Fedora Security :: How To Tell If Computer Is Being Attacked
May 16, 2010
[URL] This web page says: "The team set up weak security on four Linux computers with Internet access, then recorded what happened as the individual machines were attacked. They discovered the vast majority of attacks came from relatively unsophisticated hackers using "dictionary scripts," a type of software that runs through lists of common usernames and passwords attempting to break into a computer."
How did they "record what happened as the individual machines were attacked"? How did they figure out that "the vast majority of attacks came from relatively unsophisticated hackers using 'dictionary scripts'"? What I am really getting at is that I've searched the net and found lots of advice on how to detect if your computer has been hacked but I haven't found ways to know if your computer is being attacked. Obviously, this group did that.
View 6 Replies
ADVERTISEMENT
Aug 2, 2011
How does one know if an intruder had secretly accessed one's system? Does system log help? It seems it does but I am yet to figure out how to understand those files. Can anybody please help? Or are there other ways to confirm that. It may happen that the intruder had accessed some vital information but so far had not done anything malicious.
View 2 Replies
View Related
May 28, 2010
Had a couple of problems with one of my leased web/mail servers, including mail was having trouble and it was reporting disk full (when a df showed it wasn't). I did a chkrootkit and got this:
Checking `ifconfig'... INFECTED
Checking `netstat'... INFECTED
Checking `pstree'... INFECTED
Checking `top'... INFECTED
[code]....
View 3 Replies
View Related
Apr 29, 2009
are there any programs that will protect my computer on the Internet. Just started using fed 10 from windows so i am not sure what i need to do. I am using an acer aspire 5630 laptop.
View 1 Replies
View Related
Jul 21, 2010
Just finished a security update, (Fedora 12) and it said I had to restart the computer to have it take effect. When I restarted, all I got was the "Compaq" logo....forever. No Grub2 (it's a three system set up), no bios, just the brand name of the box. Even worse, when I tried going at it with a live cd, the same thing; the bios never loads, so no live cd fix.
View 6 Replies
View Related
Aug 9, 2009
Today I noticed my sdl modem flashing away when I had no internet access programs active as far as I was aware. I did a 'ps ax' to see what was running. I saw nothing that warranted internet access. I didn't recognize the gvfsd-computer process and tried finding documentation about it on my system. I began to feel uncomfortable when I couldn't find anything showing what it was. Finally, I killed the process and the internet access immediately stopped. Research on the net showed that gvfsd-computer is a file browser. I find this very disturbing. Why was a file browser accessing my disk drive (the light was flashing) and why was it accessing the internet without my requesting such an action?
View 5 Replies
View Related
Oct 5, 2010
Advised on another forum to install XP pro then Linux on HD. Decided to try it. Not that savy with computers and have a mini-laptop in addition to desktop that was attacked. Virus
cause most programs to fail. Disc was nearly full (250GB) so I'm buying a refurbed Seagate (500GB) and need to learn to back up files onto flash drive or something. Lost a lot of photos and emails that were good reference material. Heard a lot about Linux so I'm going to give it a try.
View 13 Replies
View Related
Apr 13, 2010
I was looking at my firewall(firestarter) logs. It shows that a program named Master's Paradise has been trying to make connections to outside from my computer on port 3129. Why would I have something like this on my machine? Is this something I need to be worried about?? Or is some legitimate program using port 3129 and the firewall log is still showing it as Master's Paradise?
View 9 Replies
View Related
Feb 27, 2011
I have windows computer and it is being hacked.About month ago or more some one hacked my router and install new firmware from Firmware Version: Talisman/Basic V1.2.9a
My router is linksys and SSID got changed to sveasoft.I had WPA set up and MAC filtering .
Some one hacked my router and change Firmware Version.And user name and password also got change to just admin.
Well now I got a pop up from my Kaspersky saying network attack scan.generic.TCP 74.63.245.168
only thing I can find on it http://whatismyipaddress.com/ip/74.63.245.168
It is Limestone Networks in Dallas.
Some strang things have been happing to my computer in past 4 months and is getting worse.
I have no firewall or router now.And have not gone to the store and get new router yet and I'm thinking of formatting my computer and putting linux and get good firewall like zone-alarm.
View 9 Replies
View Related
Apr 11, 2010
I recently ran a virus scan on my CentOS server using ClamAV's "clamscan" command to scan my entire system for virus. After the scan was complete it says that I have 1 infected file on my computer. I COMPLETELY FREAKED OUT! Is there some kind of log that I should read to see where the infected files are? Also does ClamAV just scan your system for virus or does it scan and remove the virus on the computer.If you know of an alternative open source security software,
View 3 Replies
View Related
Jan 7, 2010
I'm now running Ubuntu 9.04. There are 2 accounts on this computer, one is linux, the other is ubuntu. Before New year, everything had been fine. But after new year, I came back and found that the password of this account linux has been changed. So I fixed using my rescue disk. But since that day on, it seems that this password changes everyday somehow. Everyday when I'm trying to log into my Ubuntu System using the account linux, it says login failed. However, i can still login using the account ubuntu. I'm really confused. Why is this? I checked the date of expiry. Everything seems to be fine.
