Fedora Security :: Unknown Software Sending Data On Random Ports
Jun 1, 2009
I just discovered that my server is sending huge amount of data out at about 1Mbps. My immediate thought was the deluge bittorrent client, however it is supposedly not running (and a check confirmed its total active torrents was set to 0). I turned off the network and went in to Firestarter to set the outbound traffic to restrictive, turned on network again and no more data was sent. A look in Firestarter / Events showed a long list of random ports being used (see further down). How can I identify what program is sending all the data?
In Firestarter it doesn't really say much more than the port. Not sure if it is some misconfigured program or a malware/virus. I just got my ADSL connected a few days ago, and before that I used a mobile broadband (3G) as I just relocated. During the period I used the 3G the server might have been without firewall for a few days and it was also at this time I discovered an increase in network traffic (but I didn't really pay much attention at that time). I am running Fedora 10.
List of events from firestarter, my server is 192.168.1.100:
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:39435 Source:192.168.1.100 Destination:58.208.xxx.56 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:6990 Source:192.168.1.100 Destination:112.94.xxx.212 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jun 1 16:48:12 Direction: Outbound In: Out:eth1 Port:2973 Source:192.168.1.100 Destination:118.93.42.xxx Length:129 TOS:0x00 Protocol:UDP Service:Svnetworks .....
Once random data is obtained by means other than a pseudo-random number generator, what software is available to measure the entropy or quality/randomness of the data?
I want to view a hard drive and see if it has all zeroes, how would I do this? I want to view a hard drive and see if it has all random data, or random data mixed with zeroes. How can I do this? I prefer to do all this in linux if possible without a gui...so looking for any cli tools to view with.
If this post is correct [URL] I can expect that it will take more then 16 days to fill my 2TB partition from /dev/urandom. That's not workable for me. dd if=/dev/urandom of=/dev/sdxx has been running for 36 hours, and I need to finish setting up the filesystem. But I also need to make a "professional effort" at encrypting the partition. I am supposed to fill the partition with random data, to strengthen the encryption for a LUKS partition. It seems that if the bad guys get the drive, they have much more time to try and crack it, then I have to encrypt it. Ok, so I can try Code: sudo /sbin/badblocks -c 10240 -s -w -t random -v /dev/sdxx How long can I expect badblocks to run on a 2TB partition?.
I have a desklet that, occasionally after toying with network stuff, will tell me that large amounts of data are being sent/received. What's a good way to determine what processes are occupying these resources?!
When I send mail via Evoultion it does seem to send ok but still the following error message comes up: Error while sending message. Failed to append to : Unknown error Appending to local 'Sent' folder instead. Not sure what's up with that but thought I would mention it.
We have two Sangoma U100 products connected to our Acer Aspire Revo 360 (runs on Atom board). The Sangoma USB units provide connectivity to PSTN. Occassionaly and probably in a pattern they have failed every monday for the past month or so.
This is the OS version of CentOS I am running: Linux pbx.local 2.6.18-194.8.1.el5 #1 SMP Thu Jul 1 19:07:06 EDT 2010 i686 i686 i386 GNU/Linux I am wondering if this is a driver issue, ACPI sending computer or ports to sleep, or if it's something else? Any pointers would be appreciated. Following is some portions of dmesg output:
sdlausb: Attaching sdlausb on 2 (BusId 2-1) sdla-2-1: USB device is connected! sdla-2-1: USB device is disconnected! sdla-2-1: USB device is connected!
I have open ports on my computer for vsftpd, pptpd, and I need help to filter this ports because they aper as open ports on internet, and this is pretty risky
When I get on the internet with Mozilla I am getting advertising that mentions the city I live in. How is that information being sent from my computer and how can I stop it? Is this in a file I can edit or delete?
have tried to close ports 443,80,22 & 23 without success.Does anybody have any idea how to do this. I close them in a terminal and their still opened. I closed them in services and their still open what am I not doing right?
I want to ask about Kmail. I have Kmail from Mandriva. I use Kmail for My Email. And When I reply Message, I found some trouble.
Sending failed: Unknown error code 50. The message content was not accepted. The server responded: "5.7.1 Message refused by BannedWord check. This email has been rejected. The email message was detected as spam." Please send a full bug report at [URL]. The message will stay in the 'outbox' folder until you either fix the problem (e.g. a broken address) or remove the message from the 'outbox' folder. This transport protocol was used: smtp.net
How to solve this email error I get when I try to send email via KMail.
Tried google and searching this forum to no avail. Under Fedora 14, there is an selinux policy which blocks sshd from making outbound connections on port 80 or 443. This can occur when a client box tries to tunnel through the ssh connection for encrypted access to the web.
While I did manage to allow this happen by creating a permissive domain for sshd with this command:
Code:
The preferred way would be to allow sshd to make connection on other ports with a similar command that does not seem to work:
Code:
Is this the correct way of allowing an outbound port connection for the sshd daemon?
If this is correct [URL] I can expect that it will take more then 16 days to fill my 2TB partition from /dev/urandom. That's not workable for me. dd if=/dev/urandom of=/dev/sdxx has been running for 36 hours, and I need to finish setting up the filesystem. But I also need to make a "professional effort" at encrypting the partition. Ok, so I can try
Code: sudo /sbin/badblocks -c 10240 -s -w -t random -v /dev/sdxx So, what is "10240" doing there? Yes, I rtfm, "is the number of blocks which are tested at a time", but is that for the partition size? If so, then I would want to increase it to 204800 for a 2TB partition, right? If not, what should I do?
