Fedora Networking :: Investigate Virus Using To Port Scan Edu Sites?
Nov 17, 2010
I installed F14 on a friend's computer a couple of weeks ago. Today she called me saying that her ISP called her telling her they'd have to cancel her internet if she didn't fix whatever virus was sending port scans to edu domains that they'd gotten complaints from. I thought "well, there's a first"... I've got ssh to her computer, so i shelled in and ran a couple of commands, but i really know very little about how to investigate this kind of stuff.
She's directly connected to her cable modem via cat-5; but she does have a wireless card installed --she just doesn't use it, nor a router, afaik, nor as far as i'd seen when i setup her printer. I googled a bit, and ran a couple of commands, and 1 of them was interesting because it APPEARS that her wireless card is ON and the eth0 is OFF? Perhaps someone will know how to read this output better than i, and the output of the other command that i ran. Also, does anyone know any other ways to properly investigate this one? FWIW, she does use transmission to download torrents.
Anyway, here's the commands i ran:
Code:
[root@localhost ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00.
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:21:97:9b:70:29 brd ff:ff:ff:ff:ff:ff
3: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000 link/ether 00:1e:e5:9c:b6:8a brd ff:ff:ff:ff:ff:ff [root@localhost ~]#
klamav KDE doesn't work. It won't download updates. So, I want to make a one-click scan. I'v been using shell installers from nvidia. I know the sequence I use in the terminal to get it running. There should be way to do this from the desktop.
I'm quite new to Ubuntu and I am running Ubuntu Studio 10.04 . I have just installed Klam AV and had it scan my computer . I was surprised to find that it had found two 'viruses' . I don't know if anyone can help me in finding out if they are real or only false positives . The following is the output that I received .
Name of File /usr/src/fglrx-8.723.1/libfglrx_ip.a.GCC3 and GCC4 Name of Problem Heuristics.Broken.Executable Status Loose
I have Avast Antivirus installed in Ubuntu 10.10. There are options to select folders to scan from 1. Home Directory 2. Entire system and 3. Selected folders. What are the options available to scan only selected drive. OR How to scan only USB stick.
I am brand new to Linux.I was wondering if there is an anti-virus software that runs under Linux (Ubuntu Live), that can scan Windows files and get rid of the viruses?I ask this as I had a trojan that was detected, but could not be deleted under Windows; I had to us Ubuntu live to delete it, which seemed to have worked.
I'm dual booting 10.04 with windows 7 and it occurs to me that I could scan the windows partition for viruses FROM linux. Is anybody doing this sort of thing? Does that make any sense?
I use my ubuntu laptop at work and connect a lot of usb pen drives to my computer. Everyone else I work with use windows and I want to make sure that the usb pen drives don't contain any windows viruses so I don't spread them. The best way for this to be done would be to have the USB pen drives automatically scanned with they are inserted in my ubuntu machine. How to do this?
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
when I attempt to scan anything with clamav from a terminal I get the following error:
ERROR: Can't create temporary directory /var/lib/clamav/clamav-da584cb3f4ee38529f0460ad6f7dc632 Hint: The database directory must be writable for UID 999 or GID 100
Which I take to mean that there are no virus definitions installed. I use the "freshclam" command. Which results in the following error:
ERROR: Can't create temporary directory /var/lib/clamav/clamav-da584cb3f4ee38529f0460ad6f7dc632 Hint: The database directory must be writable for UID 999 or GID 100
I am trying to find a PCI compliant anti-virus that will scan uploads automatically for the debian lenny operating system. We are running the OS as a server with kernel 2.6.24 I am trying to avoid ClamAV as it is a pretty big system hog.
I'm looking for a virus scanner to scan some removable media (USB drives, mp3 players, etc). Since there's so many choices to choose from, can anyone recommend any?
I've heard a lot of people recommending clam av, but everything I've read suggests that clam av is better used for scanning e-mail servers and not home desktop application...
I have a Cent OS dedicated server, not sure what version though as I'm new to Linux. How do I find out what version I have? Is there an anti virus or security package that I can install on my server which can use Cron Jobs to do a scan every 12 hours.
EDIT: The problem is more basic than dnsmasq. On testing to see if the nameservers are reachableCode:root@ps1:~# ping 218.248.255.146connect: Network is unreachablePost title pre-pended with [DO NOT REPLY] dnsmasq on a recent Slackware 13.0 install is not resolving. Usually dnsmasq "just works". I have tried all the problem analysis techniques I know and am stumped.