View 14 Replies
View Related
Jun 20, 2011
I have two computers in my home running ferora . I want to copy a file from my 2nd computer to my local computer. Local PC:- 192.168.1.10
Remote PC:- 192.168.1.20
[root@localhost root]#scp 192.168.1.20:/home file1.txt
root@192.168.1.20s password:
scp: /home not a regular file
[root@localhost root]
View 3 Replies
View Related
Jan 1, 2010
VERY GREEN to Ubuntu. My setup:
1. computer A connects to the internet through usb dial up modem
2. computer A & B are wirelessly networked through an ADHOC network.
3. computer B doesnot need to connect to the internet.
I've installed the GUFW. If I enable it I can not see the other computer files. I use static IPs for both. I tried setting a rule but I get stumped were it asks for the port. I'm not all that familiar with ports.
View 9 Replies
View Related
Jan 8, 2010
I have a creative pc cam 300 that i have been trying to set up as a security camera, on a computer running ubuntu 9.10. I tried installing the spca5xx driver, but i can only find it for old versions of ubuntu and it doesnt work. Does anyone know how to get the driver working?
View 3 Replies
View Related
Feb 11, 2010
I work in a retail store at which there is a computer set up in the corner for customers to browse the stores website on. The problem is that that is all it will let me do. I get board, and want to do other stuff. Once windows starts, it skips the logon on screen and once loaded the only thing that can be done on the computer is browse the stores website.
However, if I unplug the computer I can while its starting up get into BIOS. So here im wondering two things. 1) If I put in the USB, boot from it, and load ubuntu (even though I will only be able to use the default programs as theres no way I would want to install it on the work computer), will I get fired? In other words, is there a way if there monitoring the computers to know what im doing or because its a different OS will I be fine. 2) Alternatively, in BIOS there is an option to disable network administration.
For this my question is the same, if I disable it, do fun stuff on the computer all day, the re-enable it before I leave is there a high change of the network administration catching on to this or no.
View 2 Replies
View Related
Dec 9, 2010
I have very little security and networking experience. What can I do to make my computer more secure?
View 5 Replies
View Related
Feb 27, 2011
For a while my ISP has been sending me emails regarding an infected computer or computers on my local network. There are 4 computers running linux and 3 running windows on said network (3x ubuntu, gentoo, 2x windows server 2003 and windows 7).Now, I haven't used Windows in oh so many years and am not responsible for those computers on this network. Does it seem like this is a virus on a Windows host or should I research and adjust my iptables settings on the router? The applied anti-virus software (I don't know which one) apparently does not find any infections. On my workstation I'm using spotify and win32 office through wine, both obtained from legal and trusted sources, and would thus not consider my wine environment a threat.
View 4 Replies
View Related
Mar 22, 2011
my computer has been surely hacked for at least more than two months; my private information are being hacked and spread around! I initally used Windows Vista and I had the firewall off and no antivirus software. When I realized that my OS had been hacked, I began turning my firewall on and installing security softwares, but nothing stopped the hack.
Yesterday, I erased all my partitions and installed Ubuntu 10.10. I installed rkhunter and a firewall. I changed my static IP adress, at least for the sake of knowledge, to another one, then I got disconnected since my router only allows my old IP.
When I'm about to write my admin password, I disconnect from the network. I've scanned my system using rkhunter, and the result is a list of 30 suspicious files!
Can I adjust my router in a way that it can allow any IP adress? If yes, can I have a non-static IP adress? How to prevent the hacking in the first place? However, I believe, I don't know yet, that my Ubuntu has also been hacked...
If I can't get rid of the hacker(s), then I should permanently disconnect from internet and find another way to receive information anonymously through the internet.
View 9 Replies
View Related
Apr 29, 2011
My laptop randomly shuts off, at first I thought it was an issue with the laptop overheating but during the install of 11.04 I made sure the laptop had a fan blowing on it constantly and checked it and determined it couldn't have overheated. My problem now is that I was able to use a live cd to access my old files but was presented with only two files stating that my files were encrypted, I'm don't ever recall encrypting my files and so I'm without a passphrase.
What I'm wondering, is there a way to gain access without the passphrase? Or is there a way to fix the corrupt install?
View 4 Replies
View Related
May 1, 2011
I am going to try to install Tripwire on my computer. I do not know why or how to configure Tripwire policy and configuration files.
