Security :: Attack Warning In Logwatch Message: Loopback Relay
Dec 14, 2010I'm not concerned about this since this traffic is generated from the loopback address, but would like to find out what it is.
[code]...
ADVERTISEMENT
Fedora Security :: Unusual Warning Message Asking For Password?
Apr 9, 2011Sometimes when I try to open some chat application i get a strange warning message asking for password. The message is that /usr/libexec/mission-control is trying to gain access of the system, please provide the password. On top of the message box it shows "Unlock Keyring".
This very weird, as I am also unable to do a print-screen when this message box is up.
what this message is all about and what does the executable /usr/libexec/mission-control do?
I am using Empathy as my chat application
General :: Logwatch Warning: Kernel Errors
Oct 22, 2010I'm having some issues on a server running redhat for specific application and lately it has been for some reason kicking out some services. I just checked the Logwatch mail on the root user and here is one of the main error:
[code]...
CentOS 5 :: New Install Hangs On Loopback Message?
Dec 26, 2010Installed latest version of sipXecs (PBX system) which is based on CentOS. The install went fine. During the first boot up all the messages come back with OK until it reachs a message about loopback. It hanges on this message and will go no further.
View 1 Replies View RelatedSecurity :: How To Configure Logwatch
Mar 4, 2010how to configure Logwatch? where can I find its config file? I never configure it but I received email everyday from Logwatch@mydomain.com..
View 1 Replies View RelatedGeneral :: Install Logwatch As A Security Precaution?
Sep 11, 2010I was advised by a fellow forum owner to install logwatch as a security precaution. Our forum runs on a dedicated server. CentOS 5.5. I ran "yum install logwatch" and got the following:
Code:
Examining logwatch-7.3.6-1.noarch.rpm: logwatch-7.3.6-1.noarch
Marking logwatch-7.3.6-1.noarch.rpm to be installed
Resolving Dependencies
--> Running transaction check
---> Package logwatch.noarch 0:7.3.6-1 set to be updated
--> Finished Dependency Resolution
[Code]...
Security :: Centos 5.5 Server - How To Protect From Outside Attack
Dec 21, 2010I have just configured Centos 5.5 LocalMailServer with fetchmail and sendmail , Proxy with Squid and FileServer with samba. Now my concern is security.. How can i protect my server with outside attack. Will I need to block some ports or I need special tools or script so no one from outside can attack my machine. My machine is working on intranet with local ip only.. No web server or static ip exists. Machine is connected with ADSL router to access internet.
View 5 Replies View RelatedSecurity :: Track DDoS Attack On A Server?
Jan 25, 2011how can I track a Dos and DDoS attack on a server . Does linux have any goiod known command line utilities and log files to us e in this way?
View 1 Replies View RelatedSecurity :: NSA On Computer Network Attack & Defense
May 3, 2010Quote:
The 605-page PDF document reads like a listing of the pros and cons for a huge array of defensive and counterintelligence approaches and technologies that an entity might adopt in defending its networks. Of particular interest to me was the section on deception technologies, which discusses the use of honeynet technology to learn more about attackers� methods, as well as the potential legal and privacy aspects of using honeynets. Another section delves into the challenges of attributing the true origin(s) of a computer network attack.
Security :: Sample Attack On Honeypot System?
Nov 23, 2010I have implemented two machines one for honeypot(192.168.100.10) and another(192.168.100.20) to remotely log the honeypot log file using syslog. Inside honeypot I emulated another 3 machines with services on virtual IPs of that same block.Now honeypot is working and I can see the logs generating as I did a portscan(nmap) on those virtual IPs from .20 machine.All of the machines are running ubuntu.
But does anyone know any s/w or tools which originally attackers use so that I can get a clear picture of what happens from the logs. Having problems creating these attack scenarios.
Security :: Program To Stop DDOS Attack?
May 30, 2011i have 1 question no more because i got many ddos attack and my load is 95++ what is the best program to stop DDOS Attack ?
View 14 Replies View RelatedSecurity :: Centos 5.5 / Rkhunter Result In Logwatch Mail
Apr 20, 2011I have a server, running Centos 5.5. It runs daily rkhunter and logwatch. From both I get a daily mail.
