Alert

  • Creator
    Topic
  • #4267046

    Ubuntu 22.04 Networking Backdoor

    by tudorm9001 ·

    There appears to be a backdoor in some networking package that allows changing the networking settings, most probably the DNS settings of a Ubuntu computer via a malicious device connected to the same LAN, without establishibg a SSH connection.
    I can not identify the package that contains this backdoor, however this issue has occurred after a network failure which has also affected the router, which was running OpenWrt.
    Although the network is disconnected from the internet due to security reasons after this incident, the Ubuntu machine is somehow tricked to showing the network as being online. This change in behavior has occurred after the malicious network incident, without installing any packages or updates whatsoever on this computer, not even in the previous couple of months. This computer was only connected to the network *after* the malicious network incident has occurred.
    I totally exclude the possibility of another cause, as nobody had physical access to this computer, the disk is encrypted and the Ubuntu user password is very strong.
    I assume this is an intentional vulnerability which is hidden is some package and known to very few.

You are posting a reply to: Ubuntu 22.04 Networking Backdoor

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Comments

  • Author
    Replies
    • #4267063
      Avatar photo

      Reply To: Ubuntu 22.04 Networking Backdoor

      by kees_b ·

      In reply to Ubuntu 22.04 Networking Backdoor

      Yes, you wrote about the network failure in https://www.techrepublic.com/forums/discussions/possible-linux-backdoor-detected/ , but didn’t get any respons on that. However, let me note that it’s kind of improbable that a company you work for cooperating with your ISP will use an unknown vulnerability in Linux to hack and influence your network.

      Now turn off all devices in your LAN (including the router, of course).
      Then start your Ubuntu PC and log in. Anything unexpected? Tell us.
      Then start the router (disconnected from the Internet, for your security). Anything unexpected? Tell us.
      Then start all other devices in the LAN (you didn’t tell what devices this are), Anything unexpected? Tell us.
      Then connect the router to the Internet, Anything unexpected? Tell us.
      All fine? Then it seems to be solved.

    • #4267065

      Attempted sollution

      by tudorm9001 ·

      In reply to Ubuntu 22.04 Networking Backdoor

      The solution I am attempting is reflashing all OS system images for all devices in my network.
      I am not able to check the existence of the suspected backdoor as I am not a professional programmer. It is possible that I may be wrong. If a backdoor existed, I am by no means able to detect it or patch it. I am just reflashing eveything to recover functionality and reasonable reliability.
      The suspected source of attack was LAN, not WAN, so kees_b is right.

Viewing 1 reply thread