Networking :: Network Security - How To Identify Programs And Processes
Sep 2, 2010
I was wondering if anyone might know of good reference material, books websites etc., that discuss network security issues in layman terms. I would like to set up a dedicated Linux box as a firewall and would like to have a deeper understanding of the different types of configurations that are possible. I run a dual boot system and most of the firewalls I have used on the Windows side are very confusing to me. A lot of the time they give you a pop up that informs you that some cryptically named program is trying to access the network or the internet and wants to know if I want it to or not, 99% of the time I have not idea if it is a legitimate program or not. I realize that this is probably a separate issue (knowing how to identify programs and processes that should have access from those that should not) from setting up a firewall and basic network security but I know that they are related.
View 3 Replies
ADVERTISEMENT
Jul 19, 2011
How to identify which processes (or PIDs) are consuming SWAP? In my RHEL box SWAP is nearly 100 % utilized.
Code:
$ free -m
total used free shared buffers cached
Mem: 144967 143212 1754 0 166 135259
-/+ buffers/cache: 7787 137180
Swap: 22367 21733 634
View 11 Replies
View Related
Aug 13, 2010
That would seem like an elementary feature to be able to enable only a few system applications access to the Internet. That would prevent trojans to download your HD for examples. I looked around and played with iptables but I couldn't not find anything that do the job. I loaded the xt_owner kernel for iptables but the --cmd-owner command is lacking. That was my holy grail but could not get --cmd-owner to work. iptables -I OUTPUT -m owner --cmd-owner "firefox" -j LOG --log-prefix "Testing " How can I protect my machine against the enemy within.
OpenSuse 11.2
Kernel: 2.6.31.12-0.2-desktop
View 1 Replies
View Related
Jun 10, 2009
have two internet lines from two isp every one pluged to interface eth0 and eth1 and i have eth2 interface to internel network clients now i need to make some clients to use line 1 and other use line 2 i want make this without use netmask , just for selected IP.
View 1 Replies
View Related
Feb 15, 2011
For the last four days, I have been getting HIDS alerts like these:
Code:
152.2.x.x - - [15/Feb/2011:04:28:59 -0500] "PROPFIND /C%24.co HTTP/1.1" 405 231
152.2.x.x - - [15/Feb/2011:04:28:59 -0500] "PROPFIND /C%24.com HTTP/1.1" 405 232
[code]....
View 7 Replies
View Related
May 2, 2010
Is there a way to identify exactly what application is asking for keyring access at the given time? I get this query every boot and it's getting annoying. The annoyance is there, but more importantly and from a personal security standpoint on desktop systems, it's pretty bad that it doesn't say what application want's the access.
View 7 Replies
View Related
Jan 18, 2010
I have a HP Pavilion dv2000 and can not figure out what chipset I have.
/sbin/lspci brings up the following
bunnyman@linux-bqo4:~> /sbin/lspci
00:00.0 Host bridge: Intel Corporation Mobile Memory Controller Hub (rev 0c)
00:02.0 VGA compatible controller: Intel Corporation Mobile Integrated Graphics Controller (rev 0c)
00:02.1 Display controller: Intel Corporation Mobile Integrated Graphics Controller (rev 0c)
[Code]....
where I can get the .inf file from? I took windows completely off of the computer and dont want to reinstall it just to get the driver.
View 9 Replies
View Related
Jan 5, 2010
My wireless usb network adapter is constantly using ~100bytes/s even when there is nothing I can think of that needs to talk to the internet. Is there a way to find out what programs are using the internet?
View 2 Replies
View Related
Jan 13, 2010
I post this to have a memo about how I looked into this problem. You can use this command to check what is hidden.
Code:
/usr/lib/chkrootkit/chkproc -v -p 3 | grep /proc/ | sed 's/.*(/proc/[0-9]*).*/1/'| xargs -n1 -I %%% cat %%%/cmdline
If it doesn't output anything, then nothing is hidden currently. This usually means that a process was started between the ps command and the /proc check of chkrootkit. You can check what those command(s) are by running the above in a loop, with high priority.
[Code]...
