Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
10-22-2007, 12:42 AM
|
#1
|
LQ Newbie
Registered: Oct 2007
Posts: 3
Rep:
|
Dual HDD
Howdy all,
Have a question here, I think security would be the best place to put it.
I've been 100% on Linux (SuSE) for about two years now, but unfortunately I have had to return to XP to use some apps for my work, mostly Adobe crud. As a graphic artist/designer I have found solid alternatives in gimp inkscape, and my proprietary apps such as Maya XSI (along side blender) work just fine with linux since it's python I am using to renderfarm, anyway, I immediately slapped another harddrive into my computer and simply booted via bios, no big deal, and everything worked just fine.
But lately I have been having some problems, both systems acting erratically (I know xp hates partitioned harddrive sharing, hence the separate drive), and I have also noticed that when visiting different sites, my system was picked up as two separate systems!! which my ISP confirmed.
Paranoia, lingering from my win98 days, started to creep in, after so long of having not to worry about viruses, trojans, spyware, etc, etc, I began to wonder whether or not my XP system was a sitting duck connected to the internet while I was running around in Linux, or worse yet, my Linux system to brut force. since I have no hardware firewall, just the linux firewall and ZoneAlarm software firewalls.
I ran two ides on one ribbon with the Linux set up as master w slave and the xp as slave.
I have an MSI mother board, sorry forgot exactly which, it's older, but I'll find it if you guys need it, AMD Semp 3000+, 2GB, ATi Graphics Card, and two ide harddrives, one western digital, and the other hitachi.
How can I set up both harddrives, so I don't have to be so darn paranoid about the security of my system?
Plus I had difficulty connecting to the net once in awhile, for some reason the isp address wouldn't "recycle" as the ISP put it because it showed a constant connect from 2 systems at the same time, at least that's what the A+ certified (sarcasm there) help desk guy told me.
any help would be much appreciated cause I hate windows and am jonesing for my linux fix.
Last edited by Keyser SuSE; 10-22-2007 at 09:23 AM.
|
|
|
10-22-2007, 02:06 AM
|
#2
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Quote:
Originally Posted by Keyser SuSE
and I have also noticed that when visiting different sites, my system was picked up as two separate systems!! which my ISP confirmed.
|
I am completely baffled as to what that could mean. Could you explain a little more?
Quote:
I began to wonder whether or not my XP system was a sitting duck connected to the internet while I was running around in Linux, or worse yet, my Linux system to brut force. since I have no hardware firewall, just the linux firewall and ZoneAlarm software firewalls.
I ran two ides on one ribbon with the Linux set up as master w slave and the xp as slave.
|
Either system could get compromised, of course (more likely with the MS system IMHO), and then, with sufficient privilege, the attacker could do as he pleased, including altering the other system. But if you are dual booting (as I understand), when one system is running, the other system is doing nothing, and so cannot be compromised directly. Is there something I am not understanding here?
|
|
|
10-22-2007, 09:21 AM
|
#3
|
LQ Newbie
Registered: Oct 2007
Posts: 3
Original Poster
Rep:
|
Well,
Apparently when I connect to the net my single pc is detected as two systems connecting to the net, out of curiosity, I connected my old DSL modem to my system and it came up as two separate pcs each identified by their own host name at the same time, not after switching from one to the other. Now if I was connecting via a dsl modem, I would know that at least there would be a firewall between the net and my kit, but since I am on a satellite service which doesn't like routers much (downloads always hang and forget about uploading anything) the "modem" which really isn't a modem per se has no firewall. When I had problems connecting to the net figuring it was a blackout which happens time to time with dish networks, they said there were two assigned ip addresses which showed that there were two seperate hosts connected which caused some kind of conflict with the systems ability to assign a new address, even after a reboot into both harddrives to test connectivity. I shut down my pc, went to my laptop and boom, a new IP address was assigned and I had connectivity.
I then took out one hard drive and again, I had connectivity again.
Another thing I have run across is that forums like this which show how many users are viewing a thread, always pick me up as two before I log in, once I do that I become one user, and I have tested this by digging up ancient threads and looking at them. lo and behold two users would be viewing the thread. I'm sure, if a mod or administrator looks, my browser identifies the system as one but the database picks me up as two.(?)
So apparently from the evidence I have gathered, it seems both hdds act as if they are two systems on a router. Alas, I am one step above a common end-user, I can configure my systems, heck even when I first went to SuSE I was able to get my winmodem on an old system to work!(no small feat for a newb) But, to define in any other terms what is exactly going on I am at a total loss. All I know is that when I connect both drives act as if they are on two systems. I have always kept passwords which well exceeded ten digits on both systems, so I follow the usual protocols of keeping a tight system, especially have ever since 9x; firewalls, antivirus (nod32) spyware scanners, and with SuSE, no antivirus since I am not serving from one win machine to the other, but I do have rkhunter, process list, and rootkit check installed to run a check once in awhile through console...but even that isn't really necessary since I don't use my system as a server and therefore have all the runtime processes which are related to server use deactivated (both for security reasons and boot speed tweaks).
|
|
|
10-22-2007, 07:57 PM
|
#4
|
Senior Member
Registered: Mar 2006
Posts: 1,896
Rep:
|
Wow!!! This is definitely a head scratcher!
Does this duplication (two users) exist with each of the two OSes?
The first thing that comes to mind is to try to use a packet sniffer (such as tcpdump or wire shark) to figure out what is going on. In theory you could run this on the box you are concerned about, but if that box is doing something weird (either because of compromise or some weirdness in the software or hardware) I don't know how much I would trust the results. If you have a spare box with two NICs, you could put that in between your target computer and the ISP and run the sniffer on that. I know you suggest you might no be able to do downloads or uploads that way, but perhaps just some normal browsing.
I also find it baffling that you can't use a router with your service. I would expect the Network Address Translation (NAT) to be invisible to your service. (You don't have any custom software from your ISP required to be on your computer(s), do you?) Of course, I do not know everything so there could be something I am missing.
As strange as your problems are, I hope some guru views this thread and throws some light on this.
Last edited by blackhole54; 10-22-2007 at 08:00 PM.
Reason: Wording change for clarity
|
|
|
10-22-2007, 10:00 PM
|
#5
|
Senior Member
Registered: Sep 2003
Posts: 3,171
Rep:
|
Well, one thing is for sure; your theory of your two hard drives each presenting as a different system on the internet is flatly impossible; that isn't the problem. Period.
What is the problem? Well, lets dig a bit. Are you running a virtual machine, such as VMWare? My workstation reports itself out as anywhere from two to four different machines, just depending on how many operating systems I have running simultaneously in VMWare.
Presumably you aren't running virtual machines, so the next thing to do is open a shell window and type in ifconfig and see what you get. You may have to be root to do that. I'm guessing that somehow you have two different network connections bound to the same ethernet port and this is your problem. Are you running any kind of proxy server such as squid?
Also enter the command route and see what you get.
Run both those commands and post the results here; we'll figure it out, I'm sure.
|
|
|
10-23-2007, 06:50 PM
|
#6
|
LQ Newbie
Registered: Oct 2007
Posts: 3
Original Poster
Rep:
|
Here you go,
Another thing I should mention and I truly apologize for not mentioning this; both knetwork and windows acted as if they had full connectivity, but there was no communication between box and isp, even running repair in windows and stopping/restarting SuSE network manager succeeded in the sense that no errors were reported, but still firefox, opera, and explorer acted as if in off line mode.
I'm not running a virtual system and I'm not running through proxy(though if dish networks differ from cable or dsl, don't know), and the host name isn't assigned by dchp.
I can always partition one hdd, but I would just rather keep the two separated because,A. xp always acts up in time, and B. I like SuSe and python to control the render to the other linux boxes in the farm and the extra gigs for the large files for this is always nice.
Oh, and I can't go without showing my respect and gratitude to you guys for taking the moment to help me out.
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
72.173.196.0 * 255.255.252.0 U 0 0 0 eth0
loopback * 255.0.0.0 U 0 0 0 lo
default 72-173-196-1.cu 0.0.0.0 UG 0 0 0 eth0
eth0 Link encap:Ethernet HWaddr 00:16:17:7A:53:E6
inet addr:72.173.197.28 Bcast:72.173.199.255 Mask:255.255.252.0
inet6 addr: fe80::216:17ff:fe7a:53e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8149 errors:0 dropped:0 overruns:0 frame:0
TX packets:1342 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1425685 (1.3 Mb) TX bytes:135581 (132.4 Kb)
Interrupt:185 Base address:0xec00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:30 errors:0 dropped:0 overruns:0 frame:0
TX packets:30 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1956 (1.9 Kb) TX bytes:1956 (1.9 Kb)
Last edited by Keyser SuSE; 10-23-2007 at 07:02 PM.
|
|
|
All times are GMT -5. The time now is 07:59 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|