Loading ...
Sorry, an error occurred while loading the content.

Re: [linuxham] Remote Access ??s

Expand Messages
  • Dave Wright
    Thanks David, We use our phones over the WiFi at home here, so I dont want to screw that up. The laptop is ok, I think I know it s address, and the Ubuntu
    Message 1 of 28 , Mar 1, 2012
    • 0 Attachment
      Thanks David,
      We use our phones over the WiFi at home here, so I dont want to screw that up. The laptop is ok, I think I know it's address, and the Ubuntu machine I think is good. I just disabled the remote desktop.
       
      If I knew more about networking and such, I think I would be ok, but I dont want to get into the router and start jazzing things up then go "Great...now what do I do?".
       
      A buddy of mine works in IT for a large corporation, so I have reached out to him for getting this system more secured. I guess if I have to change the password every 30 days, then I will.
       
      Thanks agai for everyone's input, bith encouraging and eye opening.
       
      Dave KB9MNM


       
      On Thu, Mar 1, 2012 at 11:34 AM, David A. Ranch <linuxham-fld@...> wrote:
       


      Every Linux, OSX, and even Windows etc. machine have network firewalls to keep out hostile attacks like this.  The difficulty is in how to effectively allow IN the good people such as yourself into your own machine.  The easiest way is to allow in these remote hosts is via allowing only *known* good static IP addresses but this is very constraining for mobile people who get different IP addresses all the time.  The next level up would be to allow all IPs to create a private VPN be it using technologies like SSH-based port forwarding, classic IPSEC, or more recent SSL-VPN based solutions.  These services are getting easier and easier to setup and many consumer "home wifi routers" in the $60 range now offer these technologies built in!

      As a final comment, one key point to make is that whenever people enable remote management, VPNs, whatever, you *have* to ensure the technology is  sound and maintained (don't use SSHv1 over SSHv2, don't use PPTP over IPSEC, don't use WEP over WPA2).  Your hardware or operating system doesn't support the secure versions... time to upgrade or you WILL eventually get hacked.  If you have to use passwords, ensure they are strong (using upper and lower case, punctuation, numbers, and make them at LEAST 12 characters long), etc.  For the strong security minded folks, stop using passwords consider the use of One Time Passwords (OTP).  Finally, follow strong security doctrine with layers of security using technologies like Port Knocking, etc.

      --David
      KI6ZHD







      I have, on at least 2 occasions, had someone trying to remote into my
      Ubuntu desktop. Is there anyway to hide my IP adderess or block them
      from getting into my machine? 
          
      You can either ensure that the service that supports this is not
      running, or you can only grant access to IP addresses that are local to
      you using firewall rules if you need that service. Exactly how you do
      that in Ubuntu I couldn't say, but it shouldn't be too hard to find out.
      
        




      --
      David Wright KB9MNM
      Public Information Officer
      Kendall County IL ARES
      Montgomery,IL 60538
       

    • qrv@kd4e.com
      In which operating system, Apple/Mac, Linux, or Microsoft does this work, please? ... -- Thanks! & 73, KD4E.com David Colburn nevils-station.com I don t google
      Message 2 of 28 , Mar 1, 2012
      • 0 Attachment
        In which operating system, Apple/Mac, Linux, or Microsoft does this
        work, please?

        > You may get a chance to catch them on your computer by typing the word
        > finger on the terminal . This command lets you know who is on your computer.
        > Rich/W7EET



        --

        Thanks! & 73, KD4E.com
        David Colburn nevils-station.com
        I don't google I SEARCH! duckduckgo.com
        Network: http://groups.yahoo.com/group/qrv
        Restored to design-spec at Heaven's gate 1Cor15:22
      • Rick Kunath
        ... http://en.wikipedia.org/wiki/Finger_protocol But most systems have the finger daemon shut off these days. Or should. Rick Kunath, k9ao
        Message 3 of 28 , Mar 1, 2012
        • 0 Attachment
          On 03/01/2012 03:04 PM, qrv@... wrote:
          > In which operating system, Apple/Mac, Linux, or Microsoft does this
          > work, please?
          >
          >> You may get a chance to catch them on your computer by typing the word
          >> finger on the terminal . This command lets you know who is on your computer.
          >> Rich/W7EET
          >
          >
          >

          http://en.wikipedia.org/wiki/Finger_protocol

          But most systems have the finger daemon shut off these days. Or should.

