Fedora Security :: 'send' Address Can Be Spoofed
Oct 16, 2009
I'm behind a modem router with firewall and SElinux enabled by default - but checking my mail this morning I noticed several ' delivery failures ' ( allegedly ) from hotmail referring to mail I hadn't sent. When I checked the spam folder for the on-line side of my mail account there were more failure notices. Two points that may be relevant, one is the recent Hotmail exploit, the other is that this only occurred with the address I use for railway matters, and some people cc to everybody, so it's odds on that address is on a good few computers. On one occassion when I checked my spam folder on-line I found spam which claimed to be from myself, so I know the ' send ' address can be spoofed, is this the explanation, or is it a new kind of attack linked to the Hotmail exploit?
View 13 Replies
ADVERTISEMENT
Oct 26, 2010
My IP is being spoofed by someone and I suspect it is being used for malicious purposes(possibly illegal ones). How can I stop someone from using my IP? I'm using a dynamic IP but obtaining a new IP seems to be useless. Changing my wireless password will probably just as useless I guess.
View 9 Replies
View Related
Apr 21, 2010
Just wanted input for this script i have cobbeled together. Its not done yet. I am trying to think of ways to close up my outgoing while maintaining full functionality of my laptop ( irc, web stuff, a torrent or two, etc.) . Anyways, I have done some myself; as well as, pulling bits and pieces from other stuff out on the web. I am starting to wonder why i have to write a specific rule to check for spoofed packets if my default input is set top drop. wouldnt it be caught?
Code:
#!/bin/bash
### Laptop + Desktop: No Forwarding firewall ip4 / ip6
### Distro > Debian / Ubuntu.
### oliverteasley@gmail.com
[Code]....
View 12 Replies
View Related
Aug 8, 2011
I need to send out ip address every time a machine is booted. So I have a script getting ip address through ifconfig command, parse the result (I do this with python since I'm not familiar with shell) and send out an email. I tried run it after login, and it worked. But it doesn't work if I don't login, but just call it from rc.local.
View 2 Replies
View Related
Dec 2, 2009
I have several computers at work running Fedora 12. From time to time I need to remotely connect to them, usually via ssh. Each computer is assigned an IP number automatically upon startup, however due to circumstances beyond my control they are not recognized by host name by the domain server. Therefore I require the IP addresses in order to connect rather than the host names. I have no way at present to rectify this situation.
When there is a reboot, I am not always guaranteed that the IP address will be the same as before, although in practice this is usually the case. If the IP address is changed and I am logging on remotely, I am unable to connect! I can't know the number until I am again physically sitting at the computer.
As a solution, I would like each computer to e-mail me its IP address each time it boots. My first attempt was to run a script at the end of /etc/rc.d/rc.local that runs ifconfig and places the output into a file. This file is then sent to my address using sendmail. The script works fine, but I note that the output from ifconfig at this boot stage does not contain an IP address! Obviously, it is being assigned later on in the startup process. Either that or the command ifconfig does not work the same at this stage as it does once I am logged in. I require somebody with more expertise than I to comment on that.
Finally then, my question is, at what point in the startup process is an IP address assigned and the output from ifconfig would contain this address? Is there a more appropriate place rather than rc.local in which I should run my script? Is there a more appropriate command rather than ifconfig that ought to be used instead?
---------- Post added at 05:41 PM CST ---------- Previous post was at 05:30 PM CST ----------
Let me show you my attempted solution in more detail in case you're interested. The script is called .SendIP.bash and is located in my home directory. Here's what it looks like (with some censoring to protect me from public ridicule):
#!/bin/sh
# This script will send ifconfig information to my e-mail account.
# This allows me to have the latest IP address assigned to this computer.
cd /home/MyUserName
hostname > .IPmessage
date >> .IPmessage
ifconfig eth0 >> .IPmessage
sendmail -f$HOSTNAME MyAddress@MyCompany.com < .IPmessage
As I stated above, the output from ifconfig does not contain the IP address when my script is called from rc.local.
