When I get on the internet with Mozilla I am getting advertising that mentions the city I live in. How is that information being sent from my computer and how can I stop it? Is this in a file I can edit or delete?
View 14 RepliesWe have a situation where we have to set up a server to send traps with information regarding CPU, memory usage, etc. I know snmpd can be set up to allow another process to request snmp information about the server, but can it be done the other way around (have a host send information about itself to another server through snmp)?
View 4 Replies View RelatedI have an sshd server up and running (F13 64bit) I'd like to connect to a pc that's behind a firewall using ssh tunnelling, so I have something like
ssh -R 1234:127.0.0.1:22 myuser@mypc
then from mypc I can succesfully login to the remote pc. I have just une question. How can I list the ssh active connections and the forwarded ports ?
I've only got to
netstat -tunva
but this returns only (filtered)
tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:172.16.0.XXX:22 ::ffff:172.16.1.XXX:60744 ESTABLISHED
Now I know that the first is the tunnel end but how can I connect the two lines if I don't know the port number (ie: someone else estabilieshes another tunnel)
I just discovered that my server is sending huge amount of data out at about 1Mbps. My immediate thought was the deluge bittorrent client, however it is supposedly not running (and a check confirmed its total active torrents was set to 0). I turned off the network and went in to Firestarter to set the outbound traffic to restrictive, turned on network again and no more data was sent. A look in Firestarter / Events showed a long list of random ports being used (see further down). How can I identify what program is sending all the data?
In Firestarter it doesn't really say much more than the port. Not sure if it is some misconfigured program or a malware/virus. I just got my ADSL connected a few days ago, and before that I used a mobile broadband (3G) as I just relocated. During the period I used the 3G the server might have been without firewall for a few days and it was also at this time I discovered an increase in network traffic (but I didn't really pay much attention at that time). I am running Fedora 10.
List of events from firestarter, my server is 192.168.1.100:
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:39435 Source:192.168.1.100 Destination:58.208.xxx.56 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:6990 Source:192.168.1.100 Destination:112.94.xxx.212 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:2973 Source:192.168.1.100 Destination:118.93.42.xxx Length:129 TOS:0x00 Protocol:UDP Service:Svnetworks .....
am using openSUSE 11.2 KDE. All of the three providers in the Weather applet can't find my city Ä°stanbul. I remember them finding it in some previous versions of KDE... They can't even find other major cities in Europe like Paris etc.
View 5 Replies View RelatedCurrently I'm having a problem with a box which keep sending spams all over the world. yesterday we upgraded some drupal modules (which can send email), and the spam quantity reduced. But still some spams keep on going out from our server. Some of them even have attachment.
Some of them sent using accounts that never exist at our server (e.g. strager@mydomain.com), and some of them are from 'nobody'. what to check, or where to look. I've check the MX-Records and there was no strange forwarders. Really stuck here...
We have a spam in our network and we installed antivirus in all our systems and cleaned the virus from all pc's after that i had removed my ip from the database of blocked ip's but still my ip is blocked for sending spam i don't know from which pc the spam is going on the internet.
so i have a question that my proxy server is redhat linux and as a newbie i don't know the command's to find out which pc is creating large bandwidth to the internet. If you tell the command how to see which pc is sending spam then i will discard that pc. Also i want a strong firewall to stop spam activities.
Each computer has certain hardware that has its own ID...My understanding is that this info can be used to identify you.
Is there a way to either permanently change the ID values of that hardware in the bios or hardware, or at least a way to alter what you transmit to websites when that info is recorded?
What information is being transmitted as I post right now?
Lately I have become very concerned about data mining. I do not want corporations to be saving my web browsing behavior so they can market me products, and I do not want that same info being given to the government either. I have an expectation of privacy on the internet.
I've got a strange problem. I have a number of linux boxes - main running Gentoo, a couple of others running Mint and a new one running Kubuntu 9.10.All, except the new one, connect to my hosted remote server through FTP, FISH or SSH without any problem.However the new machine will connect to my remote server, via fish, but then gets immediately disconnected. I have discovered, via my hosting company, that it is flooding the connection and looking in my Router log I can see:Quote:1. 2010.04.13 03:24:42 **SYN Flood to Host** 10.10.xxx.xxx, 38299->> 209.85.xxx.xxx, 80 (from ATM Outbound)If I connect first through SSH on this machine it is fine and I can navigate through the remote filesystem. If I connect through FISH using either Konqueror or Dolphin, I get an initial file listing and then the remote firewall kicks in and blacklists my IP address for half an hour.Does anyone have any ideas why this may be happening? Once I'm blacklisted I cannot make any connection, from any machine on my external IP address - whether it is HTTP, FTP, SSH
View 2 Replies View Relatedi m using centos 5.4 for Data Server, there i hv shared a directory to store data. i want, when ever owner of that data does delete any thing from directory, system should send me a mail with logs of that deletion action with the detail some thing like bellow
1- IP of system, from where owner did access the server and delete the data.
