FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 10-29-2008, 02:41 PM
Celejar
 
Default intrusion detection

On Wed, 29 Oct 2008 22:00:30 +0630
David Bernier <david250@videotron.ca> wrote:


...

> The Gnome system monitor now shows incoming traffic at 4 kB/sec every 20
> seconds. Maybe
> this is when my computer contacts an SNTP server ( simple network time
> protocol).
>
> Would a package such as ethereal tell me what this traffic is?

Probably. It would tell you what protocol it is, what system is being
contacted, and exactly what data is being transmitted. Ethereal
understands many protocols, and will interpret them for you.

Celejar
--
mailmin.sourceforge.net - remote access via secure (OpenPGP) email
ssuds.sourceforge.net - A Simple Sudoku Solver and Generator


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2008, 02:49 PM
Adrian Chapela
 
Default intrusion detection

Celejar escribió:

On Wed, 29 Oct 2008 22:00:30 +0630
David Bernier <david250@videotron.ca> wrote:



...


The Gnome system monitor now shows incoming traffic at 4 kB/sec every 20
seconds. Maybe
this is when my computer contacts an SNTP server ( simple network time
protocol).


Would a package such as ethereal tell me what this traffic is?



Probably. It would tell you what protocol it is, what system is being
contacted, and exactly what data is being transmitted. Ethereal
understands many protocols, and will interpret them for you.


Is it possible use OSSEC on a linux router/firewall to control traffic?


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2008, 03:16 PM
David Bernier
 
Default intrusion detection

David Bernier wrote:

Osamu Aoki wrote:

Hi,

On Tue, Oct 28, 2008 at 09:55:32PM +0630, David Bernier wrote:

Dear Debian users,

I think my computer was hacked. A music CD that I bought in a store
(Redbook audio

standard) was left in the CD/DVD bay. Then, mysteriously, a song
by Destiny's Child ("Jumpin' Jumpin' ") got transformed into the
*.ogg format, but
I didn't ask for that. Same sound from stereo playing Redbook format
audio CD

and the *.ogg file on the hard drive ...


I do not have hard facts but tis seems to be just clicking wrong
key/mouse which caused to creaye such thing. ...


So I took a test-drive of Ubuntu 8.04 Live CD, and then did a complete
reinstall. Now, I'm using Ubuntu and the firestarter firewall.

I'd like to know about ideas for security, including for example
intrusion-detection systems.


If you are playing with Ubuntu, please ask their mailing list.
Then you get better support.


Yes. Truth is I left the music CD in the bay and the BIOS settings had
the CD/DVD drive as
the first boot device. It may have contributed to my Debian
installation crashing.


---

The Gnome system monitor now shows incoming traffic at 4 kB/sec every
20 seconds. Maybe
this is when my computer contacts an SNTP server ( simple network time
protocol).


Would a package such as ethereal tell me what this traffic is?


I got an email today from a list that I never subscribed to. The message
body and headers were
refused by Debian Users list because of some Javascript. The end part
appears below...


David

===
BPM - SYSTEM ACTIVATED sent this email to david250@videotron.ca
Questions? Contact BPM - SYSTEM ACTIVATED
<mailto:bpm.newalbum@gmail.com> or BPM - SYSTEM ACTIVATED, c/o
FanBridge, Inc. - 14525 SW Millikan Way, Beaverton, Oregon 97005, United
States


Unsubscribe
<http://www.FanBridge.com/unsubscribe/immed.php?userid=66046&email=david250@videotron.ca &confCode=Y452rX4Bd443Y1cdcaYhF7b7Xh>
| Update your information
<http://www.FanBridge.com/signup/fanupdate.php?userid=66046&email=david250@videotro n.ca&confCode=Y452rX4Bd443Y1cdcaYhF7b7Xh>
| Privacy Policy <http://www.FanBridge.com/learn/privacy.php> | Forward
to a Friend
<http://bpmnewalbum.fanbridge.com/signup/forward.php?userid=66046&sid=80050712&cid=486388&c c=Y452rX4Bd443Y1cdcaYhF7b7Xh>



This email message is powered by:
FanBridge <http://www.FanBridge.com/b.php?id=66046>
Free Email and Mobile fan list management for bands.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2008, 04:00 PM
"Juan Carlos Avila"
 
Default intrusion detection

> -----Mensaje original-----
> De: Osamu Aoki [mailtosamu@debian.org]
> Enviado el: Miércoles, 29 de Octubre de 2008 08:53 a.m.
> Para: David Bernier
> CC: debian-user@lists.debian.org
> Asunto: Re: intrusion detection
>
> Hi,
>
> On Tue, Oct 28, 2008 at 09:55:32PM +0630, David Bernier wrote:
> > Dear Debian users,
> >
> > I think my computer was hacked. A music CD that I bought
> in a store
> > (Redbook audio
> > standard) was left in the CD/DVD bay. Then, mysteriously,
> a song by
> > Destiny's Child ("Jumpin' Jumpin' ") got transformed into the *.ogg
> > format, but I didn't ask for that. Same sound from stereo playing
> > Redbook format audio CD and the *.ogg file on the hard drive ...
>
> I do not have hard facts but tis seems to be just clicking
> wrong key/mouse which caused to creaye such thing. ...

