Announcement

Collapse
No announcement yet.

Someone turned my desktop into a server

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 5
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 4 5 template Next
    #1

    Someone turned my desktop into a server

    Here are the symptoms I have noticed. There are 3 keyboards, 2 mice listed in bios, today when I turned on my rig, only 1 keyboard, 1 mouse was listed, as is per normal and I could not control my rig until I unplugged ethernet cable and reflashed bios. My HDDs have been softraided5, I am unlucky to have 3 x2 of the same kind of HDDs. I have tried reinstall, clr bios, reinstall bios. I did find a Huawei module running 3g/4g, which would might mean that someone physically broke into my small apt, only 2 occupants and the other is too old to accomplish this, for remote control. What do I do. I am worried what they might be using it for. I am getting a lot of hits from Saudi Arabia and Middle East via netstat. I am located in Eastern Europe. Also I am unable to locate the device which shows up as *generic storage* in my bios under HDDs. I am an American Citizen if this helps any.

    This is after 5 mins on turning my computer on and coming here

    netstat -s
    Ip:
    6473 total packets received
    0 forwarded
    0 incoming packets discarded
    6421 incoming packets delivered
    5941 requests sent out
    12 dropped because of missing route
    Icmp:
    0 ICMP messages received
    0 input ICMP message failed.
    ICMP input histogram:
    1 ICMP messages sent
    0 ICMP messages failed
    ICMP output histogram:
    destination unreachable: 1
    IcmpMsg:
    OutType3: 1
    Tcp:
    205 active connections openings
    2 passive connection openings
    66 failed connection attempts
    1 connection resets received
    1 connections established
    6266 segments received
    5633 segments send out
    151 segments retransmited
    2 bad segments received.
    127 resets sent
    Udp:
    236 packets received
    1 packets to unknown port received.
    0 packet receive errors
    237 packets sent
    UdpLite:
    TcpExt:
    40 TCP sockets finished time wait in fast timer
    137 delayed acks sent
    Quick ack mode was activated 3 times
    1 packets directly queued to recvmsg prequeue.
    1460 bytes directly received in process context from prequeue
    3737 packet headers predicted
    1 packets header predicted and directly queued to user
    764 acknowledgments not containing data payload received
    521 predicted acknowledgments
    2 timeouts in loss state
    19 other TCP timeouts
    TCPLossProbes: 12
    3 DSACKs sent for old packets
    12 connections reset due to unexpected data
    12 connections aborted due to timeout
    TCPSackShiftFallback: 1
    TCPRcvCoalesce: 647
    TCPOFOQueue: 223
    TCPChallengeACK: 2
    TCPSYNChallenge: 2
    TCPAutoCorking: 105
    TCPSynRetrans: 34
    TCPOrigDataSent: 1831
    IpExt:
    InMcastPkts: 78
    OutMcastPkts: 42
    InOctets: 7483980
    OutOctets: 868837
    InMcastOctets: 6043
    OutMcastOctets: 4831
    InNoECTPkts: 8436
    Last edited by raffytaffy; Oct 22, 2014, 08:48 AM.
    Tags: None
    • Top
    • Bottom
    #2
    Pictures are worth 100,000,000,000 words here.
    If you are still concerned, grab a camera and take pics of the bios settings screens you are seeing
    If you have a peripheral inside your computer, remove it, take pictures of it.
    (what are your system specs? Are you sure that this computer did not come with a 3g/4g card?)

    netstat, I can't decipher.others in here can do that, I am sure. However, if you have email, instant messaging, and receive update notifications, you are going to have traffic at login - especially if you use Kmail, Kontact's calendar, etc. Heck the default clock on the panel goes online to check for calendar events and holiday info.

    Now as to someone breaking into your place, opening the computer, and installing hardware...... I dunno . Why would someone go to the trouble? a botnet of compromised Windows boxes are actually cheaper and easier to deal with for most nefarious activities.

