Security :: UDP Traffic Unauthorized On Ubuntu 10.04?
Mar 11, 2011has my Ubuntu machine been cracked?
machine on home lan
192.168.0.102
it is the DMZ from router
ufw on (ports open for aMule)
sshd installed
[Code].....
ADVERTISEMENT
Slackware :: What Software For Checking On Unauthorized Network Traffic?
May 8, 2010I have been thinking lately about the number of computers connected to the internet that become "zombies" for sending out span (or worse) when they are attacked with ssh over the internet using some kind of script. Today, I read an article in a magazine about internet detective work when you find that there has been an unauthorized attempt to connect to your machine. According to this article, almost any computer connected to the internet is attacked very frequently and the log files of that computer will show this. I have seen these in my own log files in the past.
I have learned a number of ways to track down the attacker (to a very limited degree). But what I would like to know is a relatively easy application to run and understand to monitor my network traffic and find these attempts quicker. I know I have probably almost nothing to be concerned about, but I would like to be able to head this kind of problem off. I have a number of machines connected to the net and each other and my wife does a lot of business on the internet. So, besides becoming a bot for some criminal, I don't want any credit card details stolen.I have read about Wireshard, snort, etc. Is there an application (with gui preferrably, but not mandatory), that is novice compatible that will let me monitor this?
Fedora Security :: Prevent People From Unauthorized Access?
Mar 19, 2009I'm doing a research to protect my pc from physical access. What I'm facing here is that my company created a program for fedora 8 and plans to sell the unit away. We created a function where you can configure the program using any web browser from a network so we do not want anybody to have access to the fedora except for out personnel.
Based on my research, I've found [URL] this guide to protect people from accessing grub and single user. I am currently researching on preventing others to clone the harddisk. I would like to know if there are any other methods to prevent people from unauthorized access to fedora.
Server :: PPTP Traffic - Gre Traffic Is Being Generated During The Browsing / Reduce Traffic
Sep 27, 2009Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
Security :: Only Allow Traffic Between 2 Interfaces?
Jun 13, 2010what rules I need to use to only allow traffic between 2 interfaces (which are part of a linux bridge) using ebtables?
So let's say I have if0, if1, if2. I want if1 to communicate with if0. I also want if2 to be able to communicate with if0. But I don't want if1 and if2 to communicate with each other.
Ubuntu Security :: Program - Network Traffic Monitoring
Jan 31, 2010Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
View 9 Replies View RelatedUbuntu Security :: Traffic To Specific Sites Throttled?
Sep 14, 2010I want to check if traffic to a specific URL is being throttled by a hospital acting as an ISP. A client is having great trouble accessing a hosted web-app from inside the hospital, but access is fine from outside. The hospital IT dept are not interested as the rest of the Internet is fine. I need to trace where the latency is creeping in or where the throttling is happening, if I can do that, the hospital will remove it. Traffic is standard http to a specific URL.
View 9 Replies View RelatedSecurity :: Encrypting All Traffic By Squid
Jun 24, 2010We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies View RelatedSecurity :: Logging/Blocking LAN Traffic?
Apr 26, 2010Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
Ubuntu Security :: Firewall: Completely Prevent Any Traffic From Network?
Jan 4, 2010I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
Ubuntu Security :: Home Network Traffic Monitoring Recommendation?
May 9, 2010I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
Ubuntu Security :: Reject Versus Drop For Outbound Traffic
Apr 15, 2011I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies View RelatedUbuntu Security :: Unusual Traffic From Amazon EC2 Cloud Server
May 1, 2011Last night my old Sony Vaio laptop which connects via wired Ethernet and runs Ubuntu 10.10 started hammering the network out onto the Internet. Fired up Wireshark and found lots of traffic between my machine and 174.129.193.12 which I did a whois on and found belonged to Amazon EC2 Cloud Server. The port on my machine was an unknown 5000+ but the port on the remote system was 443 the port used by https, however no browser was running. Did a search and put together a couple of iptable commands to block this IP address which stopped the traffic. I then used nmap and netstat and found port 3000 open and another connection to IP address 91.189.89.76 which I also blocked. Unusually no info exists on this IP when you do a whois. At first I thought it might be some sort of sync as this machine has Ubuntu One running on it, however it could also be something else.
View 3 Replies View RelatedUbuntu Security :: Iptables To Redirect Traffic Back To Its Source
May 3, 2011I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies View RelatedUbuntu Security :: Redirect All IP Tables Rule To Forward UDP Traffic?