2- Date, Time and Name of File with Path.
These logs should be sent me by email automatically.
I have been setting up multiple security system in the area and was wondering what was the easiest way is to get the camera information that one would need in setting up survellance systems like zoneminder. I use xawtv for testing and
PHP Code:
zmu -d <device_path> -q -v
But how can I get specific information about NTSC/PAL cameras or IP cameras. In other words is there a specific tool for that purpose? I can see my video cameras fine using xawtv -c /dev/video but can I look at those log files to see what setting it used for the cameras
In my network I have 25 workstations and some serves. Everything working in local LAN with firewall. The problem is that on one machine (I dont know which one) is installed software which sending data to the internet. Actually I dont know what it is. Last time as I remember was trojan which can create new network interfaces in windows and send some data to the internet. The half speed of my network connection is used by this infected machine. How can I detect which machine it is? How can I listen/capture some traffic and analyze from which machine I have more connections.
Please take a look on this time. Instead of 141-150ms should be 4-5ms.
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=1 ttl=249 time=141 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=2 ttl=249 time=135 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=3 ttl=249 time=147 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=4 ttl=249 time=127 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=5 ttl=249 time=156 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=6 ttl=249 time=129 ms
64 bytes from web30.ispnetz.de (62.xx.191.74): icmp_seq=7 ttl=249 time=188 ms
How can I detect which machine is infected using only linux and keyboard ?
i configured sendmail with squirrelmail in RHEL5.3
it is working fine. i can send the mail and receive the mail .
but when i try to send the mail a selinux error is coming[but mail is sending successfully ]. i don't under stand this message.
Quote:
Summary:
SELinux is preventing sendmail (system_mail_t) "read" to eventpoll (httpd_t).
Detailed Description:
SELinux denied access requested by sendmail. It is not expected that this access is required by sendmail and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for eventpoll,
restorecon -v 'eventpoll'
If this does not work, there is currently no automatic way to allow this access.Instead, you can generate a local policy module to allow this access - see FAQ(url) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended.Please file a bug report (url) against this package.
Additional Information:
Source Context system_u:system_r:system_mail_t
Target Context system_u:system_r:httpd_t
Target Objects eventpoll [ file ]
Source sendmail
Source Path /usr/sbin/sendmail.sendmail
Port <Unknown>
code....
I do a lot of work on the Seattle bus system on my Jolicloud netbook (I'm a hardcore Kubuntu user, and Jolicloud is based on Ubuntu Netbook). All Seattle buses have free wifi. They have a name scheme like "ST_9545" for the 545 from Redmond to Seattle, or "ST_7483" for whatever. You get the idea...all the free wifi on the buses are "ST_****".
Here's what I want. I want to autoconnect to whatever my current bus's wifi network is based on a name scheme. "ST_****" will be the name of the open wifi network on the bus. How do I set it up so my netbook automatically finds and connects to an open wifi network with that specified naming schema?
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
View 2 Replies View RelatedI am using centos 5.3 , and also using webserver in local network
Here is all configuration
1, server
eth0 , 222.80.1.90 this is live ip
eth1 10.0.0.1
2, webserver
eth0 10.0.0.2
I want set iptables on server 1 , to acces webserver from other city ,
How to configure iptables
I have set up SSH and redirected the ssh server to listen on another port other than 22 for a bit of added security.
Now in hosts.deny I have:
ALL : ALL
In hosts.allow I have:
SSH : ip_address_of_client
I can no longer connect. I get the message: ssh_exchange_identification: Connection closed by remote host.
When I change hosts.allow to read:
ALL : ip_address_of_client
I can successfully connect the server.
However, I only want to allow SSH access in hosts.allow. What is the correct syntax?
I have tried and failed with each one of these:
SSH : ip_address:port_number
SSH2 : ipaddress
sshfwd-portnumber : ip_address_of_client
so i cannot install anything because update-info-dir file is missing from /var/lib/dpkg/info/ .. I've searched for the last day and a half for a way to fix this, but nothing. can't even update dpkg because of this. so how do I bypass or fix this so I can install stuff (this is a fresh install of ubuntu 10.04 lts Lucid Lynx).
