Fedora Security :: Cold Boot Attack Prevention

May 13, 2009

I have full hdd encryption with a rather long key. The thing is the FBI might just show up at my house one day and have a warrant for my PC, and who wants the government looken through there life? I have a few plans on geting my PC shut down before they can get there hands on it. This is all well and good, but if they can sniff my key from the ram It doesn't matter what my key is or weather they find the computer on or off. Anyhow, i was wondering if there was some way I could add a script to the shut-down process that would over-write the ram.

View 11 Replies


Fedora Security :: Server Seems To Attack The World Hacking?

Apr 10, 2009

I went away from home for a few days, ... Now I am back at home and noticed, that my server is going out with 100% available bandwidth. The server is mainly Http / Ftp / Mail server, so I stopped all services, to see which one it is. ervices stopped, still 100Mbps go out like ants in the flood.

I updated the system, made a backup, installed IPtraf. It seems that I have something 'installed' and my server is running something to attack User computers. It seems to try to find something on random IP's random ports. I am a little bit confused now. As long as my sites are running, I'm ~OK~ but sooner or later I would like to have my bandwidth back. How could I try to hunt down which service/app/process got hacked?

It seems that the monetary system of our society got now more enemy's than friends. Capitalism seems to reach it's end. But my server is serving also ART! Sooner or later we will need to pay copyright even for our thoughts. I was reading today, that the French president wants to punish file sharing as his wife made 3 albums, and wants to get some money ..

View 12 Replies View Related

Fedora Security :: Attack Sneaks Rootkits Into Kernel

May 7, 2009

Attack Sneaks Rootkits Into Linux Kernel Quote: A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux

Apr 14, 2009 | 04:21 PM
By Kelly Jackson Higgins

Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.

"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says. The /dev/mem "device" can be opened like a file, and you can read and write to it like a text file, Lineberry says. It's normally used for debugging the kernel, for instance.

Lineberry has developed a proof-of-concept attack that reads and writes to kernel memory as well as stores code inside the kernel, and he plans to release a framework at Black Hat that lets you use /dev/mem to "implement rootkit-like behaviors," he says. The idea of abusing /dev/mem to hack the Linux kernel is not really new, he says. "People have known what you can do with these /dev/mem devices, but I have never seen any rootkits with dev/mem before," he says.

Quote: "The problem with kernel-based rootkits is that the rootkit can mitigate [detection] because it has control," he says. "It's a race in the kernel to see who's going to see who first." [URL]

View 1 Replies View Related

Fedora Security :: SE Attack Alerts - Root Out The Source?

Oct 20, 2009

I have been receiving attack alerts. And I would like to root out the source of the problem. I'll give you the messages. If you could help me prevent this hacker from even being able to attempt these things please any advice is helpful. There have been memory stack attempts, failed sys_admin conversion attempts, password file write attempts etc.....


View 5 Replies View Related

Fedora Installation :: X Hangs From Cold Boot

Nov 24, 2009

This is one of those newbie questions about where I look to find error messages so that I can understand what the issues might be. My Fedora 12 setup invariably always hangs whenever I login following a cold boot. I login to x/g-nome, the screen clears and the initial background appears and then that's it.

I've been getting out of this by switching to another TTY (CTRL + ALT + 2), login as root and issue "shutdown -r now". System re-boots and I can login normally. I can see a stream of messages, I think relating to x scroll up the screen rapidly after the shutdown command. I'm not fast enough on the Pause button to read them. My question(s) then is... is there somewhere I can look to see what those messages might be? From the symptoms described initially, anyone have any thoughts on what the issue is likely to be?

View 6 Replies View Related

Fedora Installation :: F15 Upgrade - Cold Boot Error "Your System Last Boot Fail Or Post Interrupted Please Enter Setup To Load Default And Reboot"

Jun 30, 2011

I just upgraded to F15 and it went well. But at the next and each subsequent cold boot the BIOS reports "Your system last boot fail or post interrupted Please enter setup to load default and reboot". The board is an asus P5N-D. I press F1 to blow past the error and all is well until the next cold boot. Restarts are fine, no errors at all.

View 12 Replies View Related

CentOS 5 Hardware :: USB Aircard Cold Boot Vs Warm Boot 5.2

Jan 23, 2009

If I boot my CentOS 5.2 box, then insert a Verizon aircard, then modprobe usbserial I end up with /dev/ttyUSB0 and 1. If I then warm boot (init 6) the machine and modprobe usbserial /dev/ttyUSB0 and 1 are there and usable. If I cold boot the machine (init 0 and power on) then modprobe usbserial, /dev/ttyUSB0 and 1 do not show up. If I unplug the aircard and plug it back in, the devices are created and ready to go. The machine will be in an unattended environment and I can not remove the device on every power up. How can I get the machine to find the usb device on the cold boot vs the warm boot? I don't understand why there is a difference to begin with...


View 2 Replies View Related

Security :: Centos 5.5 Server - How To Protect From Outside Attack

Dec 21, 2010

I have just configured Centos 5.5 LocalMailServer with fetchmail and sendmail , Proxy with Squid and FileServer with samba. Now my concern is security.. How can i protect my server with outside attack. Will I need to block some ports or I need special tools or script so no one from outside can attack my machine. My machine is working on intranet with local ip only.. No web server or static ip exists. Machine is connected with ADSL router to access internet.

View 5 Replies View Related

Security :: Track DDoS Attack On A Server?

Jan 25, 2011

how can I track a Dos and DDoS attack on a server . Does linux have any goiod known command line utilities and log files to us e in this way?

View 1 Replies View Related

Security :: NSA On Computer Network Attack & Defense

May 3, 2010


The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers´┐Ż methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.

View 1 Replies View Related

Security :: Sample Attack On Honeypot System?

Nov 23, 2010

I have implemented two machines one for honeypot( and another( to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.

But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.

View 2 Replies View Related

Security :: Program To Stop DDOS Attack?

May 30, 2011

i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?

View 14 Replies View Related

Ubuntu Security :: HD Attack Into APT Manager And Folder Permissions

May 24, 2010

I may not be a code worrior, yet I have been a Ubuntu convert from Apple for about 3yrs now. Since 1984-2006 now hackers or viruses. And Until now Ubuntu has been clean, well I have been good with repos, etc.

1. Recently I found "Odd" behavior with my Amarok 1.4 player, ffmpeg, winff.

2. During a Synaptic upgrade there were some "unauthorized changes". I have seen this before due to some of my software, so I ignored it. . .

To my bewilderment, "It" erased Amarok 1.4 player, ffmpeg, winff, all image kernels, claimed domain over my system permissions, and external HD. B4 I shutdown, downloaded LUCID 10.4. . . restarted, then copied over all info possible to minimize a complete delete of my system. Upon restart, indeed all kernel images were gone, Only live CD allowed me access to repartition my HD.

NOW. I have Lucid running, and have been denied access to my external HD and partitioned (internal HD). I used Nautilus to copy over files to my internal laptop HD, yet permissions continue to be an issue. The INFECTED FOLDERS are owned by "User 999-user#999. I must micro manage every folder and file to gain "partial permission". The dialog box stutters and never allows me to go down to "Root"

View 5 Replies View Related

Ubuntu Security :: MITM Attack - TLS Renegotiation Vulnerability

Sep 28, 2010

Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.

My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?

View 4 Replies View Related

Ubuntu Security :: Broke Into Computer - Verify Attack?

Dec 28, 2010

mpg123 suddenly started playing a police siren occationly. I checked the process once I heard it, and root was the process owner. How could this happen? Have someone broke into my computer? If so - how could I verify an attack? I run Ubuntu 9.10.

View 2 Replies View Related

Security :: How Does Mktemp Prevent Denial Of Service Attack

Apr 22, 2010

This is an excerpt from the Linux man page for mktemp command: "mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition. It creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead."

- How can a denial-of-service attack be carried out if a directory name is known?
- Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files?

View 1 Replies View Related

Ubuntu Security :: Firestarter Howing Attack From Samba Service

Mar 17, 2010

I got alarm on Firestarter showing attack from samba service on port 139 . Is that ok for my host computer ? or a serious attack .

View 9 Replies View Related

Security :: Attack Warning In Logwatch Message: Loopback Relay

Dec 14, 2010

I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.


View 1 Replies View Related

Software :: Corrupt GUI - KDE - Only On Cold Boot - Mandrake 10 - Weird ?

Apr 14, 2011

Summary: Video fault on boot when KDE starts, but only after being shut down properly and turned off. Rebooting yields a perfect boot, removing power while running yields a perfect boot.

