IP security tools for Puppy?

[edmont]

I had a call from someone claiming to be from a telecom corporation, haven't
checked this yet.

He got me to install teamviewer, on windows, then he went through a process that
involved my logging in to various websites; using my passwords.
During this he had some control of my computer.

When we reached my main bank account I balked and eventually shut down
my computer and restarted in Linux.
Even when using Bionic Dog, on a USB stick, there were a few ip addresses that
went overseas from my personal ip address.
I used the linux equivalent of netstat, and something called zen gui, for that.

So I'm wondering if there are any linux tools to delete unwanted ip routes and
show what is at the end of these.
Awhile ago there was mention of a puppy linux tailored for the internet.

[s243a]

I had a call from someone claiming to be from a telecom corporation, haven't
checked this yet.

He got me to install teamviewer, on windows, then he went through a process that
involved my logging in to various websites; using my passwords.
During this he had some control of my computer.

Were you running windows in a Virtual Machine?

When we reached my main bank account I balked and eventually shut down
my computer and restarted in Linux.

Do you have more than one bank account and if so then how did they know to go to your main bank account?

Even when using Bionic Dog, on a USB stick, there were a few ip addresses that
went overseas from my personal ip address.

Where you using more than one ip address?

I used the linux equivalent of netstat, and something called zen gui, for that.

By zen gui, do you mean zenmap/? Where you port scanning these ip addresses or just using nmaps traceroute capabilities?

So I'm wondering if there are any linux tools to delete unwanted ip routes

You can use either iptables to drop or forward ip traffic, like is done in the tor transparent proxy:
https://gitlab.torproject.org/legacy/tr ... arentProxy

alternatively, you can use policy based routing:
http://www.policyrouting.org/iproute2.doc.html#ss9.16

and
show what is at the end of these.

I googled, "find what corporation owns an ip address linux", I found the following:

$ whois 74.86.48.99
OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
Address: 1950 N Stemmons Freeway
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

https://www.cyberciti.biz/faq/find-ip-address-owner/

Anyway, goodluck with your future honeypot endeavors....

Awhile ago there was mention of a puppy linux tailored for the internet.

[s243a]

Awhile ago there was mention of a puppy linux tailored for the internet.

You might be referring to Puli. However, there are other options, like lock-down-mode in easyOS, easy containers, and Kiosk dog. Anyway, here is a synopsis on Puli:

II. Puli in a nutshell:


1. Boot-up the PC from the USB pendrive pre-installed with Puli.

a. When asked, log in as root.

b. At the first login, type root as password. (Later you can change it and save it for next logins).

2. The Session Setup dialog pops up.

a. Check whether timezone, numlock, timesync, hwclock, firewall, locale, and keyboard, etc., are suitable for this session and change them if needed. Your changes in this dialog affect the current session but you can preserve them for the future sessions, too.

b. You may right-click the Volume tray icon, select Full window and check/adjust Capture, Mic boost, etc.

3. The USB pendrive gets unmounted. Consider pulling it out when the popup message reminds you.

4. Before you finish, be sure that you left no data on the PC.

5. There are different methods to save your work on the (replugged) USB pendrive:

a. You can preserve the main settings (including passwords, too) by clicking the Save: smart button on the Shutdown dialog or, within the session, in the dialog of the backup desktop icon.. See the next sections for details of this Smart save feature.

b. Clicking the backup icon on the right of the Desktop immediately creates a compressed Puli_backup_YYYY_MM_DD_HH_MM.tar.gz backup file in the /backup folder of the USB pendrive. Backups include Backup description.

c. You can decide to create backup at the end of the session, too, by selecting Save: backup on the Shutdown dialog.

* Note that the password files, the smartloaded packages (installed into /initrd/pup_rw) and the on-the-fly added .sfs files (arrived into the /initr/pup_ro4... ro8 folders) are excluded from the backups.

6. You can restore a previous status from a backup if you open the /backups folder on the pendrive then drag-and-drop a backup file onto the Restore icon next to it. Of course, the selection of the smartloaded packages should be the same as it was previously. You will receive notification about the packages omitted during backup.

7. Puli provides you with a secure environment. It helps you fight against malicious attackers.

* Be wary of hardware keyloggers. From the tray, open the virtual keyboard and use it any time to enter passwords or other sensitive text. This way your data will not be disclosed.

* You may start some features, such as Office programs, evince, etc., in offline mode for your security.

* See more details about the available security profiles in the next sections.

