Security :: /proc/net/packet Says My Server Is Acting As Network Sniffer - According To NSA Doc
Apr 25, 2011
So, the NSA puts out some handy documentation on locking down a RHEL server (running centos 5.6 x64 myself) here, [url]. Under "Ensure System is Not Acting as a Network Sniļ¬er" on page 63, it says that if any numbers below the first line in /proc/net/packet, that it is acting as a network sniffer.
I get the following output:
Code:
Unless I've been pwned, I don't know exactly what could be causing this. Besides samba, nmap (compiled from source, not from yum), screen, and rtorrent, there's nothing I've installed beyond the fresh install I did a few days ago. I was not running nmap when looking at /proc/net/packet.
View 8 Replies
ADVERTISEMENT
Feb 24, 2011
I want coding of packet sniffer that runs on red hat and use c++ language.
View 2 Replies
View Related
Nov 5, 2009
Is there a default built in packet sniffer program in Fedora 8 ?
View 1 Replies
View Related
Nov 16, 2010
I am actually making a packet sniffer using raw socket. Its just that when I use the command '
if((ioctl(rawsock, SIOCGIFINDEX, &ifr)) == -1)
to get the interface index...
Its gives me an error saying :invalid argument?
View 2 Replies
View Related
Aug 20, 2010
I'm trying to find out what is the difference between wifi0 and ath0 (atheros wifi card) in terms of packet counters shown in proc/net/dev pseudofile. The fact is that wifi0 and ath0 packet counters are different. I've read that wifi0 refers to the physical device and ath0 refers to virtual device over wifi0, so, as far as I know, packets counters in both devices should be the same, isn't it? Another annoying question for me is that ath0 doesn't show any erroneous packets, while wifi0 does.
[Code]..
View 6 Replies
View Related
Sep 19, 2009
Do i know any one pluged Removable devices on his system. we dont allow removable devices on network. most of the workstations are Windows XP, and Vista. i have disabled USB using Group policy but still some system need to access USB ports.
I want to monitor USB deivces on each system as the pulgged to workstation an alert or any action that informs to Admin.
View 2 Replies
View Related
Sep 17, 2009
I got a problem with my CentOS server. Somebody told me OpenVPN Requires different changes inside my firewall settings. That could be the problem why openvpn wont load..I receive this error on my CentOS panel when im trying to connect into the centos openvpn (with my winxp pc):
Thu Sep 17 20:31:36 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
Thu Sep 17 20:31:38 2009 Authenticate/Decrypt packet error: packet HMAC authentication failed
Thu Sep 17 20:31:38 2009 TLS Error: incoming packet authentication failed from 84.xx.62.122:2622
[code]....
View 5 Replies
View Related
Oct 24, 2009
Which is the best (easy to follow the chat not like wireshark) to sniff msn chat for remote users in my network? I was try msn shadow that it has easy to understand inderface but it sniffs only local chat.
View 1 Replies
View Related
Feb 6, 2010
We are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies
View Related
Sep 15, 2009
Is it possible to pickup the whole https URI with a sniffer?
IE. [url]
For example, Is there a way to get the sniffer to pick up id=39238?
I have been testing with wireshark, and it only seems to be picking up domain.com.
View 1 Replies
View Related
Aug 25, 2010
I just changed my password now every time I start my computer the keyring wants my old password and it keeps doing weird things even after I type it in. Like Ubuntu will say No keyring found or something to that effect anyway.
View 4 Replies
View Related
Mar 29, 2010
switched recently to 11.2 and it works fine for me as workstation I want to set up a router separating a part of the network and also acting as a firewall/proxy... Configured 2 Ethernet Interfaces, checked Ip forwarding in Yast but it does not forward the packets from the "internal" to the "external" network. Hovewer after I set up my router as default for machines on internal network I can ping the external interface but no adress on external network (particularly the one of the default router) !!! From the router I can reach both networks and the net via default gateway on external. Tried to:
a) switch firewall completely off
b) iptables -P FORWARD ACCEPT
c) masquarading internal adresses to the external network
my interfaces configuration looks like:
eth0 Link encap:Ethernet HWaddr 00:13:D4:E3:A2:7B
inet addr:192.168.1.34 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::213:d4ff:fee3:a27b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
[Code].....
View 4 Replies
View Related
Jul 6, 2010
I've got the F13 LiveCD that I was able to boot and use using the "nomodeset" boot option. From the desktop I'm trying to perform an Install to Hard Drive. I've read the Install from LiveCD post regarding the creation of a /boot partition and a / root partition. I've tried creating them without the LVM group and with. But every time I appempt to install I get...