I have a desktop computer, running Fedora 13 (almost 14...). It runs also a daily rkhunter and logwatch. But I get ONE mail from logwatch, which contains the result of rkhunter.
On the server, I want also only mail from logwatch, containing the rkhunter results. But so far, no luck.
How can I get the rkhunter results in the logwatch mail on my Centos server?
Security :: Logwatch Reported Possible Exploits On Gateway Machine?
Mar 15, 2011I have set logwatch to report daily the logs, somehow since last week i get below message. A total of 1 possible successful probes were detected (the following URLs contain strings that match one or more of a listing of strings that indicate a possible exploit):
/cgi-bin/blocked.cgi?clientaddr=192.168.1.108&clientname=&clientident=&clientgroup=limitedaccess&targetclass= untrusted&url=http://adfarm.mediaplex.com/ad/fm/9608-84171-8772-2?
[code]...
Fedora Security :: Server Seems To Attack The World Hacking?
Apr 10, 2009I went away from home for a few days, ... Now I am back at home and noticed, that my server is going out with 100% available bandwidth. The server is mainly Http / Ftp / Mail server, so I stopped all services, to see which one it is. ervices stopped, still 100Mbps go out like ants in the flood.
I updated the system, made a backup, installed IPtraf. It seems that I have something 'installed' and my server is running something to attack User computers. It seems to try to find something on random IP's random ports. I am a little bit confused now. As long as my sites are running, I'm ~OK~ but sooner or later I would like to have my bandwidth back. How could I try to hunt down which service/app/process got hacked?
It seems that the monetary system of our society got now more enemy's than friends. Capitalism seems to reach it's end. But my server is serving also ART! Sooner or later we will need to pay copyright even for our thoughts. I was reading today, that the French president wants to punish file sharing as his wife made 3 albums, and wants to get some money ..
Fedora Security :: Attack Sneaks Rootkits Into Kernel
May 7, 2009Attack Sneaks Rootkits Into Linux Kernel Quote: A researcher at Black Hat Europe this week will demonstrate a more stealthy way to hack Linux
Apr 14, 2009 | 04:21 PM
By Kelly Jackson Higgins
DarkReading
Kernel rootkits are tough enough to detect, but a researcher this week has demonstrated an even sneakier method of hacking Linux. The attack attack exploits an oft-forgotten function in Linux versions 2.4 and above in order to quietly insert a rootkit into the operating system kernel as a way to hide malware processes, hijack system calls, and open remote backdoors into the machine, for instance. At Black Hat Europe this week in Amsterdam, Anthony Lineberry, senior software engineer for Flexilis, will demonstrate how to hack the Linux kernel by exploiting the driver interface to physically addressable memory in Linux, called /dev/mem.
"One of bonuses of this [approach] is that most kernel module rootkits make a lot noise when they are inserting [the code]. This one is directly manipulating" the memory, so it's less noticeable, he says. The /dev/mem "device" can be opened like a file, and you can read and write to it like a text file, Lineberry says. It's normally used for debugging the kernel, for instance.
Lineberry has developed a proof-of-concept attack that reads and writes to kernel memory as well as stores code inside the kernel, and he plans to release a framework at Black Hat that lets you use /dev/mem to "implement rootkit-like behaviors," he says. The idea of abusing /dev/mem to hack the Linux kernel is not really new, he says. "People have known what you can do with these /dev/mem devices, but I have never seen any rootkits with dev/mem before," he says.
Quote: "The problem with kernel-based rootkits is that the rootkit can mitigate [detection] because it has control," he says. "It's a race in the kernel to see who's going to see who first." [URL]
Fedora Security :: Cold Boot Attack Prevention
May 13, 2009I have full hdd encryption with a rather long key. The thing is the FBI might just show up at my house one day and have a warrant for my PC, and who wants the government looken through there life? I have a few plans on geting my PC shut down before they can get there hands on it. This is all well and good, but if they can sniff my key from the ram It doesn't matter what my key is or weather they find the computer on or off. Anyhow, i was wondering if there was some way I could add a script to the shut-down process that would over-write the ram.
View 11 Replies View RelatedFedora Security :: SE Attack Alerts - Root Out The Source?
Oct 20, 2009I have been receiving attack alerts. And I would like to root out the source of the problem. I'll give you the messages. If you could help me prevent this hacker from even being able to attempt these things please any advice is helpful. There have been memory stack attempts, failed sys_admin conversion attempts, password file write attempts etc.....
[Code]...
Ubuntu Security :: HD Attack Into APT Manager And Folder Permissions
May 24, 2010I may not be a code worrior, yet I have been a Ubuntu convert from Apple for about 3yrs now. Since 1984-2006 now hackers or viruses. And Until now Ubuntu has been clean, well I have been good with repos, etc.
1. Recently I found "Odd" behavior with my Amarok 1.4 player, ffmpeg, winff.
2. During a Synaptic upgrade there were some "unauthorized changes". I have seen this before due to some of my software, so I ignored it. . .
To my bewilderment, "It" erased Amarok 1.4 player, ffmpeg, winff, all image kernels, claimed domain over my system permissions, and external HD. B4 I shutdown, downloaded LUCID 10.4. . . restarted, then copied over all info possible to minimize a complete delete of my system. Upon restart, indeed all kernel images were gone, Only live CD allowed me access to repartition my HD.
NOW. I have Lucid running, and have been denied access to my external HD and partitioned (internal HD). I used Nautilus to copy over files to my internal laptop HD, yet permissions continue to be an issue. The INFECTED FOLDERS are owned by "User 999-user#999. I must micro manage every folder and file to gain "partial permission". The dialog box stutters and never allows me to go down to "Root"
Ubuntu Security :: MITM Attack - TLS Renegotiation Vulnerability
Sep 28, 2010Using Opera 10.61 and 10.62, I find that any secure website I access, such as a bank, the lock icon in the address bar is replaced by a question mark. Clicking on it brings up a window, stating that the connection is not secure, that the server does not support TLS Renegotiation. Doing some internet searches for "opera tls renegotiation" brought me to a page at the Opera website, where they discuss this issue. The issue is generic, not limited to Opera, affecting the TLS protocol, and it potentially enables a man-in-the-middle to renegotiate a "secure" connection between a server and client, issuing own commands to the server. Opera has addressed the problem on the client end, but now servers need to be upgraded too. None of the HTTPS sites I have tried have upgraded their servers, if the information provided by the Opera browser is correct.
My questions: how feasible is such a MITM attack, what level of resources would such an attack require? What, if anything, would the attacker need to know about the client and/or server to mount the attack? Would I be better off using Firefox, or is Firefox simply oblivious of the problem and not issuing warnings for that reason?
Ubuntu Security :: Broke Into Computer - Verify Attack?
Dec 28, 2010mpg123 suddenly started playing a police siren occationly. I checked the process once I heard it, and root was the process owner. How could this happen? Have someone broke into my computer? If so - how could I verify an attack? I run Ubuntu 9.10.
View 2 Replies View RelatedSecurity :: How Does Mktemp Prevent Denial Of Service Attack
Apr 22, 2010This is an excerpt from the Linux man page for mktemp command: "mktemp is provided to allow shell scripts to safely use temporary files. Traditionally, many shell scripts take the name of the program with the PID as a suffix and use that as a temporary filename. This kind of naming scheme is predictable and the race condition. It creates is easy for an attacker to win. A safer, though still inferior approach is to make a temporary directory using the same naming scheme. While this does allow one to guarantee that a temporary file will not be subverted, it still allows a simple denial of service attack. For these reasons it is suggested that mktemp be used instead."
- How can a denial-of-service attack be carried out if a directory name is known?
- Why is it important to use mktemp to generate a sufficiently random file/directory name for temporary files?
Ubuntu Security :: Firestarter Howing Attack From Samba Service
Mar 17, 2010I got alarm on Firestarter showing attack from samba service on port 139 . Is that ok for my host computer ? or a serious attack .
View 9 Replies View RelatedSecurity :: John The Ripper Brute-force Attack And Multi-core Processors?
Feb 19, 2010In my Open-Suse server I have a script, where makepasswd output(by default it generates similar passwords: cGyTbqpr, tpJ1LA, 33EXdo) is redirected to mkpasswd(which uses DES by default) in order to generate salted hash of this previously generated password. I would like to test the strength of this system. I have a quad core CPU, and if I start John The Ripper like this(I want to use -incremental:all flag):
john -incremental:all passwd
..only one core is utilized at 100%. Is there a possibility to make all four cores to crack this password? Or is this possible only after reprogramming John The Ripper? Or what is the algorithm for generating passwords with with -incremental:all flag? I mean if John generates passwords randomly in brute-force mode, then it's smart to start four different John processes simultaneously because then one of those four will find the password firs
Security :: Is Server Under DdOS Attack - Not Having Much Load And Only Few Process Runs But Site Opens Very Slow
Aug 5, 2010I have a server and i think that my server is under Ddos attack. i see that server is not having much load and only few process runs but my site opens very slow. i executed the following command on my ssh:
[Code]....
Security :: Secure Webmail - SMTP Relay In DMZ?
Apr 11, 2010When you set up a webmail solution these days, either on your home LAN or at a small business. What steps do you take to make the solution as secure as possible? A couple of years ago it was sufficient to port forward both port 25 and 80/443 to you server located on the internal LAN. Today you're more likely to have a SMTP relay in a DMZ of some kind. But the webmail, how do you solve this? Do you place a dedicated webmail frontend in the DMZ and open ports towards the internal LAN, or do you just place the entire server in the DMZ? I'm looking for input for a small network/home LAN so it shouldn't be to complex.
View 4 Replies View RelatedFedora Security :: Send An Email Using Evolution The Message Was Not Sent But Returns A Error Message?
Apr 30, 2009Hi I am running a fedora 10 desktop. when i send an email using evolution the message was not sent but returns a error message:"Error while performing operation.DATA command failedError: 550 Viagra SPAM - Hi in Subject" and the message did not have an attachment just plain words. what might have gone wrong for i have been using this for sometime without a problem. or what security measures should be in place to remove this viagra spamAm I infected by virus on this fedora, all my updates are up to date.
View 1 Replies View RelatedUbuntu :: Warning Message Before Swap Is Used?
Jul 28, 2010Is there any way to set up my system so that, just before I run out of RAM, and SWAP is utilized, I can get a warning message so that I can kill the memory hog before my computer slows to a crawl?I'm a programmer, and it's happened a few times that my programs have memory leaks and run over into SWAP and effectively freeze my system.
View 2 Replies View RelatedUbuntu Servers :: 554 5.7.1 Relay Access Denied - Error "Your Message Did Not Reach Some Or All Of The Intended Recipients"
Jan 4, 2011i have search for a long time regarding this matter but i couldn't found nothing.... The facts are like this:
1. I have a server on Ubuntu Linux 10.10 with the following modules installed:
- Webmin 1.530
- BIND DNS Server
- Fetchmail Retrieval
- Dovecot
- Postfix
- a domain (www.domain.com) - the website it's not hosted on my machine
What i did until now:
- establish a local mail network like user@testserver.local
- successfully installed and configure Fetchmail Retrieval. like: user@domain.com mapped to user@testserver.local
2. The problem: Sending an e-mail using a POP3 client like Outlook from an local account! If i use the local address and try to deliver a message outside my local network the following error is sent by System Administrator: Code: Your message did not reach some or all of the intended recipients.
[Code]....
Ubuntu :: Warning Message In Terminal - Configure GUI
Feb 25, 2010I'm pretty new to Ubutnu and Linux in general so take it easy on me. I'm a Senior at the University of Houston and part of our final project involves running an application in Ubuntu that was developed by another university. It installs fine, but when I run the command the launch the configure gui I get a strange warning message.
View 2 Replies View RelatedServer :: Receiving An Error Message On Windows Machine Saying "Recipient Address Rejected: Relay Access Denied."
Feb 8, 2010I am running Postfix 2.6.1 on Suse 11.2, and am receiving an error message on my windows machine saying "Recipient address rejected: Relay access denied." If I login to my email on the local machine or via squirrelmail I have no problem sending mail. The output of postconf -n is as follows:
server:~ # postconf -n
alias_maps = hash:/etc/aliases
biff = no
[code]....