* It is recommended to change your session password as follows:

a. Open console

b. Issue the passwd command and follow the instructions.

c. At shutdown time, save your environment with smart save. The new password shall be used for future logins. See the next sections for details.

* If you right-click on a folder, you can encrypt / decrypt its content. See more details in the next section.



III. For advanced users:


1. To have additional packages, browse the content of the packages subfolder(s) here and download the selected 32/64 bit ones into the /packages folder of your USB pendrive. Among the proposed packages, you can find advanced Office programs, Java runtime module and other useful software - each of them tested with Puli. Note that the 64-bit Puli is able to run some 32-bit software (the 32bit-compat.sfs package provides multi-arch support for them).

2. You probably don't use all downloaded packages in a given session. Puli offers easy selection among them in boot time, with the help of the smartload feature:

* Together with the built-in Puli packages, you can boot any number of extra .sfs, .pet, .deb, .AppImage, .tar.7z, .tar.bz2, .tar.xz and/or .rpm files simply by referencing their file name in separate lines of the /profiles/Common/smartload file of the USB boot device. See the default smartload file included in the release. Puli seeks those referenced packages in the /packages folder of the boot device and auto-loads them during bootup (in the order of their appearance in the smartload file), before the graphic environment (X) starts.

* For example, to smartload SoftMaker FreeOffice, put a softmaker line in smartload file on your USB boot device. (This is a kind of free but licensed software thus you need to register and obtain your personal license at Softmaker Software GmbH. Alternatively, you can use LibreOffice (without registration) by putting a LibreOffice line in smartload file. See the Useful links section below.

* The content of the smartloaded .tar.bz2 and .tar.xz packages will be unpacked to /opt/ folder (in the preserved structure of the package).
Note that the .tar.7z packages can be encrypted - Puli asks for password at boot time.

* The AppImage files will be smartloaded to the /opt/AppImages folder. An extra icon pops up in the desktop while one or more AppImages present in this folder. (Puli accepts the .AppImage, .appImage, .Appimage, and .appimage file extensions in the same way.) You can run them directly by left-clicking the folder icon then selecting the filename. AppImages (and other executable files) can be run sandboxed if you right-click their name and select firejail in the menu - providing that the firejail package is (smart)loaded.

* You may have more smartload type files prepared, i.e., smartload, smartload1 ... smartload9, smartloada, smartloadb, etc. Then, you may select one from them during bootup by hitting a character (e.g., 1, or 2, or a, or b, or c) when asked. If you don't act, the default smartload file will be used. If your selection refers to a non-existing file or you hit space, then the smartload feature is omitted.

3. Other settings:

* You may add boot parameters, e.g., pkeys=hu plang=hu_HU.UTF-8, to syslinux.cfg on the pendrive (see among the install files) that will be applied in all cases for all machines you want boot with Puli.

* In addition, you can define machine specific parameters (timezone, numlock, timesync, hwclock, firewall, plang, pkeys, etc) in the env-<macaddress> folders of the (root of the) boot device. The default folder is env-0, that can be accompanied by various env-001ee4532a23 etc., folders after running Puli on different machines. Those folders will be prepared and filled up in /root/tmp folder by Puli that saves them on the boot device if you select the smart save option at the exit or click on the save "Puli-head" any time.

* Booting Puli on the same machine next time, you don't need to deal with the settings. For example, the default timezone (GMT) will be overwritten with the timezone data of puli.cfg found in the machine specific folder. The applicable timezone codes can be read from /usr/share/zoneinfo, such as Australia/Perth.

* You can place one smartload file in the (root of the) env-<macaddress> folder if you need to load machine specific modules (e.g., nvidia driver) before X starts. For help, an empty smartload file is included in env-0, you only need to (find and) populate its copy in the env-<macaddress> folder.

* It can happen that some .pet, .sfs, or .deb modules shall be auto-loaded in the X environment. Put a + (plus) sign as the first character in such lines of the selected smartload file (do NOT rename or reassemble the package itself).
Note that the postXload feature of the earlier Pulis can be applied too: you can list such modules, without the starting plus sign, in a postXload file (next to the smartload). There can be only one postXload per env-<macaddress> folders. However, you can apply one common postXload next to the other smartloads in /profiles/Common folder of the boot device. The Puli package includes an empty postXload there (and another one in the env-0 folder, too).

* Just after boot-up, the advert-blocker feature updates the /etc/hosts file to block annoying commercials.

