Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Getting info off the net with UNIX/Linux

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    9

    Getting info off the net with UNIX/Linux

    Hi

    Please don't bann me for asking this question as it doesnt prevail to being malichous.
    I would like to know how to retreive information off the net ..for example if I suspect an
    intrusion how can I get better information on an attacker than just a subnet-mask or server IP or some non-resolved address.

    I am thinking more along the lines of there address and internet details.

    I have just installed Linux Mandrake 9.2 and am trying to familiarise myself with some commands at the moment.

    I know for a fact that people can retreive my information very readily,,,and I doubt it is illegal,,so I would kind of like to know as this is a big shadow in my computer knowledge.

    cheers

    BTW. That flag on my avatar is not the Australian flag...how do i change that ?.
    \"Those are my principles, and if you don\'t like them....well, I have others\"

    - Groucho Marx -

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    Well, if it's an attacker you could get an ip from your firewall logs. That is, unless somehow they've gotten through your defenses Of course, any ip address you get will most likely be a proxy or the address of a zombie (a computer compromised by a cracker to use in attacks). But then again, there probably are some clueless script kiddies using their own computers. If you have an actual intrusion most likely a malicious attacker with any sense will alter your logs (if they have root access).

    As far as your flag, try the edit your profile link on the front page.

    See this link for some command line help The Link

    This site also has some Linux command line tutorials I think. Check out the Tutorials Forum.

    Also, feel free to post Linux related (Non-security) questions in the Operating Systems Forum.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  3. #3
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,243
    I know for a fact that people can retreive my information very readily
    What information? Your ip address? Or your data in the home folder? You'd have to work at screwing up Linux.

    Check to see if you've got a firewall. Been a while since I ran Mandrake, so I don't know if a firewall was a default install then or not. Usually is now.

    Commands? Try "ifconfig" for your ip address. Google the rest.

    And run your updates. 9.2 is an older version of Mandrake, so definitely run your updates.

    Oh yeah, RTFM.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  4. #4
    Junior Member
    Join Date
    Mar 2006
    Posts
    9
    Originally posted here by preacherman481
    [B]Well, if it's an attacker you could get an ip from your firewall logs. That is, unless somehow they've gotten through your defenses
    WHAT DEFENSES
    this information is usless,,any noob can look at firewall logs and get a bunch of bogus IP's that will not resolve ....

    Cheers....but all I need is to be pointed in the right direction...
    \"Those are my principles, and if you don\'t like them....well, I have others\"

    - Groucho Marx -

  5. #5
    Senior Member
    Join Date
    Feb 2002
    Posts
    855
    Well, it's possible that I am misunderstanding your question.

    My point is than an attacker will not make an ip address available to you. They will either be using a proxy or working through another computer that they have compromised. The only attacker you will get a valid ip address from will be one who doesn't know what they are doing.
    For the wages of sin is death, but the free gift of God is eternal life in Christ Jesus our Lord.
    (Romans 6:23, WEB)

  6. #6
    AO Curmudgeon rcgreen's Avatar
    Join Date
    Nov 2001
    Posts
    2,716
    try tcpdump

    this command should be already installed on your system. If not,
    you can download it. You can capture the packets on your net
    connection, both inbound and outbound. There's a steep learning curve,
    but this will give you the ability to examine in detail, everything on the wire.
    I came in to the world with nothing. I still have most of it.

  7. #7
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by dan_in_au
    WHAT DEFENSES
    this information is usless,,any noob can look at firewall logs and get a bunch of bogus IP's that will not resolve ....
    So.. Some IPs don't reverse resolve (from IP to hostname).. That doesn't mean they're bogus.. Whois is the name of the game.. That in combination with nslookup and/or dig will give you a huge amount of info..
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    type iptraf as root and hit enter.

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    Before you can become an internet dectective, you'd best learn about how networks are arranged, what ASNs are, what CIDR blocks are and so forth. If an IP doesn't resolve (many don't) it's not an indication of a bad address. Someone owns that IP so again, using tools already mentioned such as WHOIS will allow you to begin back tracing the source of the attack. Keep in mind that your emergency is meaningless to ASN operators. They may or may not cooperate with you.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Use snort, or at the very least IPChains/Tables to help deter people I suppose. There isn't too much you can do about people port scanning you and such except close those ports, maybe recompile your favorite programs to give out less information. Perhaps try forwarding most "scan" packets to another PC so they recieve a completely different result than what they intended.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •