Security :: Will Noise Beat Eavesdroppers Looking For Peaks Of Traffic
Mar 6, 2010
we want to post anonymously to a public forum like linuxquestions. We can do it through a service like [URL]. This uses a secure link so any eavesdropper in my LAN cannot see the url I am connecting to.
If this eavesdropper in my LAN suspects I am posting on linuxforums.com, they can look at times when my suspected posts appear in this public forum, and compare them with peaks in the traffic from my computer, and if the times match, it's a strong indication I am the same person. If I somehow fill the virtual private connection with a dummy data stream, can the eavesdropper still tell I am posting to linuxquestions?
View 11 Replies
ADVERTISEMENT
Sep 27, 2009
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code:
iptables -I INPUT -p gre -j ACCEPT
iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT
iptables -I FORWARD -d 172.16.10.101 -j ACCEPT
The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
View 3 Replies
View Related
Jun 13, 2010
what rules I need to use to only allow traffic between 2 interfaces (which are part of a linux bridge) using ebtables?
So let's say I have if0, if1, if2. I want if1 to communicate with if0. I also want if2 to be able to communicate with if0. But I don't want if1 and if2 to communicate with each other.
View 2 Replies
View Related
Apr 9, 2010
Amarok 2 can search through music collection using ID3v2 tag's 'bpm' field. That would be very nice to retag the entire music collection so I can find the 'mood' of the track I like.However I've not found any beat-detection software that could have helped me. Have you ever used one? CLI, preferably. Also I'm interested if there's anything alike for tagging FLACs with the same 'bpm' field.
View 4 Replies
View Related
Jun 2, 2011
When trying to import a finished beat as an .ogg (converted from mp3) file into LMMS im finding the only possible option to be through the Audiofile instrument plugin, but in both the Beat+Bassline and the Song editor it either loops it in weird ways (in B&B) or doesnt play at all when i add the black boxes.Any tips on how to get my beat working?
View 1 Replies
View Related
Jun 24, 2010
We use a squid proxy server for all http traffic. Is there any way to configure squid so that all traffic which squid and workstation communicates is SSL and encrypted ?
View 2 Replies
View Related
Apr 26, 2010
Where I work we have a lan, it is almost 100% windows machines except for 2 CentOS machines in which some clients connect to, via VPN. (very small network, <50 ip's used)
I would like to know if there is a way to block access from that machines to others in the network. I'm already logging traffic (with IPTraff) to see if they're accessing other machines in the network others than the ones they should connect.
View 7 Replies
View Related
Mar 11, 2011
has my Ubuntu machine been cracked?
machine on home lan
192.168.0.102
it is the DMZ from router
ufw on (ports open for aMule)
sshd installed
[Code].....
View 2 Replies
View Related
Aug 8, 2010
I get all my traffic from my router, as this computer seldom moves. So is there a use for a firewall?I am not sure, because when I scan my IP address with nmap, no matter what the changes I make in the firewall, it is always the same scan...cannot fingerprint OS...and all closed ports.The all closed ports thing only changes when i torrent, then i get a wide open port.
View 14 Replies
View Related
Apr 3, 2009
I have computers in the DMZ (192.168.1.0/24) .. How to block traffic initiated from computers in the DMZ?
View 3 Replies
View Related
Feb 11, 2011
I set up iptables but it is blocking my SSH set up. I did allow it by opening port 22 but it did not work. Here is my config:
Code:
iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
### this should allow SSH traffic
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
How do you allow SSH through the iptables firewall?
View 5 Replies
View Related
Dec 14, 2010
I've a server, and I want to drop all the traffic going out with other source port than 80 (apache) and 22(ssh). The reason is I want to prevent my machine sending packets I don't know (i.e. my server scanning networks or making DDOS attacks without my knowledge). The problem are the updates. If I do what I've said, the updates will not work. I want to allow updates, so I need to let DNS traffic (port 53) and the traffic of the updates to go out.
The problem is the source port. This traffic uses a dynamic port (I think like HTTP). Is there any way to specify a source port to do this? If a have a static port to do this, I would drop all the traffic going out with other port than 22,53,80 and this port.
View 3 Replies
View Related
May 3, 2010
I am looking for a beat visualizer (for lack of a better word) to use full screen when playing music on my computer. What do I mean by that? I know there are a lot of visualizers out there that create colored swirls and spectrum analyzers and stuff based on the waveform of the music being played (e.g. Goom). But they do not really visualize the music to any great extent. If you play Mozart or if you play Chemical Brothers it does not do all that much of a difference visually.
What I want is a visualizer that reflects the music to some degree, and in particular the main beat. If there is a strong thumping beat I want that to be reflected on the screen at the same time as the beat plays through the speaker. Here is a simple example illustrating what I mean (forward to 1:00): [URL]
Please note that it is not the simplicity in the video I am looking for, it was just that this video did well in illustrating the main principle. If possible I would like to have swirls and smooth animations also (like Goom) but the most important thing is that it should reflect the music in a more direct way and be perfectly synchronized with the beat.
View 2 Replies
View Related
Jan 31, 2010
Is there a program that monitors and displays 'who' is on your wireless Internet signal that one may not be aware of? Like, the ability to see when someone that you don't know is accessing your locked wireless?
View 9 Replies
View Related
Sep 14, 2010
I want to check if traffic to a specific URL is being throttled by a hospital acting as an ISP. A client is having great trouble accessing a hosted web-app from inside the hospital, but access is fine from outside. The hospital IT dept are not interested as the rest of the Internet is fine. I need to trace where the latency is creeping in or where the throttling is happening, if I can do that, the hospital will remove it. Traffic is standard http to a specific URL.