          Rick Kunath, k9ao
        • Dave Wright
          I have Ubuntu and installed Finger on it, and yes, it does give you a list of all who are logged in. From the treminal run: sudo apt-get install finger Should
          Message 4 of 28 , Mar 1, 2012
          • 0 Attachment
            I have Ubuntu and installed Finger on it, and yes, it does give you a list of all who are logged in. From the treminal run:

            sudo apt-get install finger

            Should work.

            Very neat

            Dave KB9MNM

            On Thu, Mar 1, 2012 at 2:04 PM, qrv@... <qrv@...> wrote:
             

            In which operating system, Apple/Mac, Linux, or Microsoft does this
            work, please?



            > You may get a chance to catch them on your computer by typing the word
            > finger on the terminal . This command lets you know who is on your computer.
            > Rich/W7EET

            --

            Thanks! & 73, KD4E.com
            David Colburn nevils-station.com
            I don't google I SEARCH! duckduckgo.com
            Network: http://groups.yahoo.com/group/qrv
            Restored to design-spec at Heaven's gate 1Cor15:22




            --
            David Wright KB9MNM
            Public Information Officer
            Kendall County IL ARES
            Montgomery,IL 60538
             

          • Marc Coevoet
            ... It dates from long back, when finger marcc@machine.zone.com meant trying to know if marcc was logged in ... http://en.wikipedia.org/wiki/Finger_protocol
            Message 5 of 28 , Mar 1, 2012
            • 0 Attachment
              Op 01-03-12 21:04, qrv@... schreef:
              > In which operating system, Apple/Mac, Linux, or Microsoft does this
              > work, please?
              >
              > > You may get a chance to catch them on your computer by typing the word
              > > finger on the terminal . This command lets you know who is on your
              > computer.
              > > Rich/
              >

              It dates from long back, when

              finger marcc@...

              meant trying to know if marcc was logged in ...

              http://en.wikipedia.org/wiki/Finger_protocol
              http://www.computerhope.com/unix/ufinger.htm


              After a "good" finger, you could start ..
              chat marcc@...


              Marc



              --
              The "Penguin" has arrived - and he's not going away - ever.
              What's on Shortwave guide: choose an hour, go!
              http://shortwave.tk
              700+ Radio Stations on SW http://swstations.tk
              300+ languages on SW http://radiolanguages.tk
            • Ed
              On Thu, 01 Mar 2012 21:17:59 +0100 Marc Coevoet wrote: Please do not CC anyone when posting to linuxham. Yahoo says its spam, so I have
              Message 6 of 28 , Mar 1, 2012
              • 0 Attachment
                On Thu, 01 Mar 2012 21:17:59 +0100
                Marc Coevoet <sintsixtus@...> wrote:


                Please do not CC anyone when posting to linuxham. Yahoo says its spam,
                so I have to go in and approve the message.

                Thanks

                Ed W3NR

                list moderator
              • Woodchuck
                ... Uninstall it and run the standard utility, w , that is already installed. Just type w to the command line. man w. Dave AB3NR
                Message 7 of 28 , Mar 1, 2012
                • 0 Attachment
                  On Thu, Mar 01, 2012 at 02:12:38PM -0600, Dave Wright wrote:
                  >
                  >
                  > I have Ubuntu and installed Finger on it, and yes, it does give you a list of
                  > all who are logged in. From the treminal run:
                  >
                  > sudo apt-get install finger
                  >
                  > Should work.
                  >
                  > Very neat
                  >
                  > Dave KB9MNM

                  Uninstall it and run the standard utility, "w", that is already
                  installed. Just type "w" to the command line. man w.

