[Novalug] Re: Novalug Digest, Vol 8, Issue 44

John Warren jpwarren00 at gmail.com
Thu Jun 21 11:57:17 EDT 2007 

On 6/20/07, D Rider <twigboy2 at gmail.com> wrote:
>
> >
> >
> > Message: 9
> > Date: Wed, 20 Jun 2007 21:24:25 -0400
> > From: "John Warren" < jpwarren00 at gmail.com>
> > Subject: Re: [Novalug] Weird wireless wonders
> > To: novalug at calypso.tux.org
> > Message-ID:
> >         <
> f8996bea0706201824h5ce08c37x46e9076ac51c7b07 at mail.gmail.com>
> > Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> >
> > Yep, obviously a case of Big Brother.  You wouldn't happen to have
> > WINE running on the Ubuntu rig?
> >
> > -John
> > ------------------------------
> >
> > Message: 10
> > Date: Wed, 20 Jun 2007 21:24:56 -0400
> > From: Ed James <edjames at greenbelt.com >
> > Subject: Re: [Novalug] Weird wireless wonders
> > To: novalug at calypso.tux.org
> > Message-ID:
> <20070620212456.u2hayebgbocswowc at 207.154.28.15 >
> > Content-Type: text/plain;       charset=ISO-8859-1;     DelSp="Yes";
> >         format="flowed"
> >
> > I have to ask the obvious question, are you SURE that in both cases,
> > that "the other network" was the same network, and not just two
> > different networks that happened to have the same name?  As in,
> > perhaps two unrelated WAPs were set up using default names?
> >
> > Ed James
> >
>
> No, I haven't run WINE.
>
> The other network was my car dealership and named accordingly and my network
> is named by me -- no default in either case.
>

Let's rule out all the vectors and in doing so improve the
understanding of the environment.

*  Do you use a USB drive on both latops?

*  Is their active server software installed on both laptops?  If so,
which servers, what versions and why?

* Do you run Hamachi on any of your machines?

*  Is your XP laptop set up for SSH?

*  Likewise, is the SSH port opened on your Ubuntu rig?

*  Do you have a file server set up on a fully authenticated domain?

*  Has the XP laptop ever had a virus/spyware infection that was very
hard to remove (as in you find and delete the infected files and then
a week later your infected again)?

*  Do you use IRC or any other kind of chat software?

*  Do you use file sharing software?  And if so, what kind on which
machines and what networks?

*  Do you use any warez on both your Ubuntu rig and your XP laptop?

*  Do you use a web based service from both your Ubuntu rig and XP
laptop?  If so, what service, and how often?

If the answer is "no" to all of these then I'd recommend backing up
the Ubuntu rig, reinstalling and immediately (before accessing the
net) install tripwire and get it running.  Then run tripwire after the
online update and after reloading the data.  If that comes up with the
core files still clean, then I'm at a loss.


NOTE:  Yes, I'm paranoid when it comes to little things like this.
You would be too if you ever had to remove an OS neutral BIOS virus.

-John

More information about the Novalug mailing list