* By clicking on different Office files, the appropriate program opens based on MIME type, e.g., abiword can catch the .docx files while textmaker can handle the .doc; clicking an .xls can open planmaker while .xlsx can invoke gnumeric, etc.

* Puli automatically creates a Linux swap file in the memory unless you prepare a swap on the hard disk (e.g., using gparted. The swap is pr eferably the same or twice the size as the memory. There is no reason to configure a swap bigger than 4 GB.

* If the USB boot device includes folders named /patch and/or /profiles/Common folder, then Puli merges their content and copies them in the filesystem before starting X. (the content of the patch folder may overwrite those files come from Common).

* In the Puli package, you can find tricky security profile examples realized by different file structures. They can be selected/activated by clicking their fantasy-named security profile selector icon (the profile name will be copied into the /patch folder on the pendrive). Those profiles are mainly used during browsing the net:


Puli_profiles.png


Mild-tempered

a. This is the default security profile, the only profile in which multiple browser windows or even multiple browsers can run simultaneously.

b. Chrome, Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.

c. The network_tray icon becomes red while suspicious connections are active. They are logged in /var/log/suspicious_connections file.


Rigorous

a. In this profile, the 64-bit Puli disables all disk drives (e.g., the hard disks stop rotating). The boot device remains active, however it can be plugged out when Puli recommends.

b. Puli barks as soon as suspicious connections are detected (only during browsing). Then, to prevent hacker attacks, updates the firewall's blacklist with the suspicious hosts.

c. Puli does not release the suspicious host but occupies its available ports in SYN_SENT or similar mode. For details, see profile-specific scripts such as /usr/local/bin/defaultbrowser and /usr/bin/netchecker.

d. If you accidentally get false alarm(s), move those friendly IP addresses from /etc/suspicious_hosts to /etc/friends file (and update your patch structure accordingly).


Crazy

a. In this profile, the 32-bit Puli disables all disk drives (e.g., the hard disks stop rotating). The boot device remains active, however it can be plugged out when Puli recommends.

b. Chrome, Iron, Slimjet, and Vivaldi browsers open here in Incognito mode. I propose to not change this setting.

c. According to the profile name, Puli makes hackers crazy. It disables the network periodically to prevent their session become effective. See the details in /usr/bin/netkiller.

d. Some browser versions may fail in this profile if the communication with the selected server is wery slow.


Lazy

a. Similar to the mild profile with one tricky exception. While browsing in this unique profile, your lovely Puli becomes lazy and goes asleep. More precisely, the Linux utilities (those in the /bin folder) become inexecutable, preventing a hacker or even a trojan malware to initiate shell scripts or issue commands. In the script behind the lazy profile selector icon on your USB boot device, you can define the full path where you want to run the "disappeared" Linux utilities in lazy mode. You may leave the default /ban/ setting as is, or write a path like lazybin="/usr/share/foo/" (with slash at the end). Of course, you need to re-activate the lazy profile by clicking its profile selector icon, then reboot. Be careful! If you put an existing folder name above, its original content may be overwritten! Warning! Do NOT select a folder from those in the search path!

b. Chrome, Iron, Slimjet, and Vivaldi browsers open here in Incognito mode, and you cannot run multiple browsers/browser windows simultaneously. I propose to leave this setting "as is". Firefox runs as spot with limited lazy features, but opens in a sandbox if firejail is installed.

c. Some features behind icons file, info, edit, write, calc, phone remain active only for you.

d. During browsing, clicking on the leftmost dog icon toggles between the lazy and the mild profiles. While you see a "glowing" mild icon, you can click on the rest of desktop icons, and the menu items.

e. The drive icons are replaced by an inactive drives icon during browsing in lazy mode. While toggled to mild mode, clicking on the drives icon invokes pmount.

f. Warning! Do not unplug any mounted drive while browsing in lazy mode!

g. If you close the browser, all features are restored in a few seconds (i.e., the dog icon initiates backup and the drive icon(s) appear again).


* It is preferred to browse with the latest version of a properly sandboxed Chromium flavor, or use a modern Mozilla based version.

* Puli supports the following 32/64-bit browsers (in order of preference, which is NOT the order of quality): Chrome-64bit; Iron; SlimJet; Vivaldi; Firefox; Opera; Links and runs them by spot user. It is recommended to use the smartload feature for booting them by selecting one of them in the smartload file. (Note that you if you install more than one browsehere rs, they may interact or even block each other).

* By default, the Iron, Slimjet and Vivaldi browsers run in Incognito mode, using common bookmarks and settings. It can happen that later versions (which are recommended anyway) cannot keep this compatibility.