An error occurred mounting device proc as /proc: mount failed: (9, None). This is a fatal error and the install cannot continue.
Hardware is a Sager 8887 (P4, 3.06HT, 60GB HDD, Radeon 9000 graphics adapter)
View 7 Replies
View Related
Jan 5, 2011
I install from openSUSE-11.3-NET-x86_64.iso. Installation was succesfull, but after install all packet on test internet / update was error. And after log in in installed system internet not work. I use router with DHCP
View 8 Replies
View Related
Mar 29, 2010
OpenPGP Standard RFC 4880, not really a Linux Question, but as may be using GnuPG on Linux I thought I would ask here
The Modification Detection Code Packet is defined to use SHA-1, even though it does state in section 13.11. that this can be altered, and gives example methods. However this would cause interoperability, (q1)so I assume there is no standard method of doing this??
- How much of a threat do you believe this to be? Even though the SHA-1 hash is encrypted within the symmetrically encrypted integrity protected data packet.
View 1 Replies
View Related
Jan 26, 2010
by now I have 10 servers for hpc, power computing oriented. My users need to launch several processes using qmake. The users are used to work with ubuntu 9.10, and the software from the repositories is switable for them. I've deployed ubuntu 9.10 to all 10 servers (pxe rocks). By now we work with parallel-ssh and cluster-ssh, which allows as to launch the same process to all servers. With this tools this tools the servers remain as independent but with the same software and the same launched command. Now we would like to go to next step and see all the servers as a single one with all the resources from the other 9 as if was its resources. The difference would be substantial in time to process and also time to design the command to launch.
View 13 Replies
View Related
Sep 29, 2010
I have a DNS server that's been working just fine up until now. I have a local domain, "galapagos.office" set up, with several subdomains on it. I've been able to get to all the subdomains just fine for the last couple weeks from several different machines.Now something weird's happening:
I CAN ping wiki.galapagos.office from a local machine
I CAN do an nslookup on wiki.galapagos.office from a local machine
I CAN see wiki.galapagos.office in a browser from a local machine
I CAN'T ping wiki.galapagos.office from the DNS server itself
I CAN'T do an nslookup on wiki.galapagos.office from the DNS server itself
I CAN'T see wiki.galapagos.office in a browser from the DNS server itself
And I COULD do all these things before. I don't know exactly when things went south because I almost never do anything from the DNS server itself.
View 3 Replies
View Related
Oct 11, 2010
We are running a sendmail(8.13.8-2.el5) service on one of our server running RHEl5
When I try to mail from one of the machines connected to the server on our private network, log file on that machine shows that the mail has been sent and also there is no mail in the queue, but when I check the server, there is no mail received, not even any status on log file. Did anyone experience anything like this or any idea about this problem?
View 1 Replies
View Related
Jun 19, 2011
I have an adsl modem acting as a bridge to my router my setup was working well for more than year now , but then the internet went slow . I set the modem back to PPPoE the problem was with the DNS server of the ISP so using ifup i set the dns t 8.8.8.8 (google) the connection is back , but when i set the modem back as a bridge slow internet does the router know that my dns is 8.8.8.8 or i should set the dns on the router ? I can't see an option to set the dns on the router ( i just enter my username and password from the isp to use PPPoE mode ) by the way i called the isp support they kept telling me to restart , i told them i did but i never restarted my pc . I'm sure if i tell them i'm running linux they will blame the os !
View 2 Replies
View Related
Dec 14, 2010
I want to use 2 network cards on a notebook (one internal and one by USB). I don't want the typical "internet sharing", so I want it to act really as a switch:
Other room <== 1Gb/s ==> Notebook <== 100Mb/s ==> network switch with more computers.
I want to do it because i want to use the 1Gb/s link from the other room to the "servers" room, and then the rest of servers will run at 100Mb/s. I wanna all my computers in the same network, like there's no notebook in the middle, so the Notebook will act as a switch (and a server). i wanna (assumming all of this is possible): Code: > [network switch] 1Gb/s
> 192.168.2.1 [router] 100Mb/s
> 192.168.2.2 [wi-fi AP] 100Mb/s
> other room 192.168.2.50 [new notebook] 1Gb/s
[code]....
