Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have noticed some strange things in my syslog and during shutdown lately, There are ip address and MAC addresses in the part of the file I want to post, Is it safe (from a security standpoint) to post them? Thanks.
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
posting mac addresses should be fine. ip addresses however can be a different matter. if they are private range (10.0.0.0/8 192.168.0.0/16 or i think this one is correct, but not 100% sure: 172.16.0.0/11 ) then you are fine posting them, if they are anything else... you could sensor them, ie: change a set of 8 bits to xxx (i would sugest to sensor 2nd or 3rd set of 8 bits)
IP addresses are not secret: even this web site recorded your IP address when you connected. If you are using NAT (network address translation), your IP address is only significant to the local subnet.
MAC addresses can be changed at will, and are only significant to the local segment (basically the piece of wire that connects you to the router). Almost any interface can be set to any MAC; it is only required to be unique in the local subnet.
As a result, neither value is of any use to anyone else. If it were of use (for example, someone trying to spoof on your local subnet), a few seconds of using a sniffer (a program that captures packets) will reveal both IP addresses and MAC addresses.
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
public ip's are not secret: that is true,
BUT
revealing public ip addresses can cause people to try and find vulnerabilities just for fun on those addresses.
just to avoid such a situation, i would not post the entire public ip address.
you never know what some 'mindless' people get up to, when they are bored, and stumble across an ip address... esp. on a computer techy forum.
You'd probably be amazed how many hits your internet facing IP address gets already. I get several hundred per day; a few more from curious folks on this site certainly won't hurt. Anyone can be DDOS'd, but why expend the effort to DDOS a given arbitrary (and possibly fake) personal address, and in the process expose your zombies?
Trying to find vulnerabilities "just for fun" is illegal in some countries, so you would be risking jail time, fines, and equipment confiscation. Better to rent a DVD.
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
Quote:
Originally posted by macemoneta You'd probably be amazed how many hits your internet facing IP address gets already. I get several hundred per day; a few more from curious folks on this site certainly won't hurt. Anyone can be DDOS'd, but why expend the effort to DDOS a given arbitrary (and possibly fake) personal address, and in the process expose your zombies?
Trying to find vulnerabilities "just for fun" is illegal in some countries, so you would be risking jail time, fines, and equipment confiscation. Better to rent a DVD.
No Sir, i know exactly what 'junk' comes into an interface connected to the internet (i know this from work, and private interest). DOS and DDOS is not at all what i had in mind either. because a lot of computers are not correctly secured, an ip address can be enough 'motivation' to some black-hat waering kid that knows a little about pen testing, or how to use vulnerabilities in services commonly run. (to me) it is irresponsible to be posting a public ip address, and with that possibly supporting such action.
i know that getting hold of ip addresses is not a problem at all, but in a post ip addresses could get mentioned along with critical infromation.
just sensor public ip addresses, if you do not know if the address you have is public or private, you can search google for 'private ip range' or something along that line.
Originally posted by Nathanael
just sensor public ip addresses, if you do not know if the address you have is public or private, you can search google for 'private ip range' or something along that line.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.