    I think taking plenty of pictures of the bios settings, etc, would be a huge aid in helping here, as well as computer model and specs
    • Top
    • Bottom

    Comment

      #3
      Sure thing on the computer specs , pics will come in a few minutes.
      CPU : AMDfx8350
      MOBO : ASUS Sabertooth 990fx r2.0
      GPU : ASUS GTX-780-DC2OC-3GD5
      PSU : Corsair RM 750
      RAM: Mushkin 16gb 2x8 1600 9-9-9-24-33-T2
      Raid SATA III 6GB/s 4-port PCI-e Controller Card, Marvel 88SE9215 chipset ( Ran out of SATA3 ports for HDDs)
      OS HDD - Crucial 2.5inch M4 070H Firmware
      System HDDs
      4x Samsung 2tb ST2000DM001-1CH164
      1x WD WDC WD20EARX-00PASB0 - 2tb
      1x WD WDC WD1002FAEX-00Z3A0 - 1tb
      1x WD WDC WD20EARX-008FB0 - 2tb
      1x WD WDC WD10EARS-00Y5B1 - 1tb

      I am disabled so I watch a lot of movies in case anyone wonders why I have all these drives. I believe the Samsung were used to softraid5 as to my understanding you need 3 correct?
      • Top
      • Bottom

      Comment

        #4
        Click image for larger version Name: IMG_2001.jpg Views: 1 Size: 52.2 KB ID: 642532Click image for larger version Name: IMG_2002.jpg Views: 1 Size: 47.9 KB ID: 642533Click image for larger version Name: IMG_2003.jpg Views: 1 Size: 63.6 KB ID: 642534Click image for larger version Name: IMG_2004.jpg Views: 1 Size: 59.7 KB ID: 642535Click image for larger version Name: IMG_2005.jpg Views: 1 Size: 49.3 KB ID: 642536 Last picture here worries me.
        Last edited by raffytaffy; Oct 22, 2014, 02:03 PM.
        • Top
        • Bottom

        Comment

          #5
          Click image for larger version Name: IMG_2006.jpg Views: 1 Size: 51.6 KB ID: 642537Click image for larger version Name: IMG_2007.jpg Views: 1 Size: 73.3 KB ID: 642538Click image for larger version Name: IMG_2008.jpg Views: 1 Size: 49.8 KB ID: 642539Click image for larger version Name: IMG_2009.jpg Views: 1 Size: 55.2 KB ID: 642540Click image for larger version Name: IMG_2010.jpg Views: 1 Size: 46.9 KB ID: 642541
          • Top
          • Bottom

          Comment

            #6
            Click image for larger version Name: IMG_2011.jpg Views: 1 Size: 58.3 KB ID: 642542Click image for larger version Name: IMG_2012.jpg Views: 1 Size: 66.8 KB ID: 642543Click image for larger version Name: IMG_2013.jpg Views: 1 Size: 55.8 KB ID: 642544Click image for larger version Name: IMG_2014.jpg Views: 1 Size: 46.3 KB ID: 642545Click image for larger version Name: IMG_2015.jpg Views: 1 Size: 50.3 KB ID: 642546

            I apologize for taking up this many posts but it allows me 5 pics per post.
            • Top
            • Bottom

            Comment

              #7
              I did not include boot device 1 and 2 as that is obvious, OS drive is 1, DVDRW is 2, 3 is turned off. Click image for larger version Name: IMG_2000.jpg Views: 1 Size: 64.1 KB ID: 642547 What is microcode patch level 60000822, I can't recall seeing that before all this happened.
              Last edited by raffytaffy; Oct 22, 2014, 02:57 PM.
              • Top
              • Bottom

              Comment

                #8
                Duplicate, sorry.
                Last edited by raffytaffy; Oct 22, 2014, 02:59 PM.
                • Top
                • Bottom

                Comment

                  #9
                  • Top
                  • Bottom

                  Comment

                    #10
                    Originally posted by johndoe View Post
                    [ATTACH=CONFIG]5402[/ATTACH] Last picture here worries me.
                    Have you tried plugging in a different keyboard to see if it shows anything differently? Actually, it might be worthwhile unplugging all usb devices if possible, and seeing what happens as you add them back one by one,

                    Also, running the command "lsusb" will show info better about the hardware connected via usb. I'm no expert on modern bios/uefi stuff, but other than it showing 3 different keyboards connected, I don't see anything amiss.


                    Sent from my Verizon HTC Droid DNA Android smartphone running ViperRom Kit Kat, using Tapatalk, like all that really matters
                    • Top
                    • Bottom

                    Comment

                      #11
                      Code:
                      lsusb
Bus 003 Device 003: ID 048d:1336 Integrated Technology Express, Inc. SD/MMC Cardreader
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 013 Device 004: ID 12ba:0040 Licensed by Sony Computer Entertainment America 
Bus 013 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 009 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 006 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 012 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 005: ID 09da:5f74 A4 Tech Co., Ltd 
Bus 002 Device 004: ID 046d:c229 Logitech, Inc. 
Bus 002 Device 003: ID 046d:c228 Logitech, Inc. 
Bus 002 Device 002: ID 05e3:0607 Genesys Logic, Inc. Logitech G110 Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 011 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 010 Device 002: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Bus 010 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
                      I have a logitech g19, yet it has a g110 hub, this is my second logitech 19 and when i opened it up, I saw that the powered USB hub was different than the previous one, much smaller. I have the old one still.
                      • Top
                      • Bottom

                      Comment

                        #12
                        lsmod is more worrying, I have nothing bluetooth related yet there is a module loaded.

                        Code:
                        lsmod
Module                  Size  Used by
nls_iso8859_1          12713  0 
snd_hda_intel          30683  17 
snd_hda_codec_hdmi     48243  1 
ip6t_REJECT            12978  1 
xt_hl                  12521  6 
ip6t_rt                13537  3 
eeepc_wmi              13151  0 
asus_wmi               24697  1 eeepc_wmi
sparse_keymap          13890  1 asus_wmi
nf_conntrack_ipv6      18946  8 
video                  20521  1 asus_wmi
nf_defrag_ipv6         34934  1 nf_conntrack_ipv6
mxm_wmi                13021  0 
ipt_REJECT             12579  1 
xt_LOG                 17830  10 
xt_limit               12711  13                                                                                                                    
xt_tcpudp              12924  30                                                                                                                    
xt_addrtype            12713  4                                                                                                                     
crct10dif_pclmul       14268  0 
snd_seq_midi           13564  0 
nf_conntrack_ipv4      14857  8 
snd_seq_midi_event     14899  1 snd_seq_midi
nf_defrag_ipv4         12758  1 nf_conntrack_ipv4
crc32_pclmul           13180  0 
snd_rawmidi            31197  1 snd_seq_midi
ghash_clmulni_intel    13230  0 
xt_conntrack           12760  16 
aesni_intel           152648  0 
aes_x86_64             17131  1 aesni_intel
lrw                    13323  1 aesni_intel
ip6table_filter        12815  1 
gf128mul               14951  1 lrw
ip6_tables             27504  1 ip6table_filter
glue_helper            14095  1 aesni_intel
ablk_helper            13597  1 aesni_intel
cryptd                 20531  3 ghash_clmulni_intel,aesni_intel,ablk_helper
nf_conntrack_netbios_ns    12665  0 
nf_conntrack_broadcast    12589  1 nf_conntrack_netbios_ns
nf_nat_ftp             12825  0 
nf_nat                 26308  1 nf_nat_ftp
nf_conntrack_ftp       18715  1 nf_nat_ftp
nf_conntrack          105687  8 nf_nat_ftp,nf_conntrack_netbios_ns,nf_nat,xt_conntrack,nf_conntrack_broadcast,nf_conntrack_ftp,nf_conntrack_ipv4,nf_conntrack_ipv6
iptable_filter         12810  1 
snd_seq                63540  2 snd_seq_midi_event,snd_seq_midi
ip_tables              27718  1 iptable_filter
serio_raw              13483  0 
x_tables               34194  13 ip6table_filter,xt_hl,ip_tables,xt_tcpudp,xt_limit,xt_conntrack,xt_LOG,iptable_filter,ip6t_rt,ipt_REJECT,ip6_tables,xt_addrtype,ip6t_REJECT
snd_seq_device         14497  3 snd_seq,snd_rawmidi,snd_seq_midi
k10temp                13191  0 
edac_core              57103  0 
fam15h_power           13189  0 
edac_mce_amd           22753  0 
joydev                 17587  0 
snd_hda_codec_ca0132    54853  1 
snd_hda_codec_realtek    73695  1 
nvidia              11070238  39 
snd_hda_codec_generic    70087  1 snd_hda_codec_realtek
sp5100_tco             14134  0 
i2c_piix4              22311  0 
snd_hda_controller     35518  1 snd_hda_intel
snd_hda_codec         144889  6 snd_hda_codec_realtek,snd_hda_codec_hdmi,snd_hda_codec_generic,snd_hda_intel,snd_hda_controller,snd_hda_codec_ca0132
snd_hwdep              17709  1 snd_hda_codec
bnep                   19884  2 
rfcomm                 75114  0 
snd_pcm               105052  4 snd_hda_codec_hdmi,snd_hda_codec,snd_hda_intel,snd_hda_controller
snd_timer              30118  2 snd_pcm,snd_seq
bluetooth             467228  10 bnep,rfcomm
6lowpan_iphc           18968  1 bluetooth
snd                    84025  46 snd_hda_codec_realtek,snd_hwdep,snd_timer,snd_hda_codec_hdmi,snd_pcm,snd_seq,snd_rawmidi,snd_hda_codec_generic,snd_hda_codec,snd_hda_intel,snd_seq_device,snd_hda_codec_ca0132
tpm_infineon           17169  0 
soundcore              15091  2 snd,snd_hda_codec
drm                   316819  3 nvidia
wmi                    19379  2 mxm_wmi,asus_wmi
parport_pc             32906  0 
mac_hid                13275  0 
ppdev                  17711  0 
it87                   47434  0 
hwmon_vid              12827  1 it87
lp                     17799  0 
parport                42481  3 lp,ppdev,parport_pc
hid_generic            12559  0 
usbhid                 53122  1 
hid                   110572  2 hid_generic,usbhid
uas                    27672  0 
usb_storage            67010  1 uas
psmouse               113097  0 
r8169                  73316  0 
mii                    13981  1 r8169
ohci_pci               13570  0 
ahci                   30167  11 
libahci                32533  1 ahci
                        • Top
                        • Bottom