* Due to licensing issues, some Chromium based browsers cannot play mpeg4 videos. In those cases, installing or smartloading extra ffmpeg codecs can be a cure. A couple of extra ffmpeg packages are referenced/available in the Puli codec repository.The Opera version is probably compatible with Slimjet and Vivaldi browsers, too.

* In all profiles, clicking the info icon invokes the preferred browser (in case of the Chromium-based browsers, in non-accelerated, Normal mode). If nothing selected, the Links browser appears. It is configured for smart media recognition capabilities.

* Puli supports Firefox. You can download a relatively new version from the link in my packages. Auto-update to the latest version is configured in Puli. However, you can update my pet package by replacing its /opt/firefox folder with the latest version. Firefox starts in sandbox if firejail is installed.

* You can download the latest Flash player plugin from this link. Its filename is like "adobe-flashplugin_<latest date>.1-0ubuntu0.14.04.1_i386.deb" or its 64-bit counterpart "adobe-flashplugin_<latest date>.1-0ubuntu0.16.04.1_amd64.deb" . Put this smartloadable .deb file in the /packages folder on your boot device. Be sure that only one adobe-flashplugin*.deb file appears among the packages. It installs to /usr/lib/adobe-flashplugin folder (for all browsers).

* Parental control: Append IP addresses or even domain names (e.g., 1.2.3.4 and/or somename.com) as separate lines to the /etc/suspicious_hosts file (of course, copy it into your favorite patch structure on the UBS pendrive, together with /etc/friends). Puli interprets them and feeds the blacklist automatically.

* If you right-click on a folder, you can encrypt / decrypt its content with the menu items. I propose storing your sensitive files in /root/my-documents/Secret/ folder which is encrypted (with AES 256 and password "root") by default. Of course, it is strongly recommended to change the default password to your one at your earliest convenience. The encryption-related options can be found in the dialogs behind the right-click menu items. Note that the Secret folder will be automatically unmounted (i.e., its content toggled to encrypted status) if you create a backup or select smartsave.

* In Puli, the background picture (wallpaper) is the /usr/share/backgrounds/default.jpg, referenced in the third line of /root/Choices/ROX-Filer/PuppyPin file. This line in PuppyPin also defines its displaying mode (Centred, Scaled, Fit, Stretched, Tiled). You can copy your favorite wallpaper to /usr/share/backgrounds/default.jpg to see it on the computer you are actually using (then restart X). Later, if you select Save: smart at shutdown, then these settings will be saved to the env-<macaddress> folder on the boot device. You may try the Desktop > Pwallpaper menu item to change the wallpaper but do this with care.

* If you connected an MTP (Media Transfer Protocol)-capable device (e.g. a mobile phone) via USB cable but the device is not recognized automatically, open a terminal window and issue mtp+. Now, you can access the device thru the /root/MTP folder. If you finished, issue mtp- before disconnecting the USB cable.



IV. For enthusiasts:


You may need to customize Puli if you want to run it on the same computer. Puli supports this in many ways as follows. But keep in mind that different computers' settings can be incompatible with each other thus their settings should be stored separately, i.e., in different environment folders on the boot device.

* The naming convention for the environment folders is: env-<macaddress> where macaddress is a 12-position hexadecimal number, for example, env-0123456789ab. Puli recognizes whether the name of one environment folder matches with the given machine at boot time. If no matching folder found, it will be created in /root/tmp using the content of the env-0 folder and your actual settings (and will be saved at shutdown time if you select Save:smart)

* You can select a smartload file during the boot process, earliest after the purple "copying to ram" text appears, but latest in 5 seconds after you see the "Press a key to smartload a package set..." message. You can reference there as many files as you want - even a truncated but unique basename, e.g., "wine", or (if you are unsure about capitals in the filename), even "?ine" can be enough to locate "wine-3.10_v3.1.pet". Note that while, on the one hand, only the memory limits the number of the auto-loaded packages; on the other hand, they cannot be uninstalled in the given session (however, try to re-install the same package then uninstall it). The possible errors are displayed in a simplified mode and logged in the /root/tmp/ folder with details.

* The auto-loaded files are merged into the /initrd/pup_rw folder: first, the content of the Common folder, then the content of the environment<macaddress> folder, then the content of the smartloaded files (starting with the environment-specific smartload tem the rest in the order of their appearance), then the content of the patch folder, then the content of the security profile. That is, you can overwrite a just loaded file with another one, e.g., files loaded from /Common folder with files loaded from /patch folder, etc., but each overwrite their counterpart in /initrd/pup_ro2. Puli uses the rsync -a command for this.