View 10 Replies
View Related
Sep 14, 2009
Im an academic (university networks and security lecturer) studying/teaching network and operating system security, and inspired by the work of Hovav Shacham set about testing ASLR on linux. Principley I did this by performing a brute force buffer overflow attack on Fedora 10 and Ubuntu 9. I did this by writting a little concurrent server daemon which accidently on purpose didnt do bounds checking.
I then wrote a client to send it a malicious string brute forcing guessed addresses which caused a return-to-libc to the function usleep with a parameter of 16m causing a delay of 16 seconds as laid out in [URL] Once I hit the delay I new I had found the function and could calculate delta_mmap allowing me to create a standard chained ret-to-libc attack. All of that works fine. However .... To complete my understanding I am trying establish where I can find the standard base address for ubuntu 9 (and other distros) for the following, taken from Shacham:-
Quote:
[code]....
/proc/uid/maps gives me some information but not the base address ldd also gives me the randomised starting address for sections in the user address space but neither gives me the base address. Intrestingly ... when a run ldd with aslr on for over (about) 100 times and checked the start point of libc I determined that the last 3 (least significant) hex digits were always 0's and the fist 4 (most significant) where between 0xB7D7 and 0xB7F9. To me this indicated that bits 22-31 were fixed and bits 12-21 were randomized with bits 11-0 fixed. Although even that doesnt define the boundaries observed correctly.
Note: I am replicating the attack to provide signatures to detect it using IDS, and for teaching purposes. I am NOT a hacker and if needed to could reply from my .ac.uk email address as verification.
View 1 Replies
View Related
Jul 15, 2010
I want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.
And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?
Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...
Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?
View 1 Replies
View Related
Dec 31, 2010
I'm assuming that the following should block the complete 178.123.xxx.xxx address range.
Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.
Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.
Quote:
178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....
Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.
View 12 Replies
View Related
Jul 27, 2011
I recently set up a web server at home, using a non-standard port, due to my ISP blocking 80. I just checked my log files, and I see a TON of entries indicating that a file was not found "proxy-1.php", "proxyheader.php", etc. I do not have these files, not intend to have them as part of my website. I did a whois looking by IP address for several of these, and they all seem to come from an ISP in China. Is there a way to BLOCK any IP address outside the US (that is somewhat simple to do?)
View 5 Replies
View Related
Aug 26, 2009
I want to block some ip address that are attacking my server and making my ssh port busy. On searching the google, I found
Code:
iptables -A INPUT -s ip_address -j DROP
I will add this rule in iptables. My questions are:
1) do I have to do
Code:
chkconfig iptables on
so that it load the iptables at boot. I am wondering why do I need this because iptables is already modified and it loads the iptables at boot time if firewall is enabled.
2) When we add the above rule, which file is modified? Another way, where are this rules stored? It is not in /etc/sysconfig/iptables and /etc/sysconfig/iptables_config.
View 1 Replies
View Related
Feb 23, 2009
I am currently trying to get a B.A.T.M.A.N mesh network up and running. the thing uses UDP port 4305 for broadcasting to nearby nodes and it seems this port is closed or used by something else.
now i have tried to open this port with commands like
Code:
iptables -A INPUT -p udp --dport 4305 -j ACCEPT
iptables -A OUTPUT -p udp --dport 4305 -j ACCEPT
it still gives me the same error saying the socket cannot connect.any way for me to scan that udp port, see what is blocking it and open the thing up ?
View 4 Replies
View Related
Sep 26, 2010
I want to send Received UDP Packets to neighbor MAC Address. Anyone can guide me to how to do it?
I can received UDP packets and then forward to unicast address as follow: How can i modify this codes (Maybe Last Line) to send the received packets to destination MAC Address instead of destination IPv6 Address?
Code:
int main(int argc, char ** argv)
{
int s,s1;
struct sockaddr_in6 a,a1;
[Code]....