Does anyone know how to get rid of these false positives while retaining other functionality of chkrootkit?
View 1 Replies
View Related
Jun 15, 2010
How do Linux identify the eth0, eth1, eth2 interfaces. For instance I plug in a network cable in to an interface. How do Linux recognize the plug in interface is eth0 or eth1?
View 1 Replies
View Related
May 7, 2011
To: The Cog >>>
Code:
The Cog, heres the reszults for ps -ef | grep tty:
yo mama@blah:~$ ps -ef | grep tty
[code]....
View 9 Replies
View Related
Jun 22, 2009
Is there an easy way to log the names of the actual processes that initiate, let's say, outbound connections from the Linux machine, for instance track what process initiates an outbound connection to MySQL port to remote machine and stuff like that?
View 3 Replies
View Related
Dec 30, 2010
I've a Linux box with few users (with shell). I would like to prevent normal users see all the processes running on the box. How can I implement this?
View 1 Replies
View Related
May 18, 2010
identify the right network structure for a data intensive website, built on LAMP. I'm thinking of a load balanced website, and that it should have a mysql master/slave setup server. I'm no expert in this area, so any online resources are welcome. You can check out the website [URL] - but it will have 10 million items once the hardware can support it.
View 1 Replies
View Related
Mar 24, 2010
this is scary, bunch of vmware-user-wra processes stall cpu 100%!! What's going on? Server has just been restarted! Bere I restarted, the root started all this vmware-user-wra!! I was configuring vncserver! After restart, it's started by user roo300 which I have used to login via SecureShell!
Code:
top - 20:20:29 up 4 min, 85 users, load average: 76.57, 35.14, 13.60
Tasks: 629 total, 90 running, 539 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.5%us, 98.5%sy, 0.0%ni, 0.0%id, 0.0%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 3873304k total, 369500k used, 3503804k free, 50492k buffers
[code]....
View 2 Replies
View Related
Mar 3, 2011
my computer is often very slow, to the point of stalling. I tty'd in and when I ran ps -ef I noticed about 10 /usr/sbin/apache2 -k start I dont even want 1 apache running. Any suggestions why these are running, or how to stop it? Well, I can stop it with a sudo killall, but how can I make sure it doesnt happen again?
View 5 Replies
View Related
Feb 24, 2011
I'm using KDE 4.5 with Ubunthu 9.04 installed Laptop. The problem occurs when I'm going to connect internet with my Huawai E160 dongle. The network manager program didn't identify my dongle so I can't connect to the internet. I have create a broadband connection in network manager program.
I can connect to internet with GNOME desktop since dongle is detect and I can create a Broadband connection and connect to the internet.
View 12 Replies
View Related
Jul 16, 2010
I keep the network window of System Monitor active on my panel to see if anything is going on with the network.
After the last upgrade, lucid has been having nonstop short, small bursts of network activity, showing in system monitor as received data of approx 60 kb, then 0, then ~60, then 0, continuously. This is occurring before any applications are opened.
Whatever it is, it starts to tie up the processor until performance is unusable.
The processes screen does not offer any clues, perhaps because the data transfers are so small and spaced out. It still should indicate what is tying up the CPU, though. In the attached screencap, you can see the network activity pattern in the system monitor window in the panel.
Is there any way to monitor what processes are accessing the network in order to see what is going on?
View 3 Replies
View Related
Jul 5, 2010
how efficient and effective are these snort, argus, ossec etc etc for an organization having 3500 PC Network, connected through 700+ Cisco Devices (Layer 2 and Layer 3), and scattered on 130 different sites (geographically)? what should be the combination of products and what should be the architecture for an efficient forensics activity?
View 2 Replies
View Related
Jun 14, 2010
The way to identify CAT 5 and CAT 6 cable?What are the differences between these two cables..?
View 8 Replies
View Related
Dec 1, 2010
how to identify the icmp packets & marking. this below icmp packets marking is not working.
iptables -t mangle -A PREROUTING -p icmp -j MARK --set-mark 0x5
iptables -t mangle -A PREROUTING -p icmp -j RETURN
with the help of port no or any other how can i identify the icmp packet ?... This below two is working fine
iptables -t mangle -A PREROUTING -p tcp -j MARK --set-mark 0x2
iptables -t mangle -A PREROUTING -p tcp -j RETURN
iptables -t mangle -A PREROUTING -p udp -j MARK --set-mark 0x3
iptables -t mangle -A PREROUTING -p udp -j RETURN
View 1 Replies
View Related
Jul 26, 2011
Is there a linux command (or command combination or utility) that can identify all processes (PIDs) that are sharing a TCP/IP stack ?
View 4 Replies
View Related
Apr 13, 2011
How to identify the status of the ethernet interafces? on my machine, every interface shows "UP" nn matter the interface is connected or not:
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
View 4 Replies
View Related
Oct 27, 2010
I have a desklet that, occasionally after toying with network stuff, will tell me that large amounts of data are being sent/received. What's a good way to determine what processes are occupying these resources?!
View 14 Replies
View Related
May 18, 2011
I have iomega appliance, which is based on Debian distribution. There is an NFS share that I have created which is without password.Since it is without password, there are some viruses copied. I want to find out which IP address is the source of these files. In other words, I want to know which PC is copying these infected files on the NFS share.
View 3 Replies
View Related
Mar 27, 2011
I'm running Ubuntu 10.10 64bit, and I'm a newbie when it comes to networking.
My issue is that there seems to be a socket bound to a port blocking MongoDB from accessing it's usual port 27017. The strange thing that it was working just fine until recently and I can't figure out what I did to screw things up... I can make it use a different port but the reason why it can't bind to the default port and why I can't fix it is really bothering me. I've tried rebooting the machine even with nothing else running when I try to run Mongo is still blocked giving the following message:
Code:
ropes@ropes:~/mongodb-linux-x86_64-1.8.0/bin$ ./mongod
./mongod --help for help and startup options
Sun Mar 27 14:08:14 [initandlisten] MongoDB starting : pid=2718 port=27017 dbpath=/data/db/ 64-bit
[Code]....
View 5 Replies
View Related
Apr 9, 2010
I installed Ubuntu on an old desktop last night and am having some problems with my wireless connection.I've searched around a bit and tried a few solutions but nothing seems to be working so hopefully someone can help. I'm using a Netgear WG111v3 wireless USB adapter and am attempting to connect to a Sky Broadband modem, the connection shows up in the list of avaliable networks after clicking on the network symbol and after attempting to connect for a while it then asks for the WPA password.
I enter the password and then this repeats over and over again continuously asking for the password and me continuously entering it. I know the password is correct as I'm using it on my laptop and other home computer right now.I've tried connecting to a hidden wireless network and inserting the network name and password as some have suggested and I've also tried adding the details from my router into the connection; so that I have manually entered the information rather than automatically finding it, this also hasn't worked.I should probably add that earlier today I seemingly randomly got connected and then managed to run some updates but since then it has disconnected and the same problem is repeating over and over. Sorry if thats quite a long explanation but I thought I'd try and make it as clear as possible,
View 1 Replies
View Related
Mar 18, 2010
What the most harmful thing can malware program started as separate limited user account do if it has access to the X server? Network and filesystem things are already considered by chroot and netfilter.
It obviously can lock the screen and I will need to switch to other vt and kill it manually. Can it for example disrupt other GUI programs on the same X server (access a root terminal in nearby window)?
I know that it is safer to run it in separate X server, for example, in Xtightvnc or even some virtual machine, but how dangerous is to just run it like other programs?
View 3 Replies
View Related
Apr 27, 2010
I recently installed mplayer I compiled from svn, and now Ubuntu's package manager is showing security patches. If I install these patches, will it mess up the version I compiled and installed?
View 5 Replies
View Related
Mar 10, 2011
After reading Bodhi's Ubuntu security sticky, I removed the links between WINE and the various folders. However, I've lost the menu items for my programs.
The menu no longer has MS Office in there and the only way to launch these is to do into .wine and launch it from there.
How can I bring back these links?
View 1 Replies
View Related