                  Dave AB3NR
                • Marc Coevoet
                  ... w will only give who is on the computer you re on ... Marc -- The Penguin has arrived - and he s not going away - ever. What s on Shortwave guide: choose
                  Message 8 of 28 , Mar 1, 2012
                  • 0 Attachment
                    Op 01-03-12 21:45, Woodchuck schreef:

                    > Uninstall it and run the standard utility, "w", that is already
                    > installed. Just type "w" to the command line. man w.
                    >

                    w will only give who is on the computer you're on ...


                    Marc


                    --
                    The "Penguin" has arrived - and he's not going away - ever.
                    What's on Shortwave guide: choose an hour, go!
                    http://shortwave.tk
                    700+ Radio Stations on SW http://swstations.tk
                    300+ languages on SW http://radiolanguages.tk
                  • Dave Wright
                    Ok, my buddy got everything straightened out for me. The router was set for WEP, so I moved it to WPA2 and a really strong password. Thanks for everyone s
                    Message 9 of 28 , Mar 1, 2012
                    • 0 Attachment
                      Ok, my buddy got everything straightened out for me. The router was set for WEP, so I moved it to WPA2 and a really strong password. Thanks for everyone's help.

                      Now, one other question:

                      How do you create a shortcut for a program to your desktop?

                      Thanks,
                      Dave

                      On Thu, Mar 1, 2012 at 2:56 PM, Marc Coevoet <sintsixtus@...> wrote:
                       

                      Op 01-03-12 21:45, Woodchuck schreef:



                      > Uninstall it and run the standard utility, "w", that is already
                      > installed. Just type "w" to the command line. man w.
                      >

                      w will only give who is on the computer you're on ...


                      Marc

                      --
                      The "Penguin" has arrived - and he's not going away - ever.
                      What's on Shortwave guide: choose an hour, go!
                      http://shortwave.tk
                      700+ Radio Stations on SW http://swstations.tk
                      300+ languages on SW http://radiolanguages.tk




                      --
                      David Wright KB9MNM
                      Public Information Officer
                      Kendall County IL ARES
                      Montgomery,IL 60538
                       

                    • Ed
                      On Thu, 1 Mar 2012 15:10:08 -0600 ... Right click on the desktop and choose Create Launcher. Ed W3NR
                      Message 10 of 28 , Mar 1, 2012
                      • 0 Attachment
                        On Thu, 1 Mar 2012 15:10:08 -0600
                        Dave Wright <kb9mnm@...> wrote:

                        > Ok, my buddy got everything straightened out for me. The router was
                        > set for WEP, so I moved it to WPA2 and a really strong password.
                        > Thanks for everyone's help.
                        >
                        > Now, one other question:
                        >
                        > How do you create a shortcut for a program to your desktop?
                        >
                        > Thanks,
                        > Dave

                        Right click on the desktop and choose Create Launcher.

                        Ed W3NR
                      • Brian Morrison
                        On Thu, 1 Mar 2012 15:10:08 -0600 ... But you should also ensure that you turn off unwanted services, and secure your machine using firewall and ssh. -- Brian
                        Message 11 of 28 , Mar 1, 2012
                        • 0 Attachment
                          On Thu, 1 Mar 2012 15:10:08 -0600
                          Dave Wright <kb9mnm@...> wrote:

                          > Ok, my buddy got everything straightened out for me. The router was set for
                          > WEP, so I moved it to WPA2 and a really strong password. Thanks for
                          > everyone's help.

                          But you should also ensure that you turn off unwanted services, and
                          secure your machine using firewall and ssh.

