similar to: antivirus sniffer/scanner for networks

I have a really basic question (I think). We have two boxes connected to a lan segment on a hub. One is a Windows box running "Show Traffic", the other is a CentOS 5 Linux box running "ntop". Both boxes should be able to sniff all of the traffic on that hub (not a switch). The Windows box does just fine, Show Traffic is able to display traffic destined for other boxes

> > systems which no longer seem to have this. This file contained an archive of > > the trojan''s that were inserted into the compromised system - does anybody know > > what is in these trojans? > > Check the Linux RootKit ... (LRK).. > > Typically LRK to use config-files.. (and typically LRK-users to place > files in /dev.. find /dev -type f | grep -v

List, we are working on implementing an antivirus solution (samba-vscan + clamav)on our samba shares. We performed the steps mentioned on some guides we found in Portuguese and things seems to be installed ok. But when we make a test and try to access a share, every file on it is not accessible (though we can mount the share) and after looking at /var/log/messages we see the following: ... Mar 11

How hard would it be to upgrade from CentOs 5 beta to the released version? Would it be as simple as a yum upgrade or would I have to upgrade via booting from cd/dvd/pxe ? Pardon my ignorance if this has been asked already -Eric

hello all- and a happy holiday to all you geeks that are in front of the crt! I found these log messages in my logs and I am not sure what some of them signify. Dec 23 19:08:39 smtp kernel: Limiting closed port RST response from 221 to 200 packets/sec Dec 23 19:08:40 smtp kernel: Limiting closed port RST response from 241 to 200 packets/sec Dec 24 05:32:34 smtp kernel: fxp0: promiscuous mode

This was in bugtraq, and hasn't shown up in portaudit yet so I thought I would send it and the fix to you. I submitted a pr for a patch as well. (but for some reason, ir bounced) Problem #1: Clamav 87 has been found to have a security vulnerability that could lead to remote code execution Problem #2 patch patch-clamav-milter_clamav-milter.c won't

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

Hi, I am looking for some direction on how to configure KVM networking so that a promiscuous bridge/host nic/guest nic allows two different network monitoring packages to sniff the same physical traffic. The idea is to run a commercial package on the CentOS 6.5 host and Snort, via Security Onion, on the guest, both being fed by a physical switch SPAN or physical firewall TAP. The host has two

On Dec 22, 7:34 pm, Talin <viri... at gmail.com> wrote: > (Forwarding this to llvm-dev) > > This patch adds a unit test framework to LLVM, along with a sample unit test > for DenseMap. I don't expect this patch to be accepted as-is, this is mainly > a trial balloon and proof of concept. I think this is a great idea! As Keir already noted, I would also agree with LLVM

Howdy! I'm not sure if this is actually an issue, feature or a bug, but I have found that inside a jail, the jailed root user is able to sniff traffic (and enable promiscuous mode) on at least the interface of the IP address the jail is attached to. I have not found any documentation explaining if this should occur or not, but I feel it is something that should at least be known to those

Hi all, I was wondering if there is any IAX2 sniffer and decoder. Wireshark can decode and play RTP streams using G.711, and Cain & Abel decodes and plays any kind of RTP stream. But I didn't find anyone that can decode IAX2 streams. Any programs?? Regards, -- Diego Quintana a.k.a. RouterMaN Ingeniero de las Telecomunicaciones Linux Registered User #382615 - http://counter.li.org/ SIP #

As the group knows, I'm having compatibility issues with a critical database application. It's been wisely suggested that I monitor the line to see what's up. Problem is: I've never done this before & suspect others like me are not familiar with these techniques. I did find an old LinuxWorld article http://tinyurl.com/yrjurx however I help thinking there is more on the top.

Can I ask you a quick question? I''ve set up bridge-networking for Xen 4.1 (xen-4.1.3-25.el5.22) and networking was being done properly for Dom0 and DomUs. However, I noticed that Dom0 receives a lot of network interrupts or network packets even when they were not actually meant for either Dom0 or DomU. Now, here are the questions: 1. Dom0 is acting in promiscuous mode, right? 2. If

Hi folks, I posted this question to the KVM list, but I thought I'd try here too--sorry if this is the wrong place to post this, can you please direct me to the correct forum or list if so, thanks! I'm working on a network security project, using KVM installed on CentOS 6.7 through yum. I have a VM with the goal of using this as a network appliance, and two other VMs, one simulating an

Hi all, I am trying to enable promiscuous mode on a kvm switch due to sniff all traffic using snort installed on a kvm guest. I have found a partial solution configuring this bridge with "brctl setaging br0 0", but all vms sees all traffic. I think the soultion is using ebtables but I didn't found any doc about how can I do under kvm (and upstream recommends disable this

Is it possible to set up a non-forwarding bridge? I have two interfaces that I'd like to combine, where one is a fast main link and the other is a slower backup. I'd like traffic to go out the fast link only, if it is available, and failover to the backup if it is not available. I never want to forward packets between the interfaces. My specific setup is a laptop with a 100M ethernet and

On 03/25/09 12:30, James Carlson wrote: > Girish Moodalbail writes: > >> bash-3.2# dladm show-link >> LINK CLASS MTU STATE PROMISC OVER >> e1000g0 phys 1501 up off -- >> e1000g1 phys 1502 up on -- >> > > That (plus or minus some column alignment) seems

Any suggestions on what to run on a centos box to verify that the server isn't compromised or being sniffed? Thanks!

Hello all, Playing with Xen on GNU/Debian Lenny, I just discovered that all my virtual network cards are in promiscuous mode by default. Changing that manually does not seems to change anything (that is, everything still works great). Is there any reason to have virtual network cards in promiscuous mode ? And where can I change this default behaviour ? Thanks, JB

Hello, I have been using the bridging facilities provided by Linux (vanilla 2.6.7 SMP with UML skas host patch applied) to bridge a regular physical ethernet network (on interface eth0) with a virtual network (on interface tap0, cf uml_switch, http://user-mode-linux.sourceforge.net/networking.html). A couple of virtual machines (run using user-mode linux, a tool that enables you to run linux