CrunchBang Linux Pastebin - collaborative debugging

pastebin is a collaborative debugging tool allowing you to share and modify code snippets while chatting on IRC, IM or a message board.

This site is developed to XHTML and CSS2 W3C standards. If you see this paragraph, your browser does not support those standards and you need to upgrade. Visit WaSP for a variety of options.

CrunchBang Linux Pastebin

Posted by moaningvulva on Thu 31st May 02:16 (modification of post by view diff)
download | new post

  1. Linux: Tor, Security, Rootkits, and more info...
  2.  
  3. "Some say the only way to be certain of escaping a trojan or root kit compromised box is to reformat and reinstall the OS. That would wipe out any malware."
  4.  
  5. If some one or some org wants your box, they can take it by bypassing harddrive/usb thumb drive infections and go straight to the good stuff... AGP/PCI device(s) firmware including motherboard BIOS, graphics cards, network cards, etc.
  6.  
  7. Please review some of the articles and PDFs near the beginning of this resource:
  8.  
  9. HUGE Security Resource - version 5000-03/06/12
  10. http://pastebin.com/M7ZwwVCA
  11.  
  12. See also:
  13.  
  14. Tor Operations Security
  15. http://cryptome.org/0005/tor-opsec.htm
  16.  
  17. "Is there something that can work as well when the machine is MITM compromised? Is there anything we can do to unMITM if we suspect our connection is MITM compromised?
  18.  
  19. Or is it once MITMed always MITMed?"
  20.  
  21. Sadly, rootkit scanners for Linux are lacking in features. For example, chkrootkit will allow you to look for strings in binaries, but it's up to you to detect what could be malicious.
  22.  
  23.     Remnux may be of help: http://zeltser.com/remnux/
  24.  
  25. but if you have a serious infection, something clingling to/inside your devices in firmware, a malicious attack against a router which overwrites your firmware for example but you can't detect any difference in the router's settings pages but you're pwned, what do you do?
  26.  
  27. You can run Wireshark and nmap but if you've got at least one machine on your LAN pwned you're going to have to examine every system unplugged from the net and your LAN, and know what you're doing. Can you dump your BIOS and checksum it, do you know what malicious strings are in binaries? See the huge security resource above, it contains blogs for reverse engineering and detecting malware in binaries.
  28.  
  29. If, after wiping your drive and reinstalling, buying a new router (pref. wired, wifi is just a shit magnet for crackers) and updating and securing the router you're still fscked, you may have a deep infection and not even Windows scanners scan firmware PCI cards and such, so there's only one solution, treat the infected hardware like the wicked witch in the wizard of oz.
  30.  
  31. If possible, never buy wireless and bluetooth devices, stick with wired connections and check for splices/wire diversion attacks from the outside by malicious parties.

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting:

To highlight particular lines, prefix each line with @@


Remember me