Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
My Internet connection is acting slow and keeps disconnecting every 3 minutes so I went to sbc-s help site, and saw the message
My computer will not stay connected to the Internet for any longer then 2 3 minutes tops.
Quote:
From Microsoft's website This update resolves a newly-discovered, privately-reported vulnerability. A remote code execution vulnerability exists in Plug and Play (PnP) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. The vulnerability is documented in the “Vulnerability Details” section of this bulletin.
We recommend that customers apply the update immediately.
I have a firewall- Firestarter installed and it just now added sit0 ipv6 tunnel onto the status menu I use Linux how can this be dose Linux have a virus scanner so I'll know if the pc is infected. I'm most certain that it is because the site0 ipv6 tunnel just now popped up not so long ago. the artical is posted below this paragraph.
Virus Alert! - Windows PC Customers - Important
For All Applications, Windows (all), and All Domains
Problem: Customers may be experiencing Continual shutdown/reboot, and/or slow browsing
Issue: Recent viruses (known by names such as Zotob, Esbot, etc..) have exploited vulnerabilities in Microsoft Operating System functionality (MS05-039). These viruses cause continual rebooting of machines (infected machines), and/or slow browsing (carrier machines).
How to Tell If Your Computer May be Infected:
1. Your computer is constantly rebooting when attempting to connect to the internet or on system startup
This means your computer may be infected with the virus and will not perform properly.
2. Your computer's performance has suddenly degraded and is running very slow.
This means your computer may be carrying the virus without significantly impacting your connection.
How to Fix the Problem
1. To stop the shut-down in progress, follow the following process:
1. With your left mouse, click on Start.
2. With your left mouse, click on Run.
3. Type cmd and then click OK.
4. Type shutdown /A (WIN 2000/NT 4.0) or Type shutdown -a (WIN XP/2003).
5. Press enter.
Select your Operating System, download and run the patch.
3. How to remove the Virus:
If you have an antivirus program, update your definition files:
Norton: Right click on the Norton Icon in the system tray and select "Norton Updater"
McAfee: Right click on the McAfee Icon in the system tray and select "Update"
Yahoo Online Protection: Click the update button upon launching the Antivirus program.
Other Antiviruses: Visit your manufacturer's website for details.
So your computer is running slow and disconnecting every few minutes ... what does this have to do with a virus, let alone a Windows virus? Look at /var/log/messages...
I thought the same thing the pc kept disconnecting from the Internet every 2 3 minutes non stop for over 3 hours so I naturally assumed that the pc had either caught a virus or someone used psp as mentioned on sbc-s website to gain access to my pc and change system settings.
SBC said they were not trained to use Linux so I had no other choice but to come here and ask why the symptoms mentioned on sbc-s website are happening to me I use Debian Linux.
If Linux is immune to pc viruses why is my pc disconnecting from the Internet every 2-3 minutes and why is the Internet connection slow. At first I thought it was a coincidence, but the symptoms were all there. The pc keep disconnecting from the net, the slow connect etc. Is it possible that someone hacked my pc and added spy ware onto it.
Quote:
sundialsvcs So your computer is running slow and disconnecting every few minutes ... what does this have to do with a virus, let alone a Windows virus? Look at /var/log/messages...
I cannot open that folder an error messages come up when I try.
Your hardware specs suggest you are using a dialup connection. The sypmtoms also suggest that the system is dropping the connection because it is idle for 120s (2 minutes). Suggest checking the ppp log in /var/log and this may confirm that your system is dropping the connection. Check your /etc/ppp/options and see if the idle <n>, where n=120 is set. It will be down at the bottom of the file.
I am using Dsl to connect to the Internet, I did everything mentioned on this thread and nothing worked, plus I managed to make the system worst by trying to configure the pc to fix the problem. The Pc at this point is so mucked up, The best way to fix the problem would be to Un-install and then reinstall, Sarge, Debian again from scratch.
I am not sure what happened, but someone , somehow managed to gain access to my computer. If I was using windows, I'm most certain that my pc would have been ruined. SBC global (My ISP,) The reps at SBC are still not answering the phones because they are being flooded with phone calls from people needing help to remove this virus.
I have been using Sarge Debian for almost a year now and never had to download, or configure the pc. As I type these lines the fronts are so messed up I can barley see them. I apt-got msttcore fonts hoping that would make the fronts decent enough so I can at least see what I am writing, however that method only made the fronts look Jagged, not only on the word processor but webpages- sites as well.
The only option I see fit is to either somehow, remove msttcore front from the pc and try to make the fronts normal again Or Un- install Debian and Re- install it again.
Edit: I decided to Un- install Debian and re- install it again thanks for the replies
The pc is now staying connected to the Internet, it';s about time lol this is the first time in 3 days that the pc stayed connected to the Internet. The only problem I am having right now is with the fronts. dose anyone know a way to remove the fronts (msttcore) I already tried apt-get remove, didn't work I need to get the fronts back to normal so I can see what I am typing as well as read webpages. This damn virus/ attack really pulled a number. I don't want to Install Debian again unless there is no ther choice any suggestions on what I should do will be appreciated my eyes are hurting from typing this message lol. thanks for the replies.
You could not be infected with the windows virus. It exploits a vulnerability not found on linux to execute code that will not run on linux that changes settings that do not exist on linux.
Try running "top", and sort the column so the process using most cpu usage is at the top (you can type shift-< and shift-> to switch the sort column, and shift-R to reverse the sort).
I have noticed that gam_server has sometimes been known to go berserk and take all cpu usage. if that's the case, type
killall gam_server
I am not sure what happened, but someone , somehow managed to gain access to my computer.
If that is the case then the only safe thing to do is reinstall, like you just did. However if you didn't format your home partition then you may still be vulnerable to backdoor attacks. You may want to backup your home directory in a tar ball and burn that on a CD or copy to a safe partition then format your home partition and recreate your user.
Originally posted by /bin/bash If that is the case then the only safe thing to do is reinstall, like you just did. However if you didn't format your home partition then you may still be vulnerable to backdoor attacks. You may want to backup your home directory in a tar ball and burn that on a CD or copy to a safe partition then format your home partition and recreate your user.
I suppose that the body is by-now dead and buried, but I never heard a symptom here that told me, "yes, this is a virus .. someone managed to get control of that computer." By now, the problem might be impossible to diagnose. Or, it could simply be taking a bit of a holiday, if the "reinstall" does not wipe out existing files but tries to preserve the existing configuration.
If you are using a DSL modem, then it is imperative that you have a firewall router, preferably one equipped with VPN, immediately downwind of that modem, and that all other computers are linked to the internet through it. On top of that, your Linux box should also have a firewall.
does it work, is it any good, would you buy it for linux
Most anti-virus programs for Linux are designed to check for Windows viruses on email gateways and file shares used/accessed by users of that OS, not to protect the Linux computer itself from the almost insignificant threat of Linux viruses. I wouldn't waste your money - secure your Linux box the proper way by setting up a firewall, keeping up with updates etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.