                          --

                          Brian Morrison

                          "I am not young enough to know everything"
                          Oscar Wilde
                        • Dave
                          I had him check the firewall and SSH and it was good. I removed all the unwanted virtual servers that were on the router. I secured the system using WPA2
                          Message 12 of 28 , Mar 1, 2012
                          • 0 Attachment
                            I had him check the firewall and SSH and it was good. I removed all the unwanted virtual servers that were on the router. I secured the system using WPA2 protocol. He said it should be good to go. The firewall is set to allow devices out but not in. Other than we are set.
                            --- In linuxham@yahoogroups.com, Brian Morrison <bdm@...> wrote:
                            >
                            > On Thu, 1 Mar 2012 15:10:08 -0600
                            > Dave Wright <kb9mnm@...> wrote:
                            >
                            > > Ok, my buddy got everything straightened out for me. The router was set for
                            > > WEP, so I moved it to WPA2 and a really strong password. Thanks for
                            > > everyone's help.
                            >
                            > But you should also ensure that you turn off unwanted services, and
                            > secure your machine using firewall and ssh.
                            >
                            > --
                            >
                            > Brian Morrison
                            >
                            > "I am not young enough to know everything"
                            > Oscar Wilde
                            >
                          • VA7OTC JD Erskine
                            ... Then make a visit to https://www.grc.com/default.htm and get Steve s robot to check your ports from outside your system or router. ShieldsUp! is OS
                            Message 13 of 28 , Mar 2, 2012
                            • 0 Attachment
                              On 01/Mar/12 08:32, David Kjellquist wrote:
                              > Check your router instructions and learn how to check/close ports. The
                              > only ports that should be open (aka allowing access) are the ones for
                              > services you're using. For example, port 80 is for http traffic. A real
                              > problem (though unlikely) is port 23 open for incoming traffic. Port 23
                              > is the telnet port allowing somebody to telnet to your router.
                              >
                              > Unless you want somebody in, you want to turn off (if on) all port
                              > forwarding in the router.
                              >
                              > All this should be described in the router instructions.

                              Then make a visit to https://www.grc.com/default.htm
                              and get Steve's robot to check your ports from outside your system or
                              router.

                              ShieldsUp! is OS agnostic, LeakTest is for MS Windows.

                              73, John
                              VA7OTC
                            • Richard Dowty
                              There one other thing I do when the computer sets on my desk resting. I click on the network icon (on your screen top right desktop) and turn off the internet
                              Message 14 of 28 , Mar 2, 2012
                              • 0 Attachment
                                There one other thing I do when the computer sets on my desk resting. I click on the network icon (on your screen top right desktop) and turn off the internet connection when not in use on the internet. This will help also and it keeps the computer from chirping on the internet and flagging saying, "here I am".
                                Rich/W7EET


                                From: VA7OTC JD Erskine <va7otc@...>
                                To: linuxham@yahoogroups.com
                                Sent: Friday, March 2, 2012 3:58 PM
                                Subject: Re: [linuxham] Remote Access ??s

                                 
                                On 01/Mar/12 08:32, David Kjellquist wrote:
                                > Check your router instructions and learn how to check/close ports. The
                                > only ports that should be open (aka allowing access) are the ones for
                                > services you're using. For example, port 80 is for http traffic. A real
                                > problem (though unlikely) is port 23 open for incoming traffic. Port 23
                                > is the telnet port allowing somebody to telnet to your router.
                                >
                                > Unless you want somebody in, you want to turn off (if on) all port
                                > forwarding in the router.
                                >
                                > All this should be described in the router instructions.

                                Then make a visit to https://www.grc.com/default.htm
                                and get Steve's robot to check your ports from outside your system or
                                router.

                                ShieldsUp! is OS agnostic, LeakTest is for MS Windows.

                                73, John
                                VA7OTC



                              • yrjo_1
                                ... I have used firestarter in Ubuntu as firewall program. It is easy to use and configure. Yrjö OH2GUF
                                Message 15 of 28 , Mar 3, 2012
                                • 0 Attachment
                                  --- In linuxham@yahoogroups.com, "Dave" <kb9mnm@...> wrote:
                                  >
                                  > Hi All,
                                  > I have, on at least 2 occasions, had someone trying to remote into my Ubuntu desktop. Is there anyway to hide my IP adderess or block them from getting into my machine?
                                  >
                                  > Thanks in advance,
                                  >
                                  > Dave KB9MNM
                                  >

                                  I have used firestarter in Ubuntu as firewall program. It is easy to use and configure.
                                  Yrjö OH2GUF
                                Your message has been successfully submitted and would be delivered to recipients shortly.