View 5 Replies
View Related
Jan 23, 2010
I have an EPIA M10000N (VIA Nehemiah 1GHz integrated CPU) motherboard (square MB each side 17cm) in a GA610 case. These last two links show the situation quite well.I have neither a CD/DVD drive, nor a floppy drive in the case. Only a hard drive, the motherboard, and the power supply.As you can see in the pictures, the whole thing is cooled by a 4cm fan on the CPU heat sink, and another 4cm fan at the rear of the power supply.This is rather noisy (and unbearable in a living room!).After looking (not that hard, though...) for a solution, I did not find a proper (less than 20dB, and good quality) solution. So the living-room PC became a server. It's either that of throwing it away, anyway. Having nothing to loose, I want to try something. And I'd like to have your opinion, dear reader.I want to:
- remove both 4cm fans,
- remove the cover from the power supply,
- cut a round hole on top of the case,
- fit a 12 or 14cm fan on the lower side of the round hole, right above both the CPU and the power supply.
I'm new to this cooling stuff. I saw that a 4cm fan can extract up to 5 CFM of air, whereas a big fan can extract at least 60 or 70 CFM!Changing two noisy 5 CFM fans with a single silent 60 CFM fan seems OK to me.What do you think of the idea?Next, for better reuse, I may buy a Noctua 14cm NF-S14 FLX. It is big and silent, and 71 to 110 CFM seems a lot! And its fixation holes match those of a standard 12cm fan, thanks to the unusual shape
Do you approve?
I still hesitate a bit because:
- the Noctua NF-P12 1300 might be more sturdy due to its regular shape...
- the Enermax Magma UC-MA12 might be a better choice because it can be washed... on the other hand, because of that, it may get loose with time...
View 14 Replies
View Related
Aug 23, 2010
We have a samba server with a couple of shares defined as follows:
Code:
[Storage]
comment = Storage
browseable = yes
path = /home/samba
writable = yes
[Backup]
comment = Backup
browseable = yes
path = /mnt/hd2/home/samba
writable = no
[Administration]
comment = Administration
path = /home/adm
valid users = adm
public = no
writeable = yes
browseable = no
We have two samba users: samba and adm. The first is used to connect to Storage and Backup shares, and adm is used to connect to Administration share. There are two problems:
1) If Storage and Backup shares are connected to a Win7 box, the Administration share cannot be connected. All we get is an error saying that that share is already connected with different username.
2) We have managed to work around this by connecting the Administration share with the IP-address of the server instead of it's name(?!). The problem then becomes that sometimes connecting Administration share this way makes Storage share read-only. Not always though.
Wrong "security" type in smb.conf (was "user", needs to be "share"). For some reason the Storage share still occasionally gets connected read-only. Win7 also tends to forget the passwords/usernames for some shares upon reboot (not all of them, though).
View 1 Replies
View Related
Jul 8, 2010
I've just started learning how to use kismet and aircrack. I'm sniffing my own network to see how vulnerable it is. I'm using aireplay to inject packets, but the number of packets per second in airodump is only about 30 to 50. Is there something that can speed this up a little more? Shouldn't it be able to go faster than this? It's going to take forever to collect at least 300,000 IVs for a 64 WEP key let alone the amount needed for 128 WEP.
wireless card intel iwl3945. Everything works great except for the extremely slow speed of gathering IVs. Also, how can I monitor my network? If someone was using aircrack on me and sending packets, how could I observe that? What should I Google?
View 4 Replies
View Related
Dec 21, 2010
I have been having some odd issues over the last day or so while trying to get a raid 5 array running in software under Kubuntu. I installed 3 1TB drives and started up, my sd* order got all messed up( sda was now sdc and so on). This wasn't entirely unexpected, so I fixed up fstab and booted again. I found all three of the drives I installed, set them to raid auto-detect and used mdadm to create /dev/md0. I then created mdadm.conf by piping the output of mdadm --detail --scan --verbose into /etc/mdadm.conf.At this point, everything was still going swimmingly. I copied over a few hundred GB of data from another failing drive and everything seemed ok. I went to reboot once the copy was done and everything just went weird. All of the sd* drives went back to the original. Of course, this meant that the mdadm.conf was wrong. I tried to just change the device list, but that didn't work. I then deleted mdadm.conf and rebooted. The drive list stayed in the original order this time, so I just tried manually starting the array.
By erasing the partition table of the 3rd drive, I've been able to get it to the status of spare, but it says it is busy when I try to add it to the array. A grep through dmesg makes me think that md has a lock on it. I'm not sure where to go with it now. If anyone has any pointers, I would like to hear them.