I do. Mouse gestures.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2008, 05:21 PM
"Jeff Soules"
 
Default intrusion detection

> David Bernier wrote:
>>
>
> I got an email today from a list that I never subscribed to. The message
> body and headers were
> refused by Debian Users list because of some Javascript. The end part
> appears below...

Sounds like run-of-the-mill spam.

To run a secure system, it's important to be paranoid, but there is
such a thing as too paranoid as well. You have to find a balance
between paranoid enough to lock your doors, and so paranoid you won't
use your closets.


On Wed, Oct 29, 2008 at 12:16 PM, David Bernier <david250@videotron.ca> wrote:
> David Bernier wrote:
>>
>
> I got an email today from a list that I never subscribed to. The message
> body and headers were
> refused by Debian Users list because of some Javascript. The end part
> appears below...
>
> David
>
> ===
> BPM - SYSTEM ACTIVATED sent this email to david250@videotron.ca
> Questions? Contact BPM - SYSTEM ACTIVATED <mailto:bpm.newalbum@gmail.com> or
> BPM - SYSTEM ACTIVATED, c/o FanBridge, Inc. - 14525 SW Millikan Way,
> Beaverton, Oregon 97005, United States
>
> Unsubscribe
> <http://www.FanBridge.com/unsubscribe/immed.php?userid=66046&email=david250@videotron.ca &confCode=Y452rX4Bd443Y1cdcaYhF7b7Xh>
> | Update your information
> <http://www.FanBridge.com/signup/fanupdate.php?userid=66046&email=david250@videotro n.ca&confCode=Y452rX4Bd443Y1cdcaYhF7b7Xh>
> | Privacy Policy <http://www.FanBridge.com/learn/privacy.php> | Forward to a
> Friend
> <http://bpmnewalbum.fanbridge.com/signup/forward.php?userid=66046&sid=80050712&cid=486388&c c=Y452rX4Bd443Y1cdcaYhF7b7Xh>
>
> This email message is powered by:
> FanBridge <http://www.FanBridge.com/b.php?id=66046>
> Free Email and Mobile fan list management for bands.
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject
> of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 10-29-2008, 05:29 PM
Johannes Wiedersich
 
Default intrusion detection

On 2008-10-29 17:16, David Bernier wrote:
> I got an email today from a list that I never subscribed to. The message
> body and headers were
> refused by Debian Users list because of some Javascript. The end part
> appears below...

[snip quotation of spam mail]

This is a phenomenon called spam [1]. To receive a spam mail is _no_
indication whatever, that the receiving system is compromised.

(In fact, for any valid mail that makes it to the list, the debian list
servers reject hundreds of spam mails. This fortunately _does_ _not_
mean that they have been compromised. )

NB: Please don't quote spam mails in your mails to the list, since a
mangling of spam text and valid content for the debian lists, poisons
the spam filters that automatically check all these mails.

Johannes

[1] http://en.wikipedia.org/wiki/E-mail_spam
 
Old 03-04-2010, 09:02 PM
Dan Burkland
 
Default Intrusion Detection

Hello all,

I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).

Thank you,

Dan Burkland
*
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-04-2010, 09:07 PM
Ron Loftin
 
Default Intrusion Detection

On Thu, 2010-03-04 at 16:02 -0600, Dan Burkland wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
>

I don't remember my exact thought process, but I've been using "afick"
from RPMforge for a few years now.

It does have a GUI available, though I don't use it myself.

> Thank you,
>
> Dan Burkland
>
> _______________________________________________
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
Ron Loftin reloftin@twcny.rr.com

"God, root, what is difference ?" Piter from UserFriendly

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-04-2010, 09:18 PM
Jim Perrin
 
Default Intrusion Detection

On Thu, Mar 4, 2010 at 5:02 PM, Dan Burkland <dburklan@nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).


You can use auditd to watch specific files if you're after some key
things. Beyond that I just use aide.


--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 03-04-2010, 09:21 PM
Aleksey Tsalolikhin
 
Default Intrusion Detection

On Thu, Mar 4, 2010 at 2:02 PM, Dan Burkland <dburklan@nmdp.org> wrote:
> Hello all,
>
> I have been exploring the various intrusion detection systems available for the Linux platform and was wondering what ones you all would recommend? I have used AIDE before and while it is extremely easy to setup, it does not support the ability to send alerts as files are changed (allows one to be aware of an intrusion almost immediately).
>
> Thank you,
>
> Dan Burkland


I would use tripwire or Cfengine, run frequently, they can both send
alerts if files get changed.

Best,
-at
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 02:20 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org