Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 30 Oct 2014, 13:13
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Computer attacked? Do logs log such? [Solved]
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 2 of 2 Posts_count   Goto page: Previous 1, 2
Author Message
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Tue 21 Sep 2010, 09:37    Post_subject:  

nooby wrote:

So you say:
Quote:
If you have questions, ask.


Yes I have a specific question.

Has you computer acted like I described. What caused it?



Some websites have programmers who are idiots, some are malicious. Very often the
designer doesn't test the site's pages on a variety of operating systems and browsers.

Javascript can raise, lower and resize the browser window AND do a lot, lot more. A
bad script can lock up the works.

You have enough experience now to install Puppy and modify the system to your
preferences. I advise setting your Puppy up the way you like and avoid the hostile
network, the Internet, during the setup. Make a copy of this setup for later use if needed.

The backup your setup is with fair confidence that it probably hasn't been compromised
due to the fact it hasn't been on the Internet.

The if you think the working copy has been compromised, save off any user files you
want to keep and revert to your virgin setup.

And yes, I've had my browser act in ways I wonder what exactly IS going on.

One way of looking at things is; it's just software, it doesn't cost us money, we enjoy
tinkering and learning. So what if it goes south. We put it back right and learn.

It is mostly a matter of time spent. And if we want to save time we can save initial
setups we like for later use if needed. Meaning to say: We don't always have to start
from scratch.

And in your case, (as well as my own), I sincerely think you enjoy tinkering and I'll go so
far as to suggest the computer helps to satisfy our need to tinker.

Bruce

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
Jasper


Joined: 25 Apr 2010
Posts: 1145
Location: England

PostPosted: Tue 21 Sep 2010, 12:41    Post_subject:  

Hi nooby,

I don't know enough to be of any direct help. However this is an extract from the site that Lobster kindly advised earlier today:

Intrusion Detection
AFICK Monitor the changes on your filesystems
BASE Web front-end to query and analyze the alerts from a SNORT IDS system
Bro Passively monitors network traffic and looks for suspicious activity
Kismet Wireless network detector, sniffer, and intrusion detection system
OSSEC Open Source Host-based Intrusion Detection System
Sguil Analyst Console for Network Security Monitoring
SNARE System iNtrusion Analysis and Reporting Environment
Snort Network intrusion prevention and detection
Snort_inline Modified version of Snort
Tripwire Provides configuration audit and control features

The link is http://www.linuxlinks.com/article/20080429140249467/Security.html

My regards
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 21 Sep 2010, 14:16    Post_subject:  

Wow, that was very many interesting tools to learn to use. I look into it.

Thanks indeed for listing them.

Ooops,

Edit but they are general Linux and not Puppy compatible maybe.

Okay I have Lupu now and also Debian Puppy so maybe they can get compatible

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
8-bit


Joined: 03 Apr 2007
Posts: 3387
Location: Oregon

PostPosted: Tue 21 Sep 2010, 14:55    Post_subject:  

Could this all be a bad mouse problem?
The reason I ask is I had an optical usb mouse that developed and intermittent connection due to the connecting wire had flexed enough to cause wire fatigue.
It was driving me crazy as it exibited type of problems you describe.
I also at first thought someone was trying to access my PC.
I replaced the mouse and the problem was solved.
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 21 Sep 2010, 15:03    Post_subject:  

Thanks yes it could. I don't know enough about how it would behave but that seems very reasonable.

It is a used one and not a new one so it could have some glitches.

I look into it.

Very good that you retold your experience of how such faults can manifest themselves.

I maybe should buy a new one. They are not that expensive.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
aarf

Joined: 30 Aug 2007
Posts: 3620
Location: around the bend

PostPosted: Thu 23 Sep 2010, 05:09    Post_subject:  

Let me guess. It is a PS2 mouse plugged into a round hole.
_________________

ASUS EeePC Flare series 1025C 4x Intel Atom N2800 @ 1.86GHz RAM 2063MB 800x600p ATA 320G
_-¤-_

<º))))><.¸¸.•´¯`•.#.•´¯`•.¸¸. ><((((º>
Back to top
View user's profile Send_private_message Visit_website 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 23 Sep 2010, 05:25    Post_subject:  

Nope it is a Labtec Optical Mouse with a flat USB plug.

But it is rather old and well used so that is why I accepted the suggestion that it could be the reason why I suddenly lost ability to click on Menu to shut down. Every menu button flickered wildly as if the mouse had rapidly clicked on each of them in succession.