View 8 Replies
View Related
May 5, 2010
I've come across a strange issue where any email address that I email with mail returns an error "Bad Address"
Fairly new Centos 5.4 Install, sendmail is the MTA.
Linux 2.6.18-164.el5 #1 SMP Thu Sep 3 03:28:30 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
DNS is working fine so there isn't a problem.
[root@hn1 /]# host -t mx iol.co.za
iol.co.za mail is handled by 10 mg1.iol.co.za.
iol.co.za mail is handled by 10 mg2.iol.co.za.
iol.co.za mail is handled by 30 vulpix.iol.co.za.
Yet when I try to use mail it fails:
[root@hn1 /]# which mail
/bin/mail
[root@hn1 /]# ls -lrth /bin/mail
-rwxr-xr-x 1 root mail 83K Jan 7 2007 /bin/mail
[root@hn1 /]# mail -s "test" bob@mydomain.co.za
Bad address
Nothing in the maillog.
View 1 Replies
View Related
Feb 28, 2011
When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies
View Related
Aug 2, 2011
I need to know how to send message (or execute script ) when the linux machine shutdown or reboot stage.
Actually I want to start a backup linux machine when main server shutdown or Reboot.
simply, how we can run script while init 0 OR init 6 command
View 3 Replies
View Related
Apr 30, 2009
Hi I am running a fedora 10 desktop. when i send an email using evolution the message was not sent but returns a error message:"Error while performing operation.DATA command failedError: 550 Viagra SPAM - Hi in Subject" and the message did not have an attachment just plain words. what might have gone wrong for i have been using this for sometime without a problem. or what security measures should be in place to remove this viagra spamAm I infected by virus on this fedora, all my updates are up to date.
View 1 Replies
View Related
Apr 15, 2011
I am running Debian Squeeze with the following basic services running:DNS
DHCP
Samba
Squid
The server is setup with three NICs: eth0 (WAN1), eth1 (WAN2), and eth2 (LAN).The server addresses clients with an IP range of 10.0.30.1 - 10.0.30.254. Some clients will be set with reservations so they fall into the 10.0.40.1 - 254 range.
What I want to do is have any outgoing external traffic coming from the first range (10.0.30.0) to use WAN link 1, and any outgoing external traffic coming from the second range (10.0.40.0) to use WAN link 2.
I have sort of got something working. I have created a bare minimum transparent squid3 setup on port 3128, and set the iptables as follows:
Code:
iptables -t nat -A PREROUTING -i eth2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.0.0.1:3128
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
iptables -t nat -A PREROUTING -i eth1 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 3128
I can get internet access, however obviously it only goes through one WAN link. It also seems slower than it should be. I experimented with tcp_outgoing_address, but seemed to not be my friend.
View 4 Replies
View Related
Mar 4, 2010
i have a small issue, to make our network more secure, i now require outgoing email to require authentication. Now the problem..i have a automated mailer that does not have the option to authenticate. is there a way to allow a certain email address or the local network to send out without authentication? If i cannot do this for a single email user to allow them through with authentication, how would i remove the authentication paramaters in the postfix smtp..
View 2 Replies
View Related
Aug 17, 2011
I'm writing a script that will send an alert email given certain conditions. I have the impression that sendmail is what I need to do that. I just don't know how to use sendmail at all. I assume I have to set it up like a typical mail client so that it has a mail server to log into to send from.
I've looked through the man pages, but I can't find anything in plain English there on how to set it up, or how to use it once it is set up.
View 14 Replies
View Related
May 19, 2009
I'm looking for a solution for sendmail to limit the number of emails send per miniute per IP. For example all my local computer user with ip 192.x.x.x need to able to send 10 emails/minite (emails, not connections!. The rest of the world can send for example 200 emails/minute to the mailserver. If the amount of emails per minute is exceeded, sendmail needs to block receiving emails from the spesific IP. I want to do this to stop spaming from my local network. Is it possible?