* Note that although Puli accepts .rpm files, they mostly need additional libraries to run properly.

* The firewall can either be set as strong or lite. If you need to create a different firewall, you may set up the firewall rules manually then put them in your patch structure. Later, you can easily recognize the active one based on the color of the tray icon (green = strong-Puli version, yellow = lite-Puli version, blue = user-configured).

* In the Session Setup dialog, you can decide whether the current session settings are valid for the future sessions, too.

* After login (more specifically, after you click OK on the QuickSetup window in the X environment), files in the /root/Startup folder are executed. Intentionally, the Puli-specific zsupp script is the last one amongst them. Of course, you can amend it and put in the /patch folder to replace its default version.

* Note that the files in the /root/.config/autostart folder are executed each time just after restarting X. Consequently, at first boot, they start BEFORE you click OK on the QuickSetup window.

* The BootManager has been tailored for Puli as some of its functions are not applicable in PUPMODE 5, and others are implemented in a better way. Use with caution.

* As in other Puppies, you may install five additional .sfs files on-the-fly later (into /initrd/pup_ro4 ... /initrd/pup_ro8). However, Puli offers a workaround if you need to load more than five .sfs files on-the-fly. Menu item Setup > Merge SFS files gets (based on their alphabetical order) the *.sfs files found in /root folder, then merges them into /root/puli.sfs. Move it to the pendrive and reference it as a single item to load/unload it using the Settings > SFS-Load menu item from the desktop.

* In contrast to other puppies, you cannot save your session as puli.2fs on the USB pendrive or elsewhere. Instead, use the backup desktop icon or the Save: backup option at the Shutdown dialog. Note that the auto-loaded extra packages are not included in the backup file thus you may need to use the same smartload file next time to restore the same environment.

* As already mentioned, you can save some session settings to auto-load them next time by clicking the Save: smart button either in the Shutdown dialog or, within the session, in the dialog of the backup desktop icon. If clicked, then the control files within the /smartsave folder will be executed. Note that some Puli-specific .pet or .sfs packages may add their own control files to the /smartsave folder on the boot device as /profiles/Common/smartsave.

* If you are experienced enough, you may activate the restore_latest.pet package by the appropriate row in your smartload file (as an example, see the /smarloadr file in the install kit). With these settings the latest backup will be auto-restored at boot time. Note that cumulative backups are possible, i. e., you may restore more backup files after each other, even those created in different security setups on different machines. Puli tries to manage this, and sends warning messages if needed. You may see unforeseen behavior in extreme cases, however.

* Beyond the above mentioned dynamically changing "latest" backup, you can auto-restore another "fixed" backup, too. For this, activate the restore_fixed.pet package in your smartload file. With these settings, Puli will seek a backup file placed in the /backups/fixed folder of the boot device to auto-restore it at boot time. Note that this is independent from the restore_latest feature, so you can apply them even together if needed. Restoring backups begin after the security profile is in place. Note that no security profile will be restored from backups.

* In your smartload file, you can reference a specific package (force_mild.pet, or force_rigorous.pet, etc.,) to replace the preset security profile with another one. With this feature, the single-key boot-time setup can include a smart security pr ofile selection.

* You may refresh the puli<version>.sfs file, e.g., to update it with the content of the actual patch structure:

a. Ensure that the pendrive is plugged in (either mounted or unmounted).

b. Open a terminal and issue refresh

c. The temporary files are in the /root/squashfs-root folder. When the script asks for this, you can manually edit the content of /root/squashfs-root, update it with patch files, etc. Be careful with adding new links: relative links should not point out of the /ro ot/squashfs-root folder.

d. Wait until all operations are finished.

* The shrink script does the same as refresh except that it calls the Remove Builtin Files utility before writing back to the USB pendrive. The temporary files are in the /root/squashfs-root folder. You can manually edit the content there when the script asks for this.

* Clicking some icons open built-in or smartloaded programs based on their preference order. You can change the preferences in the /usr/local/bin/defaultxxx files of the given profile(s). For example, the write desktop icon may have this preference order to open: LibreOffice, SoftMaker FreeOffice, Abiword - depending on which one is installed; the paint desktop icon may havepreference order as: Gimp, Mypaint, LazPaint, nomacs, mtpaint. The draw desktop icon may have this preference order to open: Inkscape, AzDrawing, Inklite; the record desktop icon has this preference order to open: SimpleScreenRecorder, XvidCap - the latter is the default. The phone desktop icon has this preference order to open: Skype, https:/appear.in, xchat, etc. Note that usage of https:/appear.in is limited in some browser versions because they do not allow camera/mic in WebRTC API.