May 16, 2011How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies View RelatedSecurity :: Is A Firewall Needed If Get All Traffic Through A Router
Aug 8, 2010I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies View RelatedSecurity :: Block Traffic Initiated From Computers In The DMZ?
Apr 3, 2009I have computers in the DMZ (192.168.1.0/24) .. How to block traffic initiated from computers in the DMZ?
View 3 Replies View RelatedSecurity :: IPTables Setup Blocking SSH Traffic
Feb 11, 2011I set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:
Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
How do you allow SSH through the iptables firewall?
Security :: Updates: Specify Source Port For Traffic?
Dec 14, 2010I've a server, and I want to drop all the traffic going out with other source port than 80 (apache) and 22(ssh). The reason is I want to prevent my machine sending packets I don't know (i.e. my server scanning networks or making DDOS attacks without my knowledge). The problem are the updates. If I do what I've said, the updates will not work. I want to allow updates, so I need to let DNS traffic (port 53) and the traffic of the updates to go out.
The problem is the source port. This traffic uses a dynamic port (I think like HTTP). Is there any way to specify a source port to do this? If a have a static port to do this, I would drop all the traffic going out with other port than 22,53,80 and this port.
Security :: Will Noise Beat Eavesdroppers Looking For Peaks Of Traffic
Mar 6, 2010we want to post anonymously to a public forum like linuxquestions. We can do it through a service like [URL]. This uses a secure link so any eavesdropper in my LAN cannot see the url I am connecting to.
If this eavesdropper in my LAN suspects I am posting on linuxforums.com, they can look at times when my suspected posts appear in this public forum, and compare them with peaks in the traffic from my computer, and if the times match, it's a strong indication I am the same person. If I somehow fill the virtual private connection with a dummy data stream, can the eavesdropper still tell I am posting to linuxquestions?
Security :: Ettercap On Company Gateway - Traffic Stops And No One Can Access Anything
Mar 24, 2010a client asked me to install ettercap on their linux gateway machine - two ethernet machine. I tried it in bridged mode, it but as soon as I start it, the traffic stops and no one can access anything. Did anyone ever succeed in running it on the gateway?
View 1 Replies View RelatedSecurity :: Shorewall Rejecting Allowed Traffic For Transmission-daemon
May 22, 2011I have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
the rules file has the following lines
Code:
ACCEPT$FWnettcp60000:60035
ACCEPTnet$FWtcp60000:60035
ACCEPT$FWnetudp51413
ACCEPTnet$FWudp51413
[Code]...
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
Ubuntu :: Protect A File Or Folder From Unauthorized Delete?
Aug 13, 2011How can I protect a file or folder from unauthorized delete.
View 9 Replies View RelatedSecurity :: Connection Between Traffic Control Rules & Chkrootkit Threat Notifications?
Sep 25, 2010Two days ago we started to receive the following message:
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?
Security :: Opensuse Susefirewall 2 And My Own Rules - Block Ougoing Traffic Except Some Apps
May 1, 2010I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...
1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2
2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook
3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80
I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom
How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!
Security :: Firewall Deny Traffic Inbound Destination Port 53372 & 53375?
May 5, 2010I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies View RelatedSecurity :: Drop Inbound Traffic To Port 80 (http) From Source Ports Less Than 1024?
Feb 1, 2011I'm simply trying to make a little restriction on www packets under two rules:
1. Allow inbound/outbound www packets (works!)
2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)
Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)
And this is my iptables rules in shell-script so far:
#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"
[Code].....
Hardware :: Get Stopped At Authentication Required / 401 Unauthorized?
Jul 28, 2010When I try to add a printer using this web interface.I get stopped at authentication required.I put the root login and pass but
401 Unauthorized.Enter your username and password or the root username and password to access this page. If you are using Kerberos authentication, make sure you have a valid Kerberos ticket.
Software :: Redirection With NuFW To Go On Unauthorized Website
Feb 23, 2010I'm using NuFW but I don't know how could I have a redirection if the user try to go on a unauthorized website... On this moment, my web browers continue to try to join the website, even if nufw has already send a negative response. I would like that my browers redirect me on a other page, how could I do?
View 1 Replies View RelatedUbuntu :: Internet Traffic Flow Monitor - Track Traffic Of Each Device
Apr 27, 2010We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?