maypo Posted February 20, 2010 Posted February 20, 2010 Hey all. I am running Ubuntu 9.10 on a few boxes at home. Have Verizon Fios router, with wifi through the house, wpa2 with a random alphanumeric password, SSID broadcast turned off and MAC verification on. I was playing around with Ubuntu Remote Desktop, and turned it on on 1 box, allowing viewing and control of the box through Remote Desktop, thinking this was safe, as an intruder would have to get on the local network through the router firewall to hack the box. I was surprised to see that someone was able to get in and control the mouse and open some files on the box. I immediately closed down the box and inactivated Remote Desktop. Any ideas about safety/hackability?? I thought I was doing everything right and no one would have been able to easily get through wpa2. (I know the wifi doesn't extend to the curb, so was someone sitting in my backyard with a sniffer???). Any ideas are appreciated. Thanks, Maypo. Quote
digip Posted February 20, 2010 Posted February 20, 2010 If the pc itself was using wireless and you enabled something locally that didnt require a login(which I thought linux forces you to do anyway with just about any feature, especially uBuntu with sudo) then they could get in without the router and just via your wifi card as an adhoc network. More than likely though, someone got in through a flaw in your network, maybe even via the internet via router or browser exploit of some sort. Check your router has remote admin disabled and no funky dns settings or port forwarding has been changed as well as what services and ports are open on the uBuntu box. What other machines are on your network? Any windows boxes? Do they share the same passwords with the uBuntu box. If someone compromised another node on your network that shared the same passwords, they could have jumped machine to machine. Quote
beakmyn Posted February 20, 2010 Posted February 20, 2010 What about getting in through the FIOS? I've bee seeing increased activity on remote desktop/VNC port(s) scanning in my firewall logs. Quote
Charles Posted February 20, 2010 Posted February 20, 2010 By default the built-in VNC server on Ubuntu is disabled. If you enabled it without changing anything, it will not have a password, but will ask for yer permission if someone is trying to connect. VNC is pathetically insecure, unless you are tunneling it over something like SSH. Most of the stories I've heard of people being hacked was due to them accidentally or purposely exposing VNC to the internet. Check the firewall on yer router and make sure there are no ports forwarded that aren't supposed to be. Quote
digip Posted February 20, 2010 Posted February 20, 2010 There are also some 0-days for certain linux kernels and distros, so be aware of that as well. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.