I am coding a http server which has to send the file(s) such as images, .avi files, .mpeg, that the client is going to request. I have been trying of sending files through sockets.
I have a question regarding Bluetooth with Bluedevil. Finally I got a connection working in one direction: sending files from my mobile (Google Nexus One with Android 2.3.3) to the computer. But I can not send files from my computer to the phone. I also tried to send files from my desktop to my Laptop and it fails. I also tried it the other way around: from Laptop to Desktop... fail.
What is it? Is it still a bug in Bluedevil and all I can do is wait? Or is there some package missing? The following packages (regarding bluetooth) are installed:
I am using centos 5, want to send a sets of binary data to other bluetooth device I know how to sent a file but dont know how to sent raw data. My case is like this I have a bluetooth device I need to send data to then after it process I need to get it back, I plan to do this all using terminal is that possible?
shed some light on what I am doing. I am wondering if I just havehings back to front.Server (MESH):Fedora 13Firewall ports open tcp 22(ssh), tcp 873(rsync)sshd service started
I would like to send a data using one thread and receive a data using other thread by using a same socket connection using USD sockets. The calls i am using for sending and receiving are send(), recv(). let me know is it possible to send and receive the data parallel (Full duplex communication)?
I want to send raw data to a usart port of my board connected to linux box. i know the command
echo "abcxyz" > /dev/<usb_dev_file_name>
would write the raw bits for characters abcxyz to the usb device but the problem is how do i know which device file to write to?there are so many in my /dev.
I'm working on testing some software, and I have a question. We have several files of binary data that we need to push through our application to test. It communicates via simple TCP sockets. Is there a way I can send this data to the socket from the command line? I tried doing something like this, but telnet never picked up the data.
What is the minimum possible MySQL query to get a random data selection that includes each Index number only once and ordered ascending. The maximum index number is known. For example running the query should get the following data: 01, 06, 07, 02. Running the query again, you may get the same data or another possible combination like: 01, 05, 07, 04. Of course you could run a loop for 1 to max_index and process a random ordered data selection until the next index number is found. But I think this will result in too many database access. Also you could run max_index queries to get all IDs that correspond to the given index and randomly select one ID for each index.
I am trying to redirect connection to port 8980 to execute a telnet command to a local machine by issuing the following command : In Server 1 : socat TCP-LISTEN:8980,fork EXEC:/myscript,reuseaddr
My script contains #!/bin/bash telnet 192.168.20.12 //local Server 2
I am sending Binary data from the client to Server 2 via Server 1. So it happens that I have some characters in Hex translated to special characters in ASCII like open brackets or Commas etc.. and that closed the socket between the two machines.
I am writing a code in Python where a socket client changes data with the server. That works nice if the connection is up. However it is also supposed to work offline. So I need to be able to detect if the connection is up before sending data, but I was not able to do so. A summary of the code is like that:
if connected: data = "some data byte" try: socket.send(data) except: connected=False socket.close()
If I unplug the cable after the connection is ready then the socket sends data and does not detect the connection failure. What is amazing is that the client detects the connection failure just after the cable has been plugged again. Of course there is a loop in the code above and always that connected==False a new connection is made. How could the program detect the connection failure before sending data and then lead the code to an exception?
Since today morning we are getting this error, could not track down the cause
We are running : Postfix Amavist and Clam
70A6C45A1CE: to=<actualemailid@yahoo.com>, relay=none, delay=0, status=deferred (delivery temporarily suspended: lost connection with 127.0.0.1[127.0.0.1] while sending end of data -- message may be sent more than once).
I am currently trying to turn off ordered data mode for ext3 filesystem. I want to shred some files and apparently this won't work with journaling on.
I can't seem to find any good explanations of what exactly "ordered data" means in terms of data recovery/security...or at least none that are written in simple n00b terms. It is all written in terms of disk crashes and whether old data will mix in with the new. It doesn't say whether one's cousin will be able to poke around and find some thought-it-was-deleted porno if he's on the computer.
Can someone step me through the process of turning this off using tune2fs? (if that is the best way to do it!) Do I have to revert to ext2? Can I turn it back on later? Will I lose data (for example, does the drive need to be reformated?) once this change is made? And how does one find, read, and delete/shred the journal itself? Is "ordered data" even a real problem for data recovery?
I've written a usb device driver and a program that sends and receives data over the bulk pipe. The read function sometimes returnsI'm reading an unknown amount of data. However, using a usb tracker I can see that the correct data is being sent.The error only occurs sometimes.I expect that the read function is told to read more data that it receives it would fail and return -1, however if this was the case then every read call would fail.
I am trying to install the bucktooth gopher server on a Windows xp laptop. I have cygwin 1.7 installed, and I recently installed the xinetd and perl packages. I successfully (?) configured bucktooth, but I have had trouble with the connection cutting out partway through (partial directory listings, half-blank pictures, etc.). I used tintin++ to get the connection's data directly, and found that in addition to occasionally missing lines, some lines are duplicated.
I then ran the bucktooth server directly (to bypass xinetd), and found that the server was giving consistent, correct output. I then added a test service to xinetd (m4), but after connecting to this test service (through tintin++), xinetd would respond with one line of unexpected data (such as "gf" or a line from a recent bucktooth directory listing) and close the connection. Could this be a broken xinetd? My xinetd configuration:
