I have snipped part of my log i captured on the my honey pot need recommendation on what is going o? The infected computers is located at address ${ADDRESS}. A quick check of my low interaction Honeypot (based on nepenthes) gives the following data: i know its a worm but what is going on thanks in advance
linux-sqos:/opt/nepenthes/var/log # cat nepenthes.log <snip> [18032007 02:26:03 info module] 76 4 [18032007 02:26:03 info module] SMB Session Request 76 H CKFDENECFDEFFCFGEFFCCACACACACACA code....
I Clam-scanned a bunch of old CD's.. Clam found 9 infected notes infected with: "Worm.Allaple-319"... I wonders if this was my problem with Ubuntu always failing..? These are some of my best notes.. Is it possible to clean the bugs out of them with Fedora..?
PartedMagic live linux can load to memory and run clamav on a windows drive to check for and remove viruses. However, I need to also find and remove trojans and worms on a windows drive which clamav can not find. Is there any worm and trojan removers for linux or do you need to install WINE and run the windows trojan and worm removers.
It seems the fingerprint reader is detected, and several related packages are installed, but I can't find any tools available to either set it up. or activate it for use.
I cannot find one single UFW event anywhere. I have researched this and see that others have trouble finding these logs too. I have looked in every /var/log there is and I can't find one event. I have UFW enabled, default deny and logging set to medium from a previous logging low(in hopes this would create more events to be seen). In terminal, UFW is shown as active. I have been using Ubuntu for more than a year now and I recall seeing UFW events with every session in some /var/logs in Ubuntu 9.04 - I'm running 9.10 now. I have also tried looking throughout the system files and have found nothing. Is UFW not working properly or could I just not be experiencing any firewall events(not likely)?
I can't seem to find the setools-gui package in the repo, and I do not see a deb package for it.I attempted to use alien to install the rpm, but that didn't work. Any idea on how to get the GUI to install?
My machine is trying to communicate with another computer. I�ve blocked the traffic with this machine with iptables (input and output traffic), but I want to find the origin of this traffic. There�re 90% of probabilities it�s a trojan, and I want to find it.I have logged the packets with iptables (and then dropped), but with this I don�t know the proccess source.I�ve tried with netstat -o, but I don�t get nothing.How can I see the Process source (i.e. the PID) of this traffic?The traffic are TCP packets, with SYN flagged active (my machine is trying to establish a connection with that IP).
I have LAN with 20 machines. I see that one of them is infected. Its sending a lot of packets to the internet. My internet connection at this momment is realy slow. What should I do? How to detect which machine is infected? I'm using hardware firewall. Fortigate... Its hard to configure there nice logs. Any good software. I don't want to switch off network cable from each machine and check.
I have been messing around with ettercap and with with a little bit of arping. Running out of things to do though! New programs? If you list a program i can probably find some guides on how to use it
Browser can't find server at att.yahoo.com so no internet. My folding at home client with Stanford can't download {an upload went ok}. I have 2 other fedora boxes & 3 windows boxes thru the same router and they are all fine.
I can manually ping Stanford ok, Add/remove software within fed. works ok. I can type in 192.168.0.1 & get the page for my router The only thing I did between working & not working was to install Nvidia Cuda driver for my GTX275
My guess is something in the firewall got tweaked. but I've compared it to 2 working boxes & nothing jumps out at me.
I'm playing around with iptables on Ubuntu 10.04 Beta2.
[Code]....
That's what I got so far. Accoring to iptables man pages: "/proc/net/ipt_recent/* are the current lists of addresses and information about each entry of each list." There's nothing like that there on my Ubuntu installation. There's a file that's called /proc/net/ip_tables_matches. However, it doesn't contain the information I'm looking for. It contains:
Code: udplite udp tcp recent state icmp
where I can find the file where iptables stores the matching IPs? Also, can anyone verify that I have put the rules in the right order for them to work?
I am trying to find the source code behind mkpasswd which I apt-getted from universe. I am trying to code a similar app in Java and want to see how the salt is implemented in the /etc/shadow file.
Bu I just can't seem to find any source about that particular program...
I am unable to find any ldap.conf parameter or pam.d/system-auth setting from where i can restrict the LDAP users having uidNumber less than a particular number, say 500 to login into the system.I am using OpenLDAP server and tried pam_max_uid 500 in ldap.conf but it didn't work.
In my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
I am trying to find a best tool to track configuration files changes. I did find some information about osec and mactime, but, it seems, that they are not included in fedora/rpmfusion package databases. is there any tool that can be installed as a package?
I have totally exhausted my search to find IPBlock. I use it on my other Ubuntu machines but for some strange reason I cannot find it anywhere for my Ubuntu 10.10 Maverick. I know where the iplist is but not the actual file IPBlock download
My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ... Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
chroot in two mini distros (Tiny Core and SliTaz): chroot jail appears 'blind'. Chroot can't find any files in the jail and exit with error code. Example (ugly):
Is it possible to list/find/compare the program versions on a Centos system, against Redhat/Centos Errata/Security/Bug lists? Sort of looking for a way to make sure that all the packages on a system are ok, and not a security risk-- Without having to update every package. A pseudo code, in my mind is:
I have a database created by an older program (not Access) that I need to open and retrieve information for my business. The manufacturer put a password on there so that only it's program could open it. I do not use that program, but it has information I need. Is there a way to find that password or circumvent the password altogether?
I've looked today on my logs /var/log/message and I find device eth0 entered promiscuous mode I don't remember putting eth0 in promiscuous mode I'm connected to the net thru a router how do i turn that off ?
I have 4 Linux machines with cluster.My target is to find all kind of IP address (xxx.xxx.xxx.xxx) in every file in the linux system remark: need to scan each file in the linux system and verify if the file include IP address if yes need to print the IP as the following
I am trying to do a find/grep/wc command to find matching files, print the filename and then the word count of a specific pattern per file. Here is my best (non-working) attempt so far:
Is there a way to specify to find that I only want text files (and not binary files)? Grep has an option to exclude binary files, so I thought find probably has a similar feature, but I've been unable to find it.