I did not dare let it go on so both time me used the ctrl+alt+backspace and then did reboot and the problem was gone.

Maybe a week between the two incidences. So it is not a big problem.

But I drew the conclusion me was attacked,. Had no idea a Mouse would create such odd behavior.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
Bruce B


Joined: 18 May 2005
Posts: 11130
Location: The Peoples Republic of California

PostPosted: Sat 16 Oct 2010, 07:09    Post_subject:  

Nooby,

Mozilla Firefox and SeaMonkey keep very detailed logs of all your activity in the Cache, in a file called _CACHE_001_

A fairly simple bash script can strip the information you want as far as CONNECT, GET, POST and the specific URLs

Bruce

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Sat 16 Oct 2010, 07:32    Post_subject:  

Bruce, such is good to know.

Do they do this also if I set it to delete or erase everything when shutting down browser?

Oh I remember a year ago when I used XP daily I had a program named

CCeasy something. Hm me forgotten name. That program deleted much much more that many of the other programs that was supposed to delete all maleware and logs and such. What name did it have.

Wonder if there are such a program that Puppy can use from Ubuntu?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Tue 26 Oct 2010, 12:10    Post_subject:  

Puppy's standard firewall can log stuff. Look at /etc/rc.d/rc.firewall, you will see a parameter for logging. Probably some docs around somewhere to see how this particular script of iptables works, or you could modify it yourself by looking at general iptables documentation.
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Tue 26 Oct 2010, 13:49    Post_subject:  

Paul it is obvipous me have to learn more for to be able to know how to set such up then.


There where nothing there now that I could recognize as a log or something to check on so most likely one have to activate that function first.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
PaulBx1

Joined: 16 Jun 2006
Posts: 2308
Location: Wyoming, USA

PostPosted: Wed 27 Oct 2010, 21:00    Post_subject:  

Just edit the file. You will see this up front:
Code:
########################################
# -- Advanced Configuration Options -- #
########################################

# ** DO NOT ** modify anything below unless you know what you are doing!!
# See online documentation at: http://projectfiles.com/firewall/config.html

DENY_OUTBOUND=""
ALLOW_INBOUND=""
BLACKLIST=""
STATIC_INSIDE_OUTSIDE=""
PORT_FORWARDS=""
PORT_FWD_ALL="yes"
PORT_FWD_ROUTED_NETWORKS="yes"
ADDITIONAL_ROUTED_NETWORKS=""
TRUST_ROUTED_NETWORKS="yes"
SHARED_INTERNAL="yes"
FIREWALL_IP=""
TRUST_LOCAL_EXTERNAL_NETWORKS="no"
DMZ_INTERFACES=""
NAT_EXTERNAL="yes"
ADDITIONAL_NAT_INTERFACES=""
IGNORE_INTERFACES=""
LOGGING="no"
REQUIRE_EXTERNAL_CONFIG="no"

############################################
# -- Advanced Firewall Behavior Options -- #
############################################

# The default settings provide the suggested firewall configuration.

NO_RP_FILTER_INTERFACES=""
INTERNAL_DHCP="yes"
RFC_1122_COMPLIANT="yes"
DROP_NEW_WITHOUT_SYN="no"
DUMP_TCP_ON_INIT="no"
TTL_STEALTH_ROUTER="no"
LOG_LIMIT="1/minute"
LOG_BURST="5"
LOG_LEVEL="notice"


Turn LOGGING="no" to LOGGING="yes". Also those other LOG things control the logging. See the hint about looking at the documentation first, and save a copy of your pupsave before messing with this stuff in case you bork something. I usually keep a backup copy of the original rc.firewall file there in that directory too.

I think you will have to turn off the firewall and then turn it on again, to see the effect in your logs. Again, refer to the documentation to be sure.

I have run with logging for a while, but not lately. Your logs can fill up with innocent crap if you are not careful.
Back to top
View user's profile Send_private_message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Thu 28 Oct 2010, 01:46    Post_subject:  

Thanks for trusting me is willing to learn. Very much to take in.
I try to save a book mark to this text.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send_private_message 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Fri 10 Dec 2010, 03:16    Post_subject:  

-=xdotool=- is interesting program.
_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.

Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 2 of 2 Posts_count   Goto page: Previous 1, 2
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0803s ][ Queries: 11 (0.0048s) ][ GZIP on ]