View 1 Replies
View Related
Nov 10, 2010
my computer froze solid, and it would not react to anything. X didn't react to Ctrl+Alt+Backspace, not Ctrl+Alt+Del, so I had to turn it off using the power button.
This is the first time my computer freezes like this, the log files did not reveal any HW errors. Is it possible that someone in the channel did not like my level of Java skill, and flooded me to disconnect?
By the way; Im using slackware 13.1 with the default kernel (2.6.33.4) and irssi as IRC client.
I know that if you eg. ICMP-flood someone, the traffic will be denied and, but can it provoke other behavior from the computer?
So my question is; can a IRC flood/DDoS attack cause a computer to freeze sub zero?
View 4 Replies
View Related
May 3, 2010
Quote:
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers� methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.
View 1 Replies
View Related
Jun 6, 2010
Reading from this article New Flash Bug Exploited By Hackers : How to avoid it? In particular the article said
Quote:
A new attack on a Flash bug has surfaced that would give attackers control of a victim�s computer after crashing it, reports PC World. Adobe put out a Security Advisory about this on June 4. It is categorized as a critical issue and all operating systems with Flash are vulnerable including Windows, Linux, and Apple and it is also found in the recent versions of Reader and Acrobat.
View 4 Replies
View Related
Dec 28, 2010
mpg123 suddenly started playing a police siren occationly. I checked the process once I heard it, and root was the process owner. How could this happen? Have someone broke into my computer? If so - how could I verify an attack? I run Ubuntu 9.10.
View 2 Replies
View Related
Feb 13, 2010
I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):
SourceDestinationPortServiceProgram
192.168.0.11266.235.133.4280HTTP
I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).The IP address appears to belong to esomniture.com - some sort of web analytics company. How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.
View 8 Replies
View Related
Jan 26, 2011
I spill my soda on my keyboard and ended up in a 4 day war with my pc.Now my tab, capslock, left shift, and down vol no longer works. I'm going to take it into the shop in the next couple of days to probably replace the keyboard. (If only lenovo kept the easy access keyboards like ibm had on the thinkpads). Something tells me that they will want to log in and test out the keyboard. So I created a guest account with a simple password. I changed my normal user home dir to 770 permissions and changed guest's shell to /bin/rbash. (both found in other posts.) Is there anything else I should do to secure the computer while it is in the shop?[I use su, sudo isn't configured to work (its a dependency so I can't uninstall)]. I have a pretty decent root password.
View 10 Replies
View Related
Jan 12, 2010
What I want to do is pull data from any of the hard drives attached to my Linux box from my Windows machine. I have been moving small amounts of data from the drives to my OS drive and those parts share easily, but I want to move away from that method to move large amounts of data at the same time.I have tried using Samba as it is used for file sharing between systems and that I have to give my Windows box permission through Samba.
Trick is, I'm not sure where to start, though I have an idea and wanted to know if this is the right track before I start editing my file system.
View 3 Replies
View Related
Jan 29, 2010
On my HTPC/Server unbuntu box I have installed logwatch in order to get a daily look on my computer activity.
And I often have this line in the report :
Quote:
root => my_user
-------------
/usr/bin/gconftool - 3 Times.
The corresponding line in auth.log are :
Quote:
./auth.log:Jan 28 07:59:31 sweetBox sudo: root : TTY=unknown ; PWD=/ ; USER=my_user ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/use_http_proxy
./auth.log:Jan 28 07:59:32 sweetBox sudo: root : TTY=unknown ; PWD=/ ;
[Code].....
View 6 Replies
View Related
May 6, 2010
So I forgot how to do something in Compiz and I quickly Googled it to find the answer. On the first or second link I clicked, a pop-up box opened from Firefox saying that I should scan my computer. Immediately, I pressed the X button, but a page started to load that tried to "scan" my computer. I closed out Firefox and re-opened it. I did the exact same search again on Google, but I clicked on the cached view of the site. It was harmless enough--a blog with some ads on the side of the page. I'm assuming that it was one of the ads that somehow must have taken over the page.
Anyway, I know that the discussion of anti-virus programs is not anything new, but I would like to know if this virus may have affected Ubuntu. What would you guys recommend in this case?Also, after running the update manager, I received a pop-up box asking if I would like to update Grub. Is this a normal part of the update, or could it be a virus? I'm a bit paranoid, being from the land of Windows.
View 6 Replies
View Related
Aug 30, 2010
How do I scan a windows computer from my Ubuntu laptop via the network? I have Ubuntu 10.04 on my laptop. First Windows computer to scan has Windows XP Home Edition Second Windows computer to scan has Windows Vista Home Basic I have Avast 4 workstation and KlamAV insalled on it. What is the steps to make my computer scan those windows computers. And how do I set up my firewall to work with firefox and empathy?
View 5 Replies
View Related
