LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 09-20-2006, 12:23 AM   #1
raysr
Member
 
Registered: Nov 2003
Location: WA State
Distribution: Ubuntu 13.04
Posts: 727

Rep: Reputation: 31
"Secret Cookie"


I don't know if one issue has anything to do with the other but here's my problem. Last week I was looking through e-bay and my system monitor on the toolbar ran up into the yellow and the box took off like a race car. I unplugged the phone line as fast as I could and the box ran for a few more seconds and slowed back to normal. This has happened about three times now, only on Suse, drive hda. Xandros hdb hasn't been affected.
So I started looking around in the "tmp" file and under /tmp/ksocket-me there's a file called "Secret Cookie". It has a number in it about 13 characters. I deleted it and tried to reproduce it. I could not. Except when I rebooted. Then it would show up again. I have a firewall, Yast, and guarddog. GRC says I'm stealthed and so does PC Flank.
Any ideas as to what this is all about?
 
Old 09-20-2006, 01:42 AM   #2
zhangmaike
Member
 
Registered: Oct 2004
Distribution: Slackware
Posts: 376

Rep: Reputation: 31
The secret-cookie thing is completely normal and unrelated to the problem that you're noticing. See this thread: http://www.linuxquestions.org/questi...d.php?t=465098
In that thread is a link to another thread, which explains the secret-cookie as a normal authentication token.

As for the problem... what do you mean that the "system monitor on the toolbar ran up into the yellow and the box took off like a race car"? What does yellow indicate in your system monitor? What is racing about your computer? Disk usage? CPU?

Have you been able to purposely reproduce the "racing" problem?
 
Old 09-20-2006, 02:16 AM   #3
raylhm
Member
 
Registered: Sep 2006
Location: WA St
Distribution: Suse 10.3, Windows XP Home, Register Linux #386151
Posts: 240

Rep: Reputation: 30
CPU usage-yes, yellow. Box clicking away like it was booting up(race car). Thanks for the link and the reply. I don't have to worry about the cookie anyway. Yeah, once I was just reading my e-mail and it took off as described. None of these things may not be connected, it's just odd when the cpu jumps up for no reason.
 
Old 09-20-2006, 06:07 AM   #4
Spudley
Member
 
Registered: Mar 2003
Location: Berkshire, England.
Distribution: SuSE 10.0
Posts: 299

Rep: Reputation: 32
It could be your cron jobs starting up (cron being a timing system to trigger regular tasks automatically).

Even if you haven't got any tasks of your own in your crontab, there are likely to be some at system level, and it's possible they may be what you're seeing.

If you've got KDE System Guard running, or top, you should be able to see quite easily what the processes are that are causing the CPU usage to spike.
 
Old 09-20-2006, 08:01 AM   #5
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
Check your crontab for cronjobs (plus: cron.hourly, cron.daily, cron.weekly etc.). Maybe you're starting something on autopilot there.

Last edited by JZL240I-U; 09-20-2006 at 08:03 AM.
 
Old 09-22-2006, 02:01 AM   #6
raylhm
Member
 
Registered: Sep 2006
Location: WA St
Distribution: Suse 10.3, Windows XP Home, Register Linux #386151
Posts: 240

Rep: Reputation: 30
Thanks for the replies. I have another question. I've been messing around with my firewall, Suse and I had guarddog. The Suse firewall started giving me an error saying there was another firewall running and I couldn't configure it until I got rid of the other one(although I had before) so I deleted guarddog and nothing changed, it still says there's another firewall running. Went to GRC and I'm still stealthed. What's going on? All I had installed was guarddog and Suse. I get alot of iptable eroors on boot also. Any idea what's happened?..........I just rebooted and all is A-OK now. I've got a DSL/cable router with a firewall so I'm probably OK anyhow.

Last edited by raylhm; 09-22-2006 at 02:11 AM.
 
Old 09-22-2006, 03:20 AM   #7
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
Deleting a software is not all. A firewall will run in the background (or as daemon) as an independent process. You have to shut that down explicitly -- which you did by rebooting.
 
Old 10-02-2006, 09:31 PM   #8
raylhm
Member
 
Registered: Sep 2006
Location: WA St
Distribution: Suse 10.3, Windows XP Home, Register Linux #386151
Posts: 240

Rep: Reputation: 30
If anyone is still following this thread, I got a letter from Verizon today saying that "someone" may have gained access or attempted to gain access to my customer account through verizon.com website w/o my authorization. "Although it 'appears' no usable information was obained we are nevertheless taking additional measures to protect your account". I haven't talked to them yet but I'm wondering if the problem was on my end or theirs. I'm stealthed everywhere I check plus I have a cable router with a firewall.
 
Old 10-04-2006, 01:40 AM   #9
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
So. Well, if you get more information on this a brief post would be appreciated. Regards .
 
Old 10-06-2006, 12:25 AM   #10
raylhm
Member
 
Registered: Sep 2006
Location: WA St
Distribution: Suse 10.3, Windows XP Home, Register Linux #386151
Posts: 240

Rep: Reputation: 30
I called Verizon the next day and they asked if I ever paid my bill online at "Verizon.net". I told them I did not. They asked me if I ever visited "Verizon.net" and I said I probably had. They said to disregard the letter they sent because it was some information mining on people who pay their bill online there. If I hadn't paid there I wasn't one who was attacked. They got me because I visited there.
Scared the SHIT out of me before I called them. I still don't feel to good about my security, even though everywhere I test says I'm stealthed.
 
Old 10-06-2006, 01:25 AM   #11
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
Well something caused the abnormal behaviour of your box, and not on the server side / verizon side. Maybe you'd better post your firewall rules in the security forum and ask for opinions there.
 
Old 10-09-2006, 12:31 AM   #12
raylhm
Member
 
Registered: Sep 2006
Location: WA St
Distribution: Suse 10.3, Windows XP Home, Register Linux #386151
Posts: 240

Rep: Reputation: 30
Is there a command to bring up how I have the SuseFirewall2 set-up?
 
Old 10-09-2006, 02:29 AM   #13
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
There should be a iptables.config (?) file (probably somewhere under /etc, just search for it). That should hold your rule set.
 
Old 10-10-2006, 12:42 AM   #14
raylhm
Member
 
Registered: Sep 2006
Location: WA St
Distribution: Suse 10.3, Windows XP Home, Register Linux #386151
Posts: 240

Rep: Reputation: 30
I couldn't find "iptables.config" in /etc so I seached it and it never showed up. I've run AVG Free on every file I can and it has found nothing.
 
Old 10-10-2006, 01:25 AM   #15
JZL240I-U
Senior Member
 
Registered: Apr 2003
Location: Germany
Distribution: openSuSE 13.1 / 12.3_64-KDE, Ubuntu 14.04, Fedora 20, Mint 17, Chakra
Posts: 3,644

Rep: Reputation: Disabled
when you search just for "*iptable*" without the ""'s, what do you get?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Telling people to use "Google," to "RTFM," or "Use the search feature" Ausar General 77 03-21-2010 11:26 AM
"Xlib: extension "XFree86-DRI" missing on display ":0.0"." zaps Linux - Games 9 05-14-2007 03:07 PM
what is secret-cookie???? mihalisla Linux - General 2 07-18-2006 09:01 AM
secret cookie? Chuck23 Linux - Security 6 09-06-2004 09:41 PM


All times are GMT -5. The time now is 05:03 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration