-
April 26th, 2006, 12:56 AM
#1
Junior Member
Getting info off the net with UNIX/Linux
Hi
Please don't bann me for asking this question as it doesnt prevail to being malichous.
I would like to know how to retreive information off the net ..for example if I suspect an
intrusion how can I get better information on an attacker than just a subnet-mask or server IP or some non-resolved address.
I am thinking more along the lines of there address and internet details.
I have just installed Linux Mandrake 9.2 and am trying to familiarise myself with some commands at the moment.
I know for a fact that people can retreive my information very readily,,,and I doubt it is illegal,,so I would kind of like to know as this is a big shadow in my computer knowledge.
cheers
BTW. That flag on my avatar is not the Australian flag...how do i change that ?.
\"Those are my principles, and if you don\'t like them....well, I have others\"
- Groucho Marx -
-
April 26th, 2006, 01:02 AM
#2
Well, if it's an attacker you could get an ip from your firewall logs. That is, unless somehow they've gotten through your defenses Of course, any ip address you get will most likely be a proxy or the address of a zombie (a computer compromised by a cracker to use in attacks). But then again, there probably are some clueless script kiddies using their own computers. If you have an actual intrusion most likely a malicious attacker with any sense will alter your logs (if they have root access).
As far as your flag, try the edit your profile link on the front page.
See this link for some command line help The Link
This site also has some Linux command line tutorials I think. Check out the Tutorials Forum.
Also, feel free to post Linux related (Non-security) questions in the Operating Systems Forum.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
April 26th, 2006, 01:43 AM
#3
I know for a fact that people can retreive my information very readily
What information? Your ip address? Or your data in the home folder? You'd have to work at screwing up Linux.
Check to see if you've got a firewall. Been a while since I ran Mandrake, so I don't know if a firewall was a default install then or not. Usually is now.
Commands? Try "ifconfig" for your ip address. Google the rest.
And run your updates. 9.2 is an older version of Mandrake, so definitely run your updates.
Oh yeah, RTFM.
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
April 26th, 2006, 04:56 AM
#4
Junior Member
Originally posted here by preacherman481
[B]Well, if it's an attacker you could get an ip from your firewall logs. That is, unless somehow they've gotten through your defenses
WHAT DEFENSES
this information is usless,,any noob can look at firewall logs and get a bunch of bogus IP's that will not resolve ....
Cheers....but all I need is to be pointed in the right direction...
\"Those are my principles, and if you don\'t like them....well, I have others\"
- Groucho Marx -
-
April 26th, 2006, 05:46 AM
#5
Well, it's possible that I am misunderstanding your question.
My point is than an attacker will not make an ip address available to you. They will either be using a proxy or working through another computer that they have compromised. The only attacker you will get a valid ip address from will be one who doesn't know what they are doing.
For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
(Romans 6:23, WEB)
-
April 26th, 2006, 05:53 AM
#6
try tcpdump
this command should be already installed on your system. If not,
you can download it. You can capture the packets on your net
connection, both inbound and outbound. There's a steep learning curve,
but this will give you the ability to examine in detail, everything on the wire.
I came in to the world with nothing. I still have most of it.
-
April 26th, 2006, 10:11 AM
#7
Originally posted here by dan_in_au
WHAT DEFENSES
this information is usless,,any noob can look at firewall logs and get a bunch of bogus IP's that will not resolve ....
So.. Some IPs don't reverse resolve (from IP to hostname).. That doesn't mean they're bogus.. Whois is the name of the game.. That in combination with nslookup and/or dig will give you a huge amount of info..
Oliver's Law:
Experience is something you don't get until just after you need it.
-
April 26th, 2006, 11:13 AM
#8
type iptraf as root and hit enter.
-
April 26th, 2006, 11:39 AM
#9
Before you can become an internet dectective, you'd best learn about how networks are arranged, what ASNs are, what CIDR blocks are and so forth. If an IP doesn't resolve (many don't) it's not an indication of a bad address. Someone owns that IP so again, using tools already mentioned such as WHOIS will allow you to begin back tracing the source of the attack. Keep in mind that your emergency is meaningless to ASN operators. They may or may not cooperate with you.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 26th, 2006, 02:01 PM
#10
Use snort, or at the very least IPChains/Tables to help deter people I suppose. There isn't too much you can do about people port scanning you and such except close those ports, maybe recompile your favorite programs to give out less information. Perhaps try forwarding most "scan" packets to another PC so they recieve a completely different result than what they intended.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|