View 1 Replies
View Related
Aug 3, 2010
Is there a way to send syslog messages through SNMP? I'm not finding much info online around this. A co-worker said it was easy to do. RHEL5.5
View 1 Replies
View Related
May 6, 2010
I have a sendmail server in my compani and I have a aliase that send one email for every employee but there are people that is not employee sending mail for this aliase and I need to avoid it some one have to do that.
View 10 Replies
View Related
Jul 1, 2010
is there a way to allow unsubscribed email address to send emails to mailman list without having to manually set a filter for that email address?
View 1 Replies
View Related
Jan 1, 2010
I want to send a PGP encrypted file to a friend who (unfortunately) probably doesn't even have any idea what PGP is. He runs Windows XP. I know I can encrypt and decrypt PGP files easily and freely on Ubuntu, but I have no idea about how to handle PGP in XP... I tried downloading a PGP file in an XP virtual machine to find out, and Windows was pretty much unable to identify the file type. What kind of software on Windows (that is completely free and trustworthy) would be able to decrypt my PGP files?
View 9 Replies
View Related
May 18, 2011
As I'm interested in user-behaviour-information-security I would like to know what Iïż½ll have to turn off or to uninstall to make the ubuntu-pc-usage as anonymous as possible (no musicbrainz, cddb, or alike).I want ubuntu not to send any data to third-party-users.
View 6 Replies
View Related
Feb 18, 2010
I have been tasked with sending a kill -s SIGHUP (a reload) to a Daemon process owned by root running on a centOS 5.4 machine.
Obviously, Apache cannot normally do this, so I'm going to have to use the sudoers file.
My problem is, how do I allow the Apache user to only run the kill command? nothing else.
in testing, I've gotten Apache to basically run every command prefixed with sudo and no password prompting. But I want the added security to only run the kill command without the password being prompted everything else should prompt for a password.
I'm trying to understand the sudoers file, and i must say, its non-trivial.
is there a simple 1 line I can put in the sudoers file like
PHP Code:
apache ALL=(ALL) NOPASSWD: /bin/kill
View 6 Replies
View Related
Jul 20, 2010
Can I allow SFTP for ANY , but SSH for some IP address
View 6 Replies
View Related
Mar 11, 2011
how do you configure proftp to log MAC address on LAN, not just IP?
View 4 Replies
View Related
Jan 31, 2010
I know that there is little need for me to install an anti-virus etc - but - I was thinking, it is a good idea to scan folders and files that I send to colleagues that run windows.Whats the best way and programme to do this? I guess I simply install an AV programme and thats it!
View 5 Replies
View Related
Oct 7, 2010
I have a server with a couple of sites on it. Some of them have a webform where people can send them emails that they are interested in their work etc. though the "To:" and "From:" adress can't be change by the enduser, you can only enter text and press send. However it seems that someone (not on the server) has found a hole/exploit to use those webforms to send mails to who ever he wants.. I have the webserver setup with ssmtp (simple smtp) and it just forwards the mail sent from the server to my mail-server and there on it sends it out on the internet. If I check my log on the mail-server I can see the whole smtp session, where it's comming from and where it's going etc. I see that it comes from my webserver and over there I only have these log entries:
Oct 6 22:04:47 ettan2 sSMTP[1771]: Sent mail for itaumail@itau.com.br (221 2.0.0 Bye) uid=204 username=torget outbytes=3290
There are loads of those log entries, mostly at after office-hours between 17:00 and 7:00 I have scanned through all the Apache logs and can't find Anything that point to the e-mail addresses used or something like that. The reason I found this out was because he tries to send to a host that doesn't allow connection on port 25 so all the mails got stuck in the queue, over 1000 atm.. I'm using Apache 2.2 and Postfix 2.6 on a Debian Lenny install. What can I do to find out how he's doing this and close the "exploit"? Who would you recommend to setup the mail() thing in PHP for most security?
View 6 Replies
View Related
