# Security questions...

## Kobin

Do I need to think about some extra security if I want to connect to a public access point?

I ask because the other day I connected to the internet on a hotel. In the beginning everything worked well, but after a while my apps started crashing. I don't know if this could be caused by something else, but I have only had this problem the one day when I was connected there. At home there have been no problems like this.

I tried to launch different apps like firefox gnome-terminal vlc and nautilus before connecting to the internet and everything seemed to work fine, but after connecting they took maybe 20 times longer to start up and crashed afterwards most of the time.

I have installed Gentoo from the minimal install cd using the 2007.0/desktop profile, and I have done nothing extra for security like firewall or anything.

I am going to read about firewall at some point, but I am new to Gentoo so I am learning one step at a time.

I use ndiswrapper with my Broadcom card.

I am also considering if I should reinstall to be on the safe side. I don't enough about this, but I am afraid if something had access to my computer...

----------

## Hu

Firewalls are often a good step, but if you do not have any services listening, then there is typically no extra protection from using a firewall.  Use netstat --numeric --programs --tcp --udp --listening to list all listening TCP and UDP sockets.  This can be abbreviated as netstat -nptul.

Frequent application crashes are a bad sign, but could be an indication of a hardware or kernel problem, rather than an attack.  Most modern attackers try not to crash applications, since crashes could alert the user that an attack is occurring.

Do you use wireless at home as well?  Did you ever encounter any kernel panics?  What version of the kernel are you using?  You mention ndiswrapper, so my first guess would be that you have loaded an unstable proprietary module that is causing kernel memory corruption.  If you use wireless at home, then this potential cause is much less likely.

If you believe that your system may have been compromised, you should reinstall from the CD as soon as possible.  Assume that any file on the system could have been replaced by an attacker and cannot be trusted to assist in installing a clean image.  That said, if you have put a substantial amount of work into the system or are not sure, you could try to check the system for signs of intrusion before you wipe it.  I strongly suggest booting from read only trusted media in that case as well and use only tools from the trusted media to verify your installation.  That avoids the opportunity that a compromised program could lie about its state.  If you want to perform a forensic analysis, post back for more information.  There are a number of users here who can provide more detailed advice about what to examine and how to examine it.

----------

## Kobin

I use wireless at home as well, and I have not experienced any crashes of any kind. It was only this one day. It happened a few seconds after doing "dhcpcd wlan0". After maybe one hour it stopped and there were no problems again.

I remember that the last thing I did was to enable gdm and reboot, and when I connected again the problems started. I rebooted a few times to see if the problems would continue, and they did.

Could this just be a problem of the connection not being strong enough, could that really cause other apps to crash.

Of course I would like to learn more about detecting security problems, but maybe for now it is better to reinstall to be sure, if it might be a security issue. But it is anoying since it will take about 2 days for me to compile everything.

One question:

I have been connected to my router at home a few times since this happened. Do I need to worry about security on my other computers? I have no sharing enabled or printers or anything...

I am using the 2.6.24 kernel...

----------

## Kobin

Even if no one has any idea what could have been happening here, I would still like to learn more about security....

Do you know any good reading on the subject?

The most I have found on the internet has focused on telling about problems but not really on how to fix or avoid them and they always talk about servers. I want to know more about securing my laptop (desktop-replacement).

So do you have any good recommendations?

Even just general reading on security would be nice...

----------

## Hu

A weak connection could cause you to lose network connections.  Some applications do not handle that well, but you were using well known applications that, as far as I know, handle such loss gracefully.  If the weak connection were a problem, it would likely be that the weak connection caused your wireless driver to malfunction and corrupt system memory.  I consider that to be unlikely as well, as otherwise we should have seen more reports from Broadcom users that weak connections cause problems.

In theory, anything your computer can reach could also have been reached by an attacker, if he or she established a foothold on the system.  That includes capturing traffic sent by the switch, listening to any wireless traffic, and logging keystrokes.  In practice, I doubt that you would have a random encounter with an attacker determined enough to do all that.

As regards to security reading, you could start by reading about Hardened Gentoo.  I suggest you follow all the links from that page before deciding which, if any, you want to use in securing your system.  There are several competing choices.

----------

