LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Incognito
User Name
Password
Incognito This forum is for the discussion of Incognito Linux.

Notices


Reply
  Search this Thread
Old 08-31-2016, 08:07 AM   #1
SethJ
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Rep: Reputation: Disabled
Tails Site is 'Port Scanning' Computers that download 'Tails.iso' !!! ???


I have been looking at 'Tails' to try and understand Tor etc
(No real need just I like to know about things. )

I noticed that if I followed the instructions to download the Tails.ISO, I received a 'Port Scan' from their site address !!!

Attack: Port Scan Attack: IN=ppp1.1 OUT=n/a MAC= SRC=204.13.164.188 DST=xxx.xxx.xxx.xxx LEN=93 TOS=0x00 PREC=0x80 TTL=45 DF PROTO=TCP SPT=443 DPT=49205 WINDOW=980 RES=0x00 ACK PSH URGP=0 MARK=0x8000000


I have verified this by asking a friend to run an .ISO download from their PC and got the same result. !!!

Questions:

Why is the Tails site running port scans on downloaders PC's etc ?

How does this justify any trust in the Tails setup ?

Is this deliberate or has the site been hacked in some way ?


I look forward to any response.

BTW: I did send a message to tails-support-private@boum.org but have had no reply.

Last edited by SethJ; 08-31-2016 at 01:55 PM. Reason: Fixed a cut & Paste error. Sorry.
 
Old 08-31-2016, 11:19 AM   #2
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,607
Blog Entries: 9

Rep: Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093
where is this info coming from? the red stuff?
why do you think it comes from "Our" site address (i assume you mean linuxquestions.org)???
i see no indication of that.
the ip 204.13.164.188 is boum.org.
 
Old 08-31-2016, 01:53 PM   #3
SethJ
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
ondoho,

You have mis-read the post.

The Thread title says 'Tails Site'.
If you lookup the address in the message in red it equates to the tails.boum.org site.

The message in red is from my IDS software.

I was hoping to get a message to the tails.boum.org support people via anyone who reads this thread.
As stated my direct e-mail has not been answered. !!!!

Ooops just spotted the error in the OP. Sorry !!!!
Fixed the cut & paste error in the OP.

Last edited by SethJ; 08-31-2016 at 01:58 PM.
 
Old 09-02-2016, 05:00 PM   #4
Rinndalir
Member
 
Registered: Sep 2015
Posts: 733

Rep: Reputation: Disabled
What did boum.org say to you?
 
Old 09-02-2016, 08:15 PM   #5
SethJ
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
I have had no response at all.

Hence this thread, in the hope someone will pass the message on or suggest a better way to contact boum.org.

My concern is that being 'a hack or deliberate', it makes the Tails.ISO suspect, at the least !!!

Just trying to raise peoples awareness as the people who need to use it may be (in the eyes of a hacker etc) worth probing for vulnerabilities.
 
Old 09-02-2016, 08:17 PM   #6
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,725

Rep: Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558
You should stop believing your brain-dead "IDS".
 
Old 09-02-2016, 09:07 PM   #7
SethJ
LQ Newbie
 
Registered: Aug 2016
Posts: 4

Original Poster
Rep: Reputation: Disabled
descendant_command,

Thanks for your input.

Do you have any basis to believe my IDS is brain dead ?

Please advise how you are able to be so sure ?

BTW:Simply beliving 'it is' is not good enough.

Please don't ask me what the system is, as obviously you do not need to know, or you would have asked 1st before making your statement.
(This reply pre-supposes that all IDS systems are not Brain Dead, in your view.)
 
Old 09-02-2016, 09:50 PM   #8
descendant_command
Senior Member
 
Registered: Mar 2012
Posts: 1,725

Rep: Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558Reputation: 558
Code:
PROTO=TCP SPT=443 DPT=49205
How is that a Port Scan?
 
Old 09-03-2016, 02:55 AM   #9
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,607
Blog Entries: 9

Rep: Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093Reputation: 4093
Quote:
Originally Posted by SethJ View Post
Please don't ask me what the system is, as obviously you do not need to know, or you would have asked 1st before making your statement.
actually i was going to ask exactly that.
how can we help you with your mysterious IDS's output if you don't tell us what software this is?
and no, it is your job to tell us all we need to know to be able to help you help yourself.
nevermind.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Tails 2.3 Anonymous Live CD Gets Tor Browser 5.5.5, Tails 2.4 Coming June 7 LXer Syndicated Linux News 0 04-27-2016 05:12 AM
Tails 2.2 - boot ISO using VirtualBox - blank desktop AdiLQ123 Incognito 3 04-25-2016 02:43 AM
[SOLVED] TAILS iso file verification help jeniveve Linux - Newbie 3 06-11-2015 04:01 AM
I need help verifying Tails iso ballsar Incognito 5 12-18-2014 12:13 PM
LXer: The Tails Project's The Amnesic Incognito Live System (Tails) LXer Syndicated Linux News 0 09-17-2011 01:51 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Incognito

All times are GMT -5. The time now is 09:24 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration