Mailinglist Archive: opensuse (911 mails)

< Previous Next >
Re: [opensuse] Have I been hacked or "visited"? seccheck and rkhunter outputs
* Greg Freemyer <greg.freemyer@xxxxxxxxx> [12-24-15 13:48]:
On Thu, Dec 24, 2015 at 8:56 AM, Patrick Shanahan <paka@xxxxxxxxxxxx> wrote:
* stakanov@xxxxxxxxxx <stakanov@xxxxxxxxxx> [12-24-15 07:18]:
[...]
Somebody who does not want to use "remote" at all. What can he do to
un-install every remote package. The problem is that if you un-install
openssh a lot of applications of kde seemed to complain.
[...]

So don't "uninstall", just don't open the firewall ports.

No open ports, no external access. Now only physical access is a problem.


For completeness:

A modern malware attack often uses a reverse tunnel.

ie. malware gets on the machine via a phishing attack or an infected website.

Once on your machine it establishes outbound connections to a command
and control site that tells it what to do.

No inbound connections are needed so a traditional firewall blocking
incoming posts has no effect.

I would guess the majority of infections today happily ignore inbound
firewalls.


iow, the *only* _safe_ computer is one in an inaccessable location without
any means of power.


--
(paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri
http://en.opensuse.org openSUSE Community Member facebook/ptilopteri
http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2
Registered Linux User #207535 @ http://linuxcounter.net
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >