Best Password safety?[RESOLVED VIA IRC CHAT]

RickSMO

Question, besides using a strong password (caps, lower case, numbers, and symbols 8 chars or longer)

What else is everyone using, or would recommend? I have some concerns regarding some of the options to stay safe.

I am actively under attack, and would like to at least keep my passwords safe while I work on the rest.

The Key Ring:

Don't feel very comfortable having all my passwords in one spot, are these safe? Would seem if there was a key ring where I could use my mouse to type in the password, that should be safe. Or is it possible to use a keyring for your keyring password? I'm not sure what I should do here.

Other options... not sure.

What is out there these days, what should I be using, and what do you guys use? I need different (or the same if they work on both) solutions for ubuntu 10.10 and windows 7 on the same system.

Free is a requirement due to my current budget.

Notes from irc chat:

dd-wrt.com (to flash the router and change the router OS, will still route, plus allows more security features)

SELinux (Fedora kernal is built around this so you can simply use Fedora, or configure it yourself on a different distro such as ubuntu, but if configured wrong, it makes your system more vulnerable then if you never had it to begin with, reason to have it: even root does not have full control, making attacks more difficult. )

http://www.avira.com (Windows Anti-Virus)

Spybot Search and Destroy (Windows anti spyware)

http://townx.org/simple_firewall_for_ubuntu_using_iptables (will allow all out going, or client initiated incoming connections, will need to be re-configured for samba and some other programs tho)

mfillpot

Honestly I don't trust any consolidated password applications, I use no keyring or password tools and never have my browser save any passwords. All password that I use are stored only in my mind. I even go the extra mile and constantly flush my cookies and browsing history after each session.

Goineasy9

I'm wondering if your computer is attached directly to the modem, or, are you attached to a router? If your attached to a router, turn on the logs and look at them and see if you can identify what's being done. You're passwords in Linux are encrypted, so, unless your using a password that can be found in a dictionary (and it doesn't seem like you are) you shouldn't really worry about your passwords. In fedora I have /var/log/secure.log that will show me if anyone is trying something funny. The logs on the router can tell you what addresses are trying to gain access.
If your using ssh, you can disable that in your distros firewall, and depending on what router your using, you can disable features that allow certain types of access from outside. One sure way to batten down the hatches is to only allow access to your local network to those boxes that have the MAC address listed in the allowed section in the router setup. If you can identify the IP address of the box trying to attack you, you can add it to the disallowed section in your router setup.

Beyond that, we'd need more specific info on your home network setup and what brand of router your using, and what security you have working already.

RickSMO

If I had a key logger put on my system it won't help me at all, also as far as checking the router I am having difficulty, finding nothing but other people saying it doesn't work like its supposed to on the router I have. Linksys WRT54G. Looking into IPCop hoping I can figure it out.

RickSMO

My firewall is going nuts right now.

Time:Jun 26 17:41:09 Direction: Unknown In:eth0 Out: Port:3724 Source:174.5.97.216 Destination:192.168.1.101 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:41:09 Direction: Unknown In:eth0 Out: Port:3724 Source:72.46.217.247 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:41:13 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:41:15 Direction: Unknown In:eth0 Out: Port:3724 Source:72.46.217.247 Destination:192.168.1.101 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:41:16 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:42:23 Direction: Unknown In:eth0 Out: Port:3724 Source:74.64.126.28 Destination:192.168.1.101 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:43:29 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:44:45 Direction: Unknown In:eth0 Out: Port:3724 Source:72.197.202.148 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:45:10 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:46:27 Direction: Unknown In:eth0 Out: Port:3724 Source:173.57.189.220 Destination:192.168.1.101 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:47:10 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:47:39 Direction: Unknown In:eth0 Out: Port:3724 Source:68.224.172.50 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:48:12 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:48:59 Direction: Unknown In:eth0 Out: Port:3724 Source:72.39.73.230 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:49:23 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:49:23 Direction: Unknown In:eth0 Out: Port:3724 Source:98.246.48.174 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:49:26 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:49:26 Direction: Unknown In:eth0 Out: Port:3724 Source:98.246.48.174 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:49:32 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:51:29 Direction: Unknown In:eth0 Out: Port:3724 Source:122.201.44.23 Destination:192.168.1.101 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:51:56 Direction: Unknown In:eth0 Out: Port:3724 Source:76.104.25.143 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:52:03 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:52:03 Direction: Unknown In:eth0 Out: Port:3724 Source:76.104.25.143 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:52:06 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:52:07 Direction: Unknown In:eth0 Out: Port:3724 Source:76.104.25.143 Destination:192.168.1.101 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:52:12 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 17:56:51 Direction: Unknown In:eth0 Out: Port:3724 Source:98.246.48.174 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 18:00:15 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 18:00:49 Direction: Unknown In:eth0 Out: Port:3724 Source:70.72.59.170 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 18:01:26 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 18:01:43 Direction: Unknown In:eth0 Out: Port:3724 Source:213.46.202.122 Destination:192.168.1.101 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jun 26 18:04:07 Direction: Unknown In:eth0 Out: Port:3724 Source:116.231.115.237 Destination:192.168.1.101 Length:64 TOS:0x00 Protocol:TCP Service:Unknown

RickSMO

Found my router log, it was disabled. Will let you know if I find anything interesting on it.

RickSMO

I blocked the port, I read its common for world of warcraft, other blizzard games, and trojans.

I blocked it on my router, also figured out how the log files work on it. I'll see how it goes from here.

RickSMO

to answer your question GoinEasy

Cable modem conntected to Linksys WRT54G router which runs DHCP for 3 PCs, one printer on a static address. All connections are wired with the wireless option enabled with a different password then the rest.


The IP address coming in is different every time, I blocked the port at my firewall but its still being allowed in, my firewall on my PC is getting hit still by the same port.

RickSMO

ok now it should be blocked, i added in the policy to block the port but didn't select to do it afterwards. Lets see what happens now.

RickSMO

For some reason i'm unable to successfully block this port, however since that was the case, I am now forwarding that port to a IP Address that isn't being used currently. My PC seems ok for the moment, at least the requests are going into a blank space on my network.

RickSMO

It seems someone may be actively behind this as we speak, because now I am getting hit by multiple ports, none of them common.

Goineasy9

I'm hoping one of the network guru's that visit the forum can look at the output from your firewall, they may be able to recognize something. You can always run apps like top, or htop or iotop and watch what apps/tasks are running and see if something strange/unidentifiable can be found. The app iotop shows if anything is being written or read from the HD.

mfillpot

It looks like you want more than key security. I would like to talk to you on the IRC forum tomorrow night so we can diagnose the issue once and for all. I have the same router, so that can help. But also we will need to know if you are using a tool for your firewall or just using an iptables script.

In addition I would recommend flashing your router with dd-wrt so the default linksys trash can be removed and you can have reliable filtering.

marc

mfillpot wrote:

It looks like you want more than key security. I would like to talk to you on the IRC forum tomorrow night so we can diagnose the issue once and for all. I have the same router, so that can help. But also we will need to know if you are using a tool for your firewall or just using an iptables script.

In addition I would recommend flashing your router with dd-wrt so the default linksys trash can be removed and you can have reliable filtering.

I agree, solving this in forums might be a little difficult. If you feel up to it, we can gather at the #linuxdotcom channel on irc.linux-foundation.org.

My server is always connected, if I'm there just type my name and I'll get a notification

Regards

RickSMO

That would be great, what time frame should I connect to the server?

Goineasy9

I guess Matt will answer with a time. I'm in the IRC channel 24/7, but rarely monitor it. Maybe I'll set up notifications with sound, I'd like to watch/contribute to the discussion also.

mfillpot

Rick, mark and tom,
Can we meet in #linuxdotcom on irc.linuxfoundation.org at 10 pm eastern time tonight?

RickSMO

Yes we can do that, Also I found the chat room. I'll be there at 9pm central (10pm est)

marc

RickSMO wrote:

Yes we can do that, Also I found the chat room. I'll be there at 9pm central (10pm est)

Woww Sorry guys I wasn't there but here in Barcelona it was about 4am and, obviously, I was sleeping as I tend to get up at 6-7 am....

I'll read the logs tonight when I get home and see what happened

Regards

RickSMO

no worries but still would like your input, so please let me know anything additional you'd like to add.