Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
My setup: Dual boot Red Hat Linux 9.0 and Windows98, on two seperate drives. I have a DSL internet connection.
What I was doing: Trying to download the "Freeduc" live CD from DistroWatch.com. I'm running as regular user in Linux, open an xterm to go superuser for this operation, and start Mozilla from the console (I have to use superuser for the write permissions to the Windows disk.). I use the Minnesota mirror (geographically closest) and choose to save the download onto a folder on my Windows drive (what else would I use the Windows side for but to store Linux iso's ?)
Well, the drill is, a 700MB iso download on my connection setup is about 7 hours, so I leave it run overnight. I get up this morning to find the download failed, and a message-box on the screen "Not enough hard-drive space to download:" + the name of some ".exe" file! Of course, I recognize that ".exe" means an executable file under Windows. I of course stopped everything. My disk quotas appear exactly as they did before. The name of the executable was a long random-appearing string of letters and digits, bearing no relation to what I was trying to get.
What happened? How was this done? What answers are possible?
But I'm still curious how this was done. Did somebody packet-sniff a router somewhere and detect a download, then slip their file into the stream? Or was the download mirror-site itself compromised? Or was this one of those cases of malware that tries to auto-send itself to random IP addresses, and it was just "my turn"?