I'm working on a very strange problem for a client and I think I've hit a brick wall. In a nutshell, when the system is booted up all indications are normal until the GUI starts. I briefly get an hourglass on a black background (it's normally blue) and then just a black screen with a corrupt line of randomness across the top of the screen. The weird part is that this ONLY happens after the system is shut down and turned off.

If I kill power after I get the corrupt desktop, it will boot into KDE just fine. Also, if I reboot instead of shutdown it will boot correctly.

For now, I've told them to boot up until it freezes/corrupts video and then perform an alt+SysRq+REISUB to reboot into a usable system. After that it works as expected, so they basically just have to start up and then reboot if they ever turn the equipment off.

The equipment rack has an identical redundant computer drawer as a ready spare, complete with a seperate hard disk and all. One hard drive came pre-loaded from the manufacturer and the other was loaded with the same software by the client from media provided by the manufacturer. I've swapped hard drives with no change and the client has reported swapping the entire computer with the ready spare with the same result.

The problem reportedly only surfaced a few weeks ago, but of course they can't think of anything that "happened" a few weeks ago. This is all new equipment less than a year old, but it may have been sitting in a warehouse for a few years before being installed.

View 2 Replies View Related

Debian :: Cold Turkey - Windows Xp Would Not Boot Afterwards - Updates Automatic?

Jul 25, 2010

I tried to partition with P Magic but my windows xp would not boot afterwards, so I have gone cold turkey.....wiped the drive and installed linux. Debian is now the third one I've looked at and hope to stay here. Couple questions right off

1) Is firewall installed with debian installation or do I have to do something else?
2) are updates automatic?

View 10 Replies View Related

Slackware :: Synaptics Touchpad Not Working On Initial Cold Boot?

Jan 10, 2010

What happens is on first boot, my Synaptics touchpad is not being recognised by the Kernel, so I have to boot a second time when it will start working.I have followed and tried loads of advice from different threads, including the copying and editing of the 11-x11-synaptics.fdi file under etc/hal/policy. Also the psmouse proto=any trick. The rmmod and further modprobe of psmouse. Restarting both HALD and UDEV both later and earlier in the boot procedure . The results of all of which is the same. The touchpad only works on second and subsequent warm boots.Below is the output of cat /proc/bus/input/devices for cold and warm bootCold boot

I: Bus=0017 Vendor=0001 Product=0001 Version=0100
N: Name="Macintosh mouse button emulation"


View 14 Replies View Related

Security :: John The Ripper Brute-force Attack And Multi-core Processors?

Feb 19, 2010

In my Open-Suse server I have a script, where makepasswd output(by default it generates similar passwords: cGyTbqpr, tpJ1LA, 33EXdo) is redirected to mkpasswd(which uses DES by default) in order to generate salted hash of this previously generated password. I would like to test the strength of this system. I have a quad core CPU, and if I start John The Ripper like this(I want to use -incremental:all flag):

john -incremental:all passwd

..only one core is utilized at 100%. Is there a possibility to make all four cores to crack this password? Or is this possible only after reprogramming John The Ripper? Or what is the algorithm for generating passwords with with -incremental:all flag? I mean if John generates passwords randomly in brute-force mode, then it's smart to start four different John processes simultaneously because then one of those four will find the password firs

View 2 Replies View Related

Ubuntu Installation :: Select The Operating System Required From A Cold Boot?

Feb 12, 2011

I have Windows XP on one drive "C" drive, Windows 7 on another "E" drive and want to install Ubuntu on another drive "G" drive. How do I when installing Ubuntu select the "G" drive to install to?

Then how to select the operating system required from a cold boot?

View 9 Replies View Related

Security :: Is Server Under DdOS Attack - Not Having Much Load And Only Few Process Runs But Site Opens Very Slow

Aug 5, 2010

I have a server and i think that my server is under Ddos attack. i see that server is not having much load and only few process runs but my site opens very slow. i executed the following command on my ssh:


View 7 Replies View Related

OpenSUSE :: Segfaults On Cold Boot But Not "warm" Boot?

Jul 19, 2011

Generally, my computer behaves okay. Sometimes, however, it crashes and is unstable until after I shut it down, wait ten seconds and boot it up again (what I'd possibly incorrectly call a warm boot). It only ever seems to need a "warm boot" after being off for over a day (e.g. when the in-laws visit for an evening and I don't use my computer from Wednesday night until Friday night). I've been poking and prodding the problem as best I know, but I've not worked out what the problem is. The kernel is still awake enough to respond to SysReq and so I can reboot cleanly if my machine locks up, but it was only in the past couple of days that I noticed segfault messages.

Sometimes Chromium will crash out and refuse to restart after that because of segfaults. Sometimes X locks up and I can't switch to another terminal. Sometimes X just restarts itself (normally alternating between Ctrl+Alt+F7 and F8), but once that happens then X won't stay stable. I've also once seen some "preload" command segfault on TTY1 (not sure which one it was). I've run memtest a couple of times and it passes a couple of iterations each time before I finish it. I've moved my memory around in case it isn't seating properly. I've tried hammering the processor with some of the performance testing in Parted Magic. I've swapped out the graphics card (partly to see if it was sending bad messages, because I've had other problems - reported in other threads) with no effect. The BIOS is still keeping the time, so it wouldn't seem to be anything battery related (plus the mobo is only about a year old).

I can't work out what causes it, but if I power off, wait and power on again then everything is fine. The only stack traces I've seen have been "segfault at 8 ip ..... error 4 in libstdc++.so.6.0.14" and "/usr/bin/Xorg - corrupted doubly linked list". Google wasn't much help, because so many segfault questions are people working with their own apps that they're writing (where it is their mistake) or some desktop app (where it is still the same type of mistake, but it can be run through GBD, unlike the entire OS). I'm running openSUSE 11.4 with all the latest updates, plus Gnome 3.

View 7 Replies View Related

Security :: Effectiveness Of A Salt For An "offline" Attack?

May 4, 2010

Context: I happened to read through an old presentation today on OpenBSD's cryptography page called "A Future-Adaptable Password Scheme". In spite of its age, it still seems relevant and useful. One of the topics it discusses is the problem of "offline" attacks, where an attacker is not slowed down by any system (or other external) security. It's attacker vs. the computational cost of guessing passwords in such a scenario.

Specific question: On several unix-like systems (including Linux), the salt helps make building rainbow tables computationally expensive. It's not enough to guess a password and hash it; the proper salt must be provided as well, or the password will not be discovered.

However, the salt (or the hashed salt) seems to be visible in /etc/shadow. For example:


foouser:$6$U9a6HdUY$U3qFDMen0wDmL0x5WHm2OWhOgzOZ4MCQxV/oY.i5RhfXCQrLifIVkBpWOd1CbCGimVCjmfxZAaud/sXDf1.mv0:14733:0:99999:7::: So in an offline attack, a rainbow table could be built using precisely that salt, correct? (Yes, I realize /etc/shadow is not readable by non-root users, but I am considering an offline attack.) Building the salt (or the hashed salt) into the hashed password seems to defeat the purpose of using a salt altogether.

View 2 Replies View Related

General :: Debian "Lenny" Rebooting Automatically On Cold Boot

Aug 17, 2010

I have installed Debian GNU/Linux 5.0.3 "Lenny" on a Compaq 510 laptop.

The problem am experiencing is that when I start it, it takes about 3 - 4 reboots before I get it to work without an automatic reboot.

I checked the dmesg command and the last part indicates the following:

I don't know what to do so as to enable the PCI interrupt that is should not reboot after a cold boot.

View 3 Replies View Related

Fedora Security :: Security Risk Of An Unencrypted /boot Partition?

Apr 8, 2009

During a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).

View 5 Replies View Related

Debian Configuration :: Accidental Double-click Prevention ?

Apr 17, 2011

There's a physical problem with my Microsoft mouse (and from what I've heard many other Microsoft and Logitech mice) where it accidentally double clicks during what is intended to be one click from me. I was thinking that surely some software that ignores the next click input from the mouse if it is within say 50ms (At a guess) as the last click would solve this problem and increase the longevity of these mice. Is there an option for this somewhere? Perhaps it would be easy to program a simple script or something for this?

View 3 Replies View Related

Fedora Servers :: Server And Clients (NFS And NIS) Are In Continuous Attack Via Ssh?

Aug 25, 2009

My server and clients (NFS and NIS) are in continuous attack via ssh. Somebody is trying to guess password and login, and making port 22 busy.What are different ways to stop this attack?I am thinking to block this ip in iptable but I have no good idea because I have not done this before. Any special consideration do I have to take while doing this thing? How is it done and which file does it modify?

View 14 Replies View Related

Copyrights 2005-15 www.BigResource.com, All rights reserved