* Skype is not available for 32-bit Linux anymore.

* You can try web plugins available for some browsers and can even create smartloadable modules from them. Such modules can replace the standard Skype, Teamviewer, etc packages.

* The zip desktop icon opens PackIt. Xarchive remains available via the menus.

* Notice that some common Puppy utilities, e.g., default applications chooser, have been removed in favor of the Puli specific features.

* Notice also that the .DirIcon of the selected profile folder appears on the Desktop as backup icon.

* As mentioned above, Puli intends to disable all disk drives except the boot device. This is made by the /usr/bin/diskdrop script, which runs in all cases by default. However, this function is enabled only in the Crazy profile and neutralized in the rest (by an empty diskdrop script in the /usr/bin folder of those profiles). The disabled drives cannot be fully restored within the session. However, you can try to restore them with the /usr/bin/diskrise script, which needs the boot device be plugged in. After diskrise, identifiers of the restored drives can change (e.g., sda1 appears instead of hda1 stb).

* Warning! Puli detaches the pendrive at the end of the shutdown process to prevent the dirty bit set. Some machines remember this detached status until they are physically removed. In this case, unplug the pendrive after Shutdown. Never fix t he dirty bit in Windows! Puli resets it next time during the bootup process.

* To accelerate its boot process, Windows 10 doesn’t fully shut down by default. Instead, it actually hibernates. Thus, the NTFS filesystem of Windows 10 appears as read-only in Puli (as in all Linux flavors). If you need to write to this partition from Puli, either permanently change the default power options of your Windows 10 or keep the Shift button while selecting Shutdown in your Windows 10.

* By default, the Windows-encrypted drives are inaccessible. You may download and try Linux-based decrypting programs such as dislocker.

* Some USB install tools, other than LiLi, do not accept .zip files. In this case, simply rename the Puli_install.zip file to Puli_install.iso. This renamed file will be accepted for installation.

* The Puli package includes the folders/files for booting in UEFI mode.



V. Useful links

• Puli homepage with links to mirrors
  Mirror including the proposed additional packages for Puli here.
  Puppy Linux knowledge base
  Puppy forum (huge collection of HOWTOs, ideas, and installable packages)
  32-bit and 64-bit Puppy Linux packages (programs, Nvidia drivers, etc)
  Adobe Flash plugin (See details above in section "For advanced users")
  Extra ffmpeg codecs for chromium flavors such as Slimjet or Vivaldi (Earlier extra ffmpeg codec versions may not work with the latest browser)
  Common CA certificates (You can browse this link for the latest ones - the ca-certificates] associated with the newest Ubuntu versions may be OK for browsers such as Netsurf or Links)
  USB install tools (Some of them are Linux based, others are created for Windows only)

Appendix A. How to install Puli in Linux environment

In the first section above, I described an easy method for installing Puli in Windows XP/7/8/10 environment. For an experienced Linux user having root privileges, the below solution is also easy and straightforward.
Providing that you have Puli 7.x or another, relatively new 32/64 bit Linux version:

1. Create a bootable pendrive

a. Put a 4 GB or higher capacity USB pendrive to a free USB slot. Warning! It will be wiped during the install process!
b. Use GParted to create a single, bootable FAT32 partition on it. The result is an empty device being registered, let's say, as /dev/sdb1
c. Open a terminal and enter syslinux -i /dev/sdb1 to put ldlinux.sys over the current bootsector of the pendrive with bigger that 32000 bytes of size. (You may need syslinux version 6 and/or mtools - the latter is available in the PPM of all newer puplets)

2. Copy Puli to the pendrive.

a. Download the latest Puli_install.zip file from my sourceforge.net repository and extract it, e.g., with uextract.
b. Open the unpacked Puli structure and copy its content into the (root of the) USB pendrive, next to ldlinux.sys

3. Unmount the pendrive.


Before rebooting your machine from the pendrive

a. You can find some useful packages, e.g., browser(s), Adobe Flash plugin, Java runtime (jre) environment, Office packages, wine, etc from Puli-(64/32 bit)/packages subfolders of my sourceforge.net repository. Take a look at the proposed closed source packages referenced in the +externals.txt file, too. Download the selected ones and put them into the /packages folder of your boot pendrive. Note that you may find newer versions at the download page of their distributor. See also the Useful links section above.
b. I recommend to read the above sections, too.
c. If you know what to do, you may configure some startup parameters in syslinux.cfg and in puli.cfg right now.
d. Ensure that the BIOS/UEFI allows booting from the USB device.

* The boot procedure may fail if some Puli files, i.e., initrd.gz, *drv_puli(version).sfs, and/or puli(version).sfs remained accessible on your hard disk.

You are ready. Puli is installed. Give it a go!

viewtopic.php?p=2555#p2555

I don't know if someone was trying to social engineer you or if you were were looking for honeypot ideas. Puli, is more geared to making sure that you boot with a prestine system, so that if you say go to a banking site, you are less likely to have someone steel private information like passwords.

As for honeypots, maybe you could set up Puli both to man-in-the-middle your honeypot and also give Puli remote access to your honeypot.

Puppy features that might be good for a honeypot are multi-session save. EasyOs has multi-session-save-for-DVD (I think folder based) and fatdog64 has this for a usb drive (I think sfs based) puppy also has multi-session save but it isn't well supported. Why multi-session is useful, is that you only have to scan the changes for evidences of malicious software.

Edit: Note: as an alternative to EasyContainers rw-sandbox in fatdog64-811 has more features for isolating the chroot than the orginal script in earlier additions. They probably aren't yet promising super secure jail capabilities but if you combine this with multi-session save and use this as the starting point for your honeypot then perhaps the risk of container breakout isn't too great since nothing too critical is located in the honey pot. Maybe add a virtual machine for an additional isolation layer.

[edmont]

To s243a

No I was using a full installation of Windows 10, actually a copy
on a SSD from my original HDD; this is legal according to Windows
online documentation.

Yes I have more than one bank account, they didn't know to go to my
main bank account , this was a progression from the others on my
part.
The main bank account has multiple levels of security.

I have one ip address, however there are a number of ports on that
one address, one of these might be used for my wifi security camera
and was set up at the modem.

Yes zenmap sounds like the network app.

The route that I found lead from my ip address through USA, japan,
and then HK, China. I'm wondering if this is the location of the manufacturer
of the wi-fi security camera that I use.

The USA address was in Kansas, maybe Warlock where I'd been browsing
after watching the movie by the same name.



Shall look at yuor suggestions later.

$ whois

Is a linux terminal command ?

What do you mean by 'my honeypot endeavors' , I'm the one on the
receiving end of this.

I thought that there were also a few linux command line instances
for deleting ips from the network route.

Your mention of Puli is quite comprehensive, may take awhile for me
to read all of this, the Honeypot trap is interesting and worth my
investigating further as this may of been the second time that someone
tried to scam me like this.

Easy-OS , to determine.
What about Parrot OS, I already have this upon a USB stick.

After a call from my main bank, where I'd sent an email, I've removed
the Windows SSD and I am using Ubuntu 20.04, with the firewall enabled.

[s243a]

To s243a

No I was using a full installation of Windows 10, actually a copy
on a SSD from my original HDD; this is legal according to Windows
online documentation.

This could be low risk for you if you have it backed up.

Yes I have more than one bank account, they didn't know to go to my
main bank account , this was a progression from the others on my
part.
The main bank account has multiple levels of security.

Your awareness about your banks security makes me wonder at what point you thought the caller could be a scammer. It sounds like you may have had an idea relatively early on.

I have one ip address, however there are a number of ports on that
one address, one of these might be used for my wifi security camera
and was set up at the modem.

Open ports are a potential security risk and there have been many cases where ip cameras have been installed with poor security.

Yes zenmap sounds like the network app.

Nmap tool is a very popular tool with hackers, except perhaps when they are good enough to write write their own tools. Of course non hackers also use nmap some. What led you to try out this tool?

The route that I found lead from my ip address through USA, japan,
and then HK, China. I'm wondering if this is the location of the manufacturer
of the wi-fi security camera that I use.

You think that China might be putting backdoors in ip cameras? This is possible.

The USA address was in Kansas, maybe Warlock where I'd been browsing
after watching the movie by the same name.

Anyway, my understanding is that many such cameras aren't that hard to hack:

https://hackingpassion.com/security-web ... y-too-easy

so the attacker could be anyone. It doesn't need to be the manufacturer.

Shall look at yuor suggestions later.