View 9 Replies View RelatedDoes a firewall exist, that shows "whois" info for ALL new connections that are attempted? Or even better, "smartwhois" info?New connections meaning, connections to IP blocks never connected to before. So you go to a site that belongs to owner A, and if an attempt is covertly made to connect to another site that belongs to owner B, an alert is shown and you choose if you trust this owner.
View 14 Replies View RelatedI have prob with running Metaspolit tool in BackTrack When i used expolit aurora (windows/shell/bind_tcp) it started a server for me running in my ip addrerss on port 8080
when the target pc trying to access that web an error appear saying : "Sending internet explorer "Aurora" Memory Corruption to client 10.64.35.52" you can check out the attached file hint to solve this prob so the session can start?
i had just install apache , mysql and php 5...apache is starting from localhost but how to test php ?
i created a file named as " info.php " which contain the foll code <? php phpinfo(); ?> but i m confuse how to save it in " var/www/html/ " which is a root directory of apache and from where we can acess the info.php files by http://localhost/info.php
how to run the file info.php ?
I was using Opensuse on Virtualbox earlier today. I issued the tail -f /var/log/messages command on Opensuse 11.3 to see the messages. Then I logged in from my Mac into Opensuse 11.3. I noticed that Opensuse was displaying realtime messages of the things happening. For eg, I entered a wrong su password and it displayed that too. But no such things were happening on my Fedora 13 installation. So is there any way if I could get some realtime messages on Fedora 13 too like the one on Opensuse..?
View 4 Replies View RelatedTry to understand a Makefile. It has (all: $(VAR1) $(VAR20) Makefile). What does this "Makefile" mean?
View 2 Replies View RelatedMemory of my Linux database servce is all used up. I first noted that this morning and rebooted the box. 5 hours later, it saw used up again. I want to find out which process is responsible for using most of the memories. What Redhat Linux utility can list processes sorting by their memory usage, like the Windows task manager?free and vmstat - summary but not for each processtop appears to be infomative, but sum of non-zero %MEM never add upp to 100
View 3 Replies View RelatedI am trying to install libnet on fedora but I cannot find any information on installation in the package. I would be happy to receive any information or instructions for installing libnet on fedora.
View 2 Replies View RelatedI'm currently running a server at home with F13. Now I've set up my sendmail config to relay through another server because my ISP blocks outgoing email. Now recently I've noticed that they have stopped this server from relaying emails so i need to sort out another way to send out.My current sendmail config has this added which was the relay server i was using.
# "Smart" relay host (may be null)DSrelay.02broadband.co.uk
Now i either want to set up the server to email through my main ISP using a username / password or go through my main email provider Gmail.Any ideas on how to set up either on Fedora? I've seen guides for setting up gmail but never anything related to Fedora and I'm a bit stuck
I have set up a Sympa list serv server and everything is working fine for the most part. One issue that I am running into is sending files over ~580 KB in size (just a normal .txt file) are not going through. I am getting the following error. Impossible to distribute your message for list 'list-name' because of an internal server error.I have verified that my "Maximum message size (max_size)" setting in Sympa is get to 5 MB so that shouldn't be the problem. If I try sending the same .txt file after taking out a few lines, and the file size is ~530 KB, then it works just fine. Nothing is really jumping out at me in the logs either.
View 1 Replies View Relatedl to a group in Linux? for example, I want to send a notification mail to 20 people and I want to create a group of these 20 people and want to send them the notification
View 5 Replies View RelatedI'm using ubuntu 10.04 beta 1. when I try to update & upgrade I get the following error:
Code:
Setting up install-info (4.13a.dfsg.1-5ubuntu1) .../etc/environment: line 4: LC-ALL=en_US.UTF-8: command not found dpkg: error processing install-info (--configure): subprocess installed post-installation script returned error exit status 127 Errors were encountered while processing: install-info
After the latest yum updating, yum hides detailed info about what it will do when it work. Previous version of yum will list the packages to be updated, installed, or deleted, and then ask you if it is what you want; this updated yum show nothing but "Are you sure?"( or something equivalent ): you don't know what it will do at all! Seems you have type "y" and see what it will download and install or uninstall. I don't know if new yum has changed its notice method or if I need add some plug-ins for it to show me those info as it did.
View 5 Replies View Related