Device List(original):
/dev/sda => boot drive, /home /
/dev/sdb => 1.5TB media storage, failing
[code]...
View 1 Replies
View Related
Jul 26, 2010
I'm looking to possibly need to make use of snort and its packet filtering/inspection abilities to help cover for PCI. I've searched Amazon, but nothing really stand out, there is a new one (2007 - Snort Intrusion Detection and Prevention Toolkit), or slightly older ones... Managing Security with Snort & IDS Tools - 2004, Snort Cookbook - 2005, Snort for Dummies - 2004.
Now i'm tempted in just going for the latest one, but i'm completely new to snort so perhaps it needs another book like snort for dummies to get started ;-P
View 5 Replies
View Related
Nov 10, 2010
I'm posting an E-Mail I sent to Pidgin Support, which didn't get answered. I'm doing this because I believe it is a general SSL problem. I've even tried a different chat client (Instantbird) - same error message. Since a week or so I'm not able to securely login to ICQ any longer with one of my accounts. Only if I disable "Use SLL" in the advanced settings, it works. With SSL I get the error message "Unable to connect to BOS server: SSL Handshake Failed". In the debug window the reason for the failure is "A record packet with illegal version was received". If I enable the setting "Use clientLogin", I get a different error: "Received invalid data on connection with server".
I get this error for all of my ICQ accounts if I enable this, but the other ones work just fine using only "Use SLL". I can login to the ICQ website with the "bad" account too, the settings are exactly the same for all 3 accounts. I was using Pidgin 2.7.3 when this happened first, upgraded to 2.7.5, but no change. I'm running RHEL 5.5 x86_64. I've attached the Pidgin debug messages for the "bad" case of the not working account and for the "good" case of one of the working accounts. I've tried a lot of things, like deleting the account and adding it again. I deleted the cached certificates. I changed the password on the ICQ website.
From the attachment I'm only pasting the most important part - the error message:
(20:27:14) gnutls: Starting handshake with bos.oscar.aol.com
(20:27:14) gnutls: Handshake failed. Error A record packet with illegal version was received.
(20:27:14) oscar: unable to connect to FLAP server of type 0x0002
(20:27:14) connection: Connection error on 0x9bf19f0 (reason: 0 description: Unable to connect to BOS server: SSL Handshake Failed)
I doesn't get into my head why 2 accounts work perfectly, but one doesn't. The login-server is exactly the same, so also the used certificate should be the same.
View 2 Replies
View Related
Jul 12, 2010
I am the new user to ns-2. I would like to know is it possible to send the keys or some value as the packet data (content of the packet) in ns-2 (for wireless environment).
View 1 Replies
View Related
Nov 12, 2010
anyone know network packet editor for Linux? or modify network packet in wireshark?
View 1 Replies
View Related
Jan 23, 2010
I try to setup a locale network between 10 (Web) Servers (openSuse 11.2), each Server is connected to the internet (eth0) which works fine on all servers.
A 2nd NIC eth1 (1GBit rtl-8169) on each Server is connect to a Switch and should function as a LAN. I installed/configured the 2nd NIC with yast, and than added a route for the local network (192.168.20.0) to use eth1. So far every thing works (ssh for example), but I have a packet loss of 10%-60% (ping) on the local network, and I cant find the reason for the packet loss. I already installed a Debian Lenny on 2 Servers (just to test) but I have the same problem on Debian.
No firewall or any other application is in the way. With tcpdump I could figure out that the packages are send but never show up on the destination server.
I put some more information about how I configured the LAN below. I have not done this my first time and from my experience if something is wrong with the network configuration (wrong routing, firewall in the way, etc.) this usually leads to a packet loss of 100% or the destination is simply not reachable.
The 2nd NIC is installed with either yast on suse , or by editing /etc/network/interfaces on debian. The Kernel module rtl8169 is loaded.
They are configured with the following values:
Route is added by:
Output example. of ifconfig :
Output of route (same on all servers):
Output of ping:
View 14 Replies
View Related
Apr 9, 2010
I'm writing to you because I encountered the following problem. My program displayes all network interfaces that are available in the system, but I would like to adda functionality in which a user can enter a destination address IP (ex. the IP address of the Google search engine) and will get information which network interface will be used to send it. As I know it is associated with reading information from routing table in the system. Maybe you know the API (functions/methods) which I could use to do it in RedHat ? I program in C/C++, but if you know how to do it in other programming languages (Java, Perl, Python) I will be grateful for any information.
View 4 Replies
View Related