First the symptoms: Code: root@ps1:~# vi /etc/dnsmasq.conf
I dual boot XP and FC14 and have 2 routers. I can connect and ping one of these routers when I'm in FC and I have an IP address I just can't load any websites. When I connect to the other router (my main router) it works fine. When I boot into XP and connect to the problem router I can load pages fine. It's only when I'm on FC14 and connect to the problem router that I can't load pages even though I have an IP and can ping around.
I want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused while nc -v -w2 -z localhost BBBB
I just ran the port scanner from the Network Tools utility a few times within a few minutes (see screenshots). How can there be different ports open each time? I know that port 631 is for CUPS, but what about the other ones? Could someone help me understand what is going on, or at least point me in the direction of some good information?
I can ping certain websites, such as Adobe.com, but I cannot access them via http (i.e. through firefox or yum). Some websites work through http, like Google, while others don't. The ones that don't are always the same.
What really hurts here is I cannot yum to all repos i'd like to. Since the same sites cannot be accessed through firefox, I imagine there is some underlying problem with my system's HTTP setup.
My windows machine on the same network works fine. I have had this problem since I installed Fedora 10 about 4 months ago. I'd rather not reinstall as nothing really seems broken (aside from this http issue), my system is completely up to date.
If I use a public proxy website I can get to the sites I can't connect to directly. I've followed a FAQ from mozilla for Firefox that hasn't helped, but I don't think its a Firefox issue since yum suffers as well. I also followed the fedora FAQ and I have been using OpenDNS servers.
I have a question which it believe it is quite simple but I have no clue how to do it... I'm using Fedora 12 and I'm the only Linux machine in my office's LAN... I have Apache (httpd) setup and my co-workers can access the sites perfectly by using my IP address, for example [URL]... So here's the question, how do I setup a domain name so everyone in the LAN can access the sites by typing [URL]..
I have FC-4 with Squid and Dansguardian. Internet Users in my organisation are configured to use proxy with 8080 in browser IE. There's no issue with Users as DG working perfect for them. We have Business Development Team, as they need to do most of the research over internet, their IP's are included into "Exception IP List" in Dansguardian. Obviously these people will be excepted from all banned sites, BD Team able to do chat, play games and do social networking and other stuff over the net, which results in more bandwidth consumption and breaking office policies.
I have tried to implement SQUID ACL's to block few sites like " meebo.com, orkut.com,facebook.com etc" but SQUID acl's not coming into picture. any one who successfully blocked chat, banned sites and social networking in DG with my case.
generally whenever there is a wifi connection available fedora will detect and i can establish the connection but today i am not able to see any such wireless network available. I am in a wifi accessible area and i need to know how this can be rectified. i tried iwlist scan in the terminal but that doesnt seem to work
I have installed a new network multifunctional device Samsung CLX-3185FN using the drivers provided by the manufacturer (Samsung Unified Driver). The printing over the network works fine, I can administer the device using browser. The only problem I have is using scanner over the network. It works fine if I disable firewall, but is blocked with firewall enabled. I can not figure out which ports or port-range I must enable for this scanner. Do you have any information on this one or how can I found out the necessary ports to open?
I installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
This is the difference in the output of a port scan using Zenmap on the same system with UFW turned off and then with it turned on. It is obvious that UFW works.
One reason I left Windows behind, particularly with a 3GB a month download limit, was that Linux generally only downloads files when you expect it to. Having the cap on downloads I run Netmeter in Wine. Now if like today I see a large unexpected download (pic) which is even in red to increase the paranoia, how can I find out what it is preferably while it is happening? It does not seem to be an email with attachment (I run Thunderbird); Nothing in Downloads, and as far as I knew application updates only happen after confirming permission in update manager?
In the past week or so I've noticed some weird network behaviour. I find accessing some sites such as Amazon, Paypal, and Bigstockphoto really slow. Sometimes the page will not load at all. Other sites are fine. The problem sites are not a problem for others on my LAN at home. When I try to open the problem sites, I can see in Firestarter blocked connections coming from 2.1(8/9).xxx.xxx on various ports such as 36007. This only happens for the problem sites. I attached a typical output from firestarter.
This happens with Firfeox or Chrome. Using Ubuntu 10.10