                        Comment

                          #13
                          Originally posted by johndoe View Post
                          lsmod is more worrying, I have nothing bluetooth related yet there is a module loaded.
                          Don't worry about that. I believe that is loaded so that those with bt keyboards and mice can be able to actually use them before the whole OS loads. I have the same modules loaded on my 2 laptops and PC, and only one has bt. One can blacklist modules to keep them from loading, if that is a worry.
                          • Top
                          • Bottom

                          Comment

                            #14
                            Originally posted by johndoe View Post
                            Code:
                            lsusb
Bus 003 Device 003: ID 048d:1336 Integrated Technology Express, Inc. SD/MMC Cardreader
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 013 Device 004: ID 12ba:0040 Licensed by Sony Computer Entertainment America 
Bus 013 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 009 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 008 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 007 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 006 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 012 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 002 Device 005: ID 09da:5f74 A4 Tech Co., Ltd 
[U][B][COLOR=#008000]Bus 002 Device 004: ID 046d:c229 Logitech, Inc. 
Bus 002 Device 003: ID 046d:c228 Logitech, Inc. 
Bus 002 Device 002: ID 05e3:0607 Genesys Logic, Inc. Logitech G110 Hub[/COLOR][/B][/U]
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 011 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 010 Device 002: ID 051d:0002 American Power Conversion Uninterruptible Power Supply
Bus 010 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 004 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
                            I have a logitech g19, yet it has a g110 hub, this is my second logitech 19 and when i opened it up, I saw that the powered USB hub was different than the previous one, much smaller. I have the old one still.
                            I'll wager that these are what the bios is seeing as 3 keyboards.
                            From what I've seen via brief googling, a bios seeing multiple keyboards is not that uncommon.
                            • Top
                            • Bottom

                            Comment

                              #15
                              Originally posted by johndoe View Post
                              I did not include boot device 1 and 2 as that is obvious, OS drive is 1, DVDRW is 2, 3 is turned off. [ATTACH=CONFIG]5417[/ATTACH] What is microcode patch level 60000822, I can't recall seeing that before all this happened.
                              microcode is sort of like a firmware for cpus
                              • Top
                              • Bottom

                              Comment

                              Previous 1 2 3 4 5 template Next
                              Working...
                              X