View 9 Replies
View Related
Jan 4, 2010
I have Ubuntu 8.04 as virtual host. On this host I have installed VirtualBox virtualization software. I have installed Windows XP as virtual machine and installed HTTP server.I would like temporally disable all network connections to host and virtual machine.So on Ubuntu host I have set firewall settings:
Code:
sudo iptables -F (to flush - delete all firewall settings)
sudo iptables -P INPUT DROP (to disable all input traffic)
[code]....
View 9 Replies
View Related
May 9, 2010
I was reading a magazine article today which was a discussion of internet detective work for tracking down ip addresses which attempt an ssh login to your machine. I have never really paid much attention to network security since I only run a small home network. I have WPA encryption and a firewall on my router. But while reading this article, I remembered that I myself has seen log files in the past that inidicated someone somewhere had attempted to log into my machine (attempts all failed). This had happened a few times, but I never really considered it a threat.
But, the more I read about home computers becoming "zombies" for criminals, I guess I am getting a little paranoid in my old age, particularly since my wife does quite a bit of business on the net with credit cards. I have four computers connected to the net and each other on this network, and would like to be able to easily detect attempted log ins and deal with them quickly.
So my reason for posting is to ask if someone could recommend a novice-friendly application for monitoring traffic to check this intermittently. I have read bodhi.zazen's excellent tutorial on snort, but I it appears to be written for large lan's or web servers and is over-kill for a small home network.
View 8 Replies
View Related
Apr 15, 2011
I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies
View Related
May 1, 2011
Last night my old Sony Vaio laptop which connects via wired Ethernet and runs Ubuntu 10.10 started hammering the network out onto the Internet. Fired up Wireshark and found lots of traffic between my machine and 174.129.193.12 which I did a whois on and found belonged to Amazon EC2 Cloud Server. The port on my machine was an unknown 5000+ but the port on the remote system was 443 the port used by https, however no browser was running. Did a search and put together a couple of iptable commands to block this IP address which stopped the traffic. I then used nmap and netstat and found port 3000 open and another connection to IP address 91.189.89.76 which I also blocked. Unusually no info exists on this IP when you do a whois. At first I thought it might be some sort of sync as this machine has Ubuntu One running on it, however it could also be something else.
View 3 Replies
View Related
May 3, 2011
I'm currently using a homemade Python script to parse script kiddie IP addresses from logfiles.To this point, I've simply been DROPping any requests from these IPs using iptables.I thought it might be fun to redirect their traffic back to them, but as I am not an expert at iptables, I was wondering if I should use FORWARD or PREROUTING.
View 7 Replies
View Related
May 16, 2011
How do I redirect all the UDP traffic on port 27016 of my current dedicated server to a new IP port 27015 using IP tables?
View 1 Replies
View Related
Mar 24, 2010
a client asked me to install ettercap on their linux gateway machine - two ethernet machine. I tried it in bridged mode, it but as soon as I start it, the traffic stops and no one can access anything. Did anyone ever succeed in running it on the gateway?
View 1 Replies
View Related
May 22, 2011
I have the Shorewall firewall running on Ubuntu 10.10 server and the issue I am having is the firewall is blocking traffic from my transmission-daemon even though I have allowed it in the /etc/shorewall/rules.
the rules file has the following lines
Code:
ACCEPT$FWnettcp60000:60035
ACCEPTnet$FWtcp60000:60035
ACCEPT$FWnetudp51413
ACCEPTnet$FWudp51413
[Code]...
as you can see, Shorewall is rejecting packets with source and destination port 51413 on incoming net2fw and outgoing fw2net even though the rules are set to accept.
View 7 Replies
View Related
Sep 25, 2010
Two days ago we started to receive the following message:
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/lib/init/rw/.mdadm /lib/init/rw/.ramfs
/lib/init/rw/.mdadm
INFECTED (PORTS: 4369)
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
And about at the same time (a day before that) we have set up new rules for the queueing disciplines using 'tc' on our Debian lenny box (these rules are for some of the experiments we are carrying out). I have ran the chkrootkit manually and this message (as above) keeps appearing, while the rkhunter tool does not complain about these items. Could there be a connection between setting up the new qdisc's and the chkrootkit "INFECTED" messages?
View 7 Replies
View Related
May 1, 2010
I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...
1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2
2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook
3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80
I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom
How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!
View 4 Replies
View Related
May 5, 2010
I have a question, on my firewall at work I am seeing a constant flow of denies from many different source IP addresses, of tcp/udp destination port 53372 & 53375.What in the world is that, and why these two ports over and over
View 1 Replies
View Related
Feb 1, 2011
I'm simply trying to make a little restriction on www packets under two rules:
1. Allow inbound/outbound www packets (works!)
2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)
Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)
And this is my iptables rules in shell-script so far:
#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"
[Code].....
View 1 Replies
View Related
Apr 27, 2010
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
View 3 Replies
View Related
Sep 29, 2010
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
View 1 Replies
View Related
Mar 15, 2011
I wanted to tell my server to block all traffic but US only traffic. So i followed this guide:[URL].. Now I know, it's the best way to help prevent hackers/crackers (doesn't matter to me what they are called. I just have to stop them). My server only deals with US clients anyways so might as well just start right there for my server's security before getting into the brute force and injection preventions. So I got it all done compiled everything moved to the proper directory. I then started to setup my iptables. Like so
Code: iptables -F INPUT
iptables -F OUTPUT
iptables -I INPUT 1 -s *.*.*.* -p tcp --dport 22 -j ACCEPT
iptables -I INPUT 2 -s *.*.*.* -p tcp -j ACCEPT
[Code]...
After seeing that i went digging in the code and figured it was something todo with memory allocation.
View 1 Replies
View Related
