Forums | MacLife
You are not logged in.
#1 2005-10-01 7:12 am
- meytoh
- Member
- Registered: 2005-10-01
- Posts: 1
big internetwork security violation
scary scenario. via my isp (in china), my network was accessed while my firewall was off. my entire harddrive was put onto the network, as well as an 'auto-updating library' index that appeared to update itself (from my harddrive) as soon as i connected.
my harddrive (as appearing on the 'network' server) had been renamed and i had no authority to remove it ('insufficient privileges). !!!F*
worse, i only had 'read-only' access while the 'isp network' demon person who violated me, had 'read&write'.
in an attempt to reclaim my harddrive and entire personal identity, i inadvertently deleted the 'network' globe from 'finder' including what i believe was called 'automount'?
i now no longer have a 'network' globe in 'finder'.
1. do i still have a 'network' capability?
2. is it possible to re-icon / remount 'network' (once deleted) in finder?
3. how can i prevent a network spy in future? (not that it matters so much now because they've copied my entire harddrive. )
4. how is this possible at all? is it unique to OSX (backdoor security flaw)?
5. Can anyone at an isp provider access anyone's computer should they choose? (in free countries would this be considered illegal? )
thanks for any feedback and help.
bewildered and violated,
an expat in beijing
Offline
#2 2006-07-12 7:57 am
- beaverfever
- Learned, Impartial, and Very Relaxed
- From: Toronto
- Registered: 2003-01-16
- Posts: 1032
- Website
Re: big internetwork security violation
I can't believe nobody responded to this. I just happened to stumble upon this thread while doing a search for something else.
What happened? Did you get everything sorted out? Did you determine how someone gained control of your machine?
You may begin arguing Warnock's Dilemma now.
Offline
#3 2006-07-12 1:25 pm
- codesamurai
- Member
- From: United States
- Registered: 2000-07-29
- Posts: 811
- Website
Re: big internetwork security violation
Your computer will show up normally under /Network even if you're not sharing anything. It's only accessible to itself, so it's not really on the network in the way you're thinking.
It's not a "nework spy"; it's not a "backdoor."
The following is normal:
/Network/Library -> /automount/Library
/Network/Servers -> /automount/Servers
You may see something like this, which is also normal:
You can remake the /Network and /automount folders and their invariable contents... here's the permissions and link info you need:
drwxr-xr-x 1 root wheel /Network
lrwxr-xr-x 1 root wheel /Network/Library@ -> /automount/Library
lrwxr-xr-x 1 root wheel /Network/Servers@ -> /automount/Servers
drwxr-xr-x 4 root admin /automount
dr-xr-xr-x 1 root wheel /automount/Servers
dr-xr-xr-x 1 root wheel /automount/static
Some of that may be regenerated automatically... I don't know because I haven't played any deleting games, and I don't plan to anytime soon.
Now, with that said, that doesn't mean that you weren't violated (although, I strongly suspect this is not the case... really not even in the slightest... however, I feel obligated to ask these questions anyway...). Did you ever install any software from your ISP? Did you ever let a technician touch your computer? What was the exact name of the user or group in the permissions that had read/write access?
Last edited by codesamurai (2006-07-12 2:02 pm)
Offline
