Stay Ahead With Linux Security Features
security advisory attack A Linux server gets cleaned up after an intrusion. The suspicious process is terminated, credentials are rotated, and the system is rebooted during maintenance. Everything seems secure. A few hours later, the same outbound connection appears again. . Situations like that point to persistence . The attacker no longer needs the original exploit because something on the host continues restoring access behind the scenes. Finding that mechanism is often more important than understanding how the...
Jun 08, 2026
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -3 articles for you...
102
encryptionpacket snifferdata interceptionUnderstanding Packet Sniffers: Techniques and Detection Methods
A packet sniffer is a program which monitors network traffic which passes through your computer. A packet sniffer which runs on your PC connected to the internet using a modem, can tell you your current IP address as well as the IP addresses of the web servers whose sites you are visiting. . You can watch all the un-encrypted data that travels from your computer, onto the internet. This includes passwords and other sensitive data that is not secured by encryption. Put a packet sniffer on a router on the internet, and you can watch all the network traffic that passes through that router. This includes absolutely anyone whose data happens to pass through that router. Sniffers are basically data interception programs. They work because the Ethernet was built around a principle of sharing. Most networks use what is known as broadcast technology, meaning that every message transmitted by one computer on a network can be read by any other computer on that network. In practice, all the other computers, except the one for which the message is meant, will ignore that message. However, computers can be made to accept messages, even if they are not meant for them, by means of a sniffer. A sniffer is usually passive, it only collects data. Hence, it becomes extremely difficult to detect sniffer. When installed on a computer, a sniffer will generate some small amount of traffic, though, and is therefore detectable. Detection methods: 1. Ping Method: The trick used here is to send a ping request with the IP address of the suspect machine but not its MAC address. Ideally, no machine should see this packet, as each Ethernet adaptor will reject it since it does not match its own MAC address. If the suspect machine is running a sniffer, it will respond since it does not reject packets with a different destination MAC address. This is an old method and no longer reliable. 2. Address Resolution Protocol (ARP) Method: A machine caches ARPs, so what we do is send anon-broadcast ARP. A machine in promiscuous mode will cache your ARP address. Next, we send a broadcast ping packet with our IP address but a different MAC address. Only a machine that has our correct MAC address from the sniffed ARP frame will be able to respond to our broadcast ping request. 3. on Local Host: Often, after your machine has been compromised, hackers will leave sniffers on it in order to compromise other hosts. On a local machine, run ifconfig. 4. Latency Method: This method is based on the assumption that most sniffers do some parsing. Simply put, in this method, a huge amount of data is sent on the network, and the suspect machine is pinged before and during the data flooding. If the machine is in promiscuous mode, it will parse the data, increasing the load on it. It will therefore take extra time to respond to the ping packet. This difference in response times can be used as an indicator of whether or not a machine is in promiscuous mode. A point worth noting is the packets may be delayed because of the load on the wire, resulting in false positives. Prevention The best way to secure you against sniffing is to use encryption. While this won. Monitor unprotected data packets flowing from your device over the internet. Explore packet sniffer tools and strategies for detection.. Packet Sniffing, Data Interception, Network Monitoring, Traffic Analysis. . Benjamin D. Thomas
Jul 13, 2006
•
102
network securitydata interceptionprivacy risksExamining Carnivore System’s Email Monitoring And Privacy Concerns
The US and UK governments want to install a device on public networks to monitor traffic for suspected criminal activities. But is that all they want to do? Chris Parker explains. . W hen one really thinks about it, the main reason for computer security is data privacy. People protect their systems so that unwanted people can't see data they're not authorized to see. Well, what if there was no way to protect your privacy because all incoming and outgoing data was being viewed by a third party. This is the potential power that the FBI wields. Carnivore is a sealed box that the FBI installs at an ISP. The box filters packets, looking for emails of suspected criminals. Once emails from suspects are found, they are saved for decryption and analysis. The FBI claims that Carnivore is meant for nothing more than tapping the email of suspected criminals. Also built into Carnivore is a remote-access capability that allows FBI agents to check on the progress of the Carnivore system. While it does need a court order to be used, ISPs dislike the idea of Carnivore because they have no way to ensure protection from Carnivore for their law-abiding customers. Also, ISPs feel that if Carnivore's only true purpose is to look for email addressed to or from a suspect, then there is no need for Carnivore because the ISP can do that for the FBI easily enough. Another thing that is worrying people is the FBI's protest of the American Civil Liberties Union's (ACLU) Freedom of Information Act (FOIA) request for the source code of Carnivore's packet filtering program. If all Carnivore does is look for suspect's emails, why is the FBI so worried about the source code being released? Not only this is troublesome, but Carnivore has been active since 1999, with over 25 email-taps to date. It seems the FBI was trying to sneak Carnivore past the American people. If FBI agents can access Carnivore remotely, what is stopping someone from cracking the system and taintingthe evidence or even worse, use the system to spy on law-abiding citizens? If Carnivore does go into wide spread use, it will only be a matter of time before it is cracked. The chance to spy on 1000s of people will be too much to resist for crackers; it is probably too much to resist for the FBI. Carnivore is not the first attempt at surveying email. The FBI has been trying to figure out the best way to tap email for a while; Carnivore is just their most recent attempt. Also, the UK is trying to get Regulation of Investigatory Powers (RIP) Bill passed. The RIP Bill will allow UK authorities to monitor suspected criminals' email and other data connections. Similar to what the FBI are currently doing, the UK MI5 agency can put a Carnivore-like black box onto an ISP's network and then listen to all incoming and outgoing packets, looking for packets going to, or intended for, the suspect. Along with this, the RIP Bill will allow the MI5 agency to demand the encryption keys for encrypted data, or face 2 years in prison. Once an employee gives the encryption code away, she isn't allowed to tell anyone, even management, or face 5 years imprisonment. This means that a company, who thinks their private, proprietary information is safe, may actually have their information being viewed by dozens of MI5 agents. Critics of the bill say that it is pointless because the computer-literate criminals that this bill is supposed to help catch will easily be able to go undetected and keep their data private. A report that recently came out about the bill said that the bill will "undermine the privacy, safety and security of honest citizens and businesses." With more and more people listening on private conversations and actions online, SSL and other forms of encryption are necessary to be truly secure. With the incredible impracticality of this, the only other solution is IP6, which does do secure encrypted connections for most types of packets. . Theconflict between individual privacy rights and government surveillance has intensified, especially with advanced technologies like Carnivore and similar systems.. Email Monitoring, Privacy Risks, Data Interception, Government Oversight. . Brittany Day
Aug 01, 2000
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More