect from my PC; I was receiving the > message "network unreacheble" after pinging my IP... > He tryed unsuccesfully to localise from where this guy was connecting, but > only could define the area...he used the phrase about the guy being > "behind the firewall" ...and his MAC address getting lost...and using my > IP with a different MAC... > Sorry, I can not be more specific as networking is definetly not my > field, > The MAC has being disabled now and my IP has to be changed I believe...I > was wondering if there is a way to find out who did it, and if that > changing the IP would be enough... Any help would be appreciated... > santo
You PC's MAC address (defined by your network card/chip) does not go beyond the first router, so that is not relevant. Changing the IP is a total red herring too - very seldom does an IP address define security on the public internet, and if it does, it is a poor way to do it.
Could you define "online" more properly please. Online on what server/service/forum/chat root/etc. There is insufficient information to give a meaningful reply to this. Guessing, someone nicked your login and password to something.
In the vaguest and most general sense, changing all your passwords (at least the ones that matter) is the most sensible thing you can do if you suspect foul play.
Santo : > He tryed unsuccesfully to localise from where this guy was connecting, but > only could define the area...he used the phrase about the guy being > "behind the firewall" ...and his MAC address getting lost...and using my > IP with a different MAC...
Phone your ISP and tell them to change your password.
Now your problem is to find out how he got your password. Telnet and ftp transmit passwords in cleartext. Use ssh. If you don't need to ssh into your box from elsewhere, don't run sshd.
What services do you have running on your box? Are you sure you need them? If so, lock them down.
Hopefully, he's not done anything dastardly (spamming, cracking, ...) that will trace back to you.
-- Any technology distinguishable from magic is insufficiently advanced. (*) Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
S. keeling : > santo : > > > He tryed unsuccesfully to localise from where this guy was connecting, but > > only could define the area...he used the phrase about the guy being > > "behind the firewall" ...and his MAC address getting lost...and using my > > IP with a different MAC... > Phone your ISP and tell them to change your password. > Now your problem is to find out how he got your password. Telnet and
... And if your box was compromised, you need to consider re-installing from CD. No telling what they may have left behind.
-- Any technology distinguishable from magic is insufficiently advanced. (*) Linux Counter #80292 - - http://www.faqs.org/rfcs/rfc1855.html Please, don't Cc: me.
Message de Tim Southerwood (ts@dionic.net) (18 Juillet 2007)
Please, don't Cc: me.
