why not try it for yourself.
http://www.vergenet.net/linux/fake/
Fake allows you to take over the IP address of another machine in
the LAN
by bringing up an additional interface and making use of ARP spoofing.
The additional interface can be either a physical interface or an IP
alias.
fake is integrated on heartbeat (linux-ha. www.linux-ha.org), fyi
daddy wrote:
is it possible to fake live IPs. ( AFAIK you can only spoof loopback IP. ) because i was wondering they already put into place allowed hosts on sshd_config... is it possible to bypass it by some remote host saying that he is one of the IP listed in the conf...?TIA On Friday 07 March 2003 08:55, Mark M. Barrios wrote:if you can see its pid then look for it in /proc /proc/<PID>/ check cmdline or exe to see what exeactly he's running you can find out a lot of things there :D daddy wrote:if its a script how can i know where to find it... right now im doing a grep ftp.geocities.com * from / ... is there a nice way of doing this...?? On Thursday 06 March 2003 17:02, Jimmy Lim wrote:i was looking for our bandwidth eater.... and i did some minor investigation i found out that in one of my box someone is doing an ftp to ftp.geocities.com.. initial action was to look who's connected and after did a pstree to look where the sftp respawn... luckily it didnt respawn in a user login... it respawn from init... can someone tell me where to look so it doesnt happen again.... furthermore when i did the top: #top PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 14791 userx 19 0 229M 229M 588 R 99.9 22.9 23425m sftp # pstree -ap init,1) |-sftp,14791) ftp.geocities.com TIAHi daddy, I don't think that was ftp, it's a secure ftp, maybe the box was compromized doing some upload of your confidential files (passwd/shadow) putting it to their free webhosting like geocities. check also your contabs for other scripts that may run even this was removed in your init scripts. HTH_ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]_ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]_ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
