Will unraveling the iconographic data in the crop circles reveal who is creating them? An equation is used to quantify the probability of life that exists in the universe. One crop circle appears to be an answer to the mathematical formula created by Dr. Frank Drake, known today as the Drake equation.   |
|
|
|
Is it possible to force the sources.list addresses to use a host file instead of DNS?
I'm pretty sure the hosts file is always prefered over the network's DNS server anyway, though this probably can't be relied upon if you suspect a rootkit. You can, however, put the repo's IP address directly in the sources.list file, eg: deb ftp://130.89.148.12/debian/ squeeze main contrib non-free (though this also shouldn't be relied upon if you've got a rootkit) Then I will do this when/if I reinstall the OS, I want to gather more details first though before I nuke stuff. Can tzdata be removed from Ubuntu without breaking it's ability to function?
No. What's tzdata got to do with anything anyway? tzdata, is one of a small list of programs that is allowed complete internet access through all IDS and firewalls. I had strange behavior appear, after wipe and reinstalls, only after the very first internet connection, which seemed to affect, gnome, network-manager and screensaver, (affected in that order). My internal domain would change to a blackberry ID. No internet connectivity after installation and gnome, network-manager, screensaver did not wig out and the internal domain name did not change. Because of this, I thought the possible infection is occurring through some first connect event, DNS or first outbound connecting program after the network is up. I eliminated ntpd and bluez before first connect and the issues still occurred. Outside of tzdata and DNS I'm not aware of what else could be contributing to this behavior. |
|
|
|
If Firefox had been installed, and the update appearing to be legitimate, Ubuntu's 'update-notifier' application, I would have clicked it, even though it was only a language pack available for update. It's also entirely possible I already installed some malware because of this EvilGrade method.  How can you determine what IP's update-notifier is providing the update from? Is it possible to force the sources.list addresses to use a host file instead of DNS? Can tzdata be removed from Ubuntu without breaking it's ability to function? |
|
|
|
The brain is just a really, really complex machine we don't have the schematics or source code for.
Then Reverse Engineer it. For individuals capable, meditation. For healthcare professionals, tests, Q&A, scans. |
|
|
|
Thanks foxpup for the confirmation. Something not correct is occuring, my auto updater, Ubuntu 