$ whois

I also may try this out to someday, as well as nmaps traceroute capabilities.

What do you mean by 'my honeypot endeavors' , I'm the one on the
receiving end of this.

Maybe so but it sounds like you are giving the attacker some leeway in the hopes of identifying them.

I thought that there were also a few linux command line instances
for deleting ips from the network route.

You could kill the process, but part of the point of iptables is to drop the connection before it is even made.

Your mention of Puli is quite comprehensive, may take awhile for me
to read all of this,

Learning Puli is also on my todo list.

the Honeypot trap is interesting and worth my
investigating further as this may of been the second time that someone
tried to scam me like this.

It's much better if an attacker attacks your honeypot then you main system. There are some versions of linux specifically designed to be honeypots.

Easy-OS , to determine.
What about Parrot OS, I already have this upon a USB stick.

Parrot is a popular distro with Hackers. One reason for this is unlikely kali, Parrot has a version for general use and an alternative version for people into things like pentesting and forensics. It is convenient to have the tools you want included with a distro but you can always install tools on a different version of linux.

The advantage of puppy is that it is small and lightweight. This means that it requires few resources to run, and it is faster to backup and restore on a system. You don't need to necessary choose between puppy or Parrot. You can always duel boot or alternatively run them of separate usb drives. Puppy can reside on the same partition as a different version of linux because the save area can be either a file or a folder .

After a call from my main bank, where I'd sent an email, I've removed
the Windows SSD and I am using Ubuntu 20.04, with the firewall enabled.

"

Also check the firewall settings on your router. In many cases the firewall settings on the router are sufficient. Also it is better in my opinion to learn how to driectly use iptables commands rather than relying on the distros firewall. That said, for now perhaps keep your distros firewall on, just in case the security cammers (or router) on your network are hacked. One can aliviate part of this worry by putting the cameras on a seperate network.

Presumably one way to deal with the possibility of a router hack is a factory reset and password change. However, if a router is vulnerable this will only be so effective (see routersploit). Perhaps I'm being a bit paranoid here to consider the possibility of the router or cameras being hacked but it sounds like you have some interest in learning how to identify such threats.

[user1111]

What do you mean by 'my honeypot endeavors' , I'm the one on the receiving end of this.

Oh dear! NEVER give out details or do actions arising out of anyone contacting you. Any valid entity that does contact you should expressly use steps that avoid you having to disclose anything. Never use any telephone/contact numbers provided by such contacts, instead reference and use the contact point(s) as originally provided in your contract with the entity.

Given that you have progressed down a bad pathway, consider your system compromised and revert to a known clean backup. You do maintain disconnected backups I hope! Worthwhile also to check your account balances/activity, inform them of your concern that your details may have been compromised and have then reissue new cards/pins.

Honeypots can be fun/informative, but sounds to me that you'd be better placed avoiding them, excepting decoys. They can involve great depth and if you don't have the skills to match it could lead you into trouble. I had one just the other day for a £5000 spend attempt that was pretty advanced. Seemingly they knew my card number, three digit back of card number, expiry date, name ...etc. Given that I keep cards stacked in my wallet so that glancing by with a skimmer is less inclined to pick up on any one individual cards details, is indicative that the cards/details have been acquired likely through a very old spend, as its a old account and where even I have forgotten the pin and is just a card that I keep for emergency spend and as a 'stacker' in my wallet as a anti-skim measure next to the card that I do use regularly.

[edmont]

I also have a USB stick installer version of Windows 10 on my Ubuntu
20.04 distribution ; this is separate from the original version that came
with my PC.

Nowadays I use Windows 10, with Blue stacks and a home app that
runs on android for my cheap wi-fi security camera that was manufactured in China. Initial setup required my providing quite a few
details and the use of a security checker chart.
I attempted to find a linux equivalent to blue stacks that was easy to
install and use, there was nothing. I also attempted to use a version
of Android, probably from the same website where I downloaded Parrot
OS, this was too difficult to use.
Wonder if there's a pet for this.

I mostly shop online nowadays, so no one gets to observe any of the
details on my bank cards , also I never used my Credit card to purchase
anything offline. I shall request a new credit card after the recent
events, there's seldom much funds in the associated account anyway;
if the funds aren't there the transaction wont proceed.

Might Parrot OS be used to defeat malicious hackers.

[Jafadmin]

If a bad guy can get you on the phone and talk you into logging into various websites and entering your password, then NO. There is no software or operating system in existence that can save you.

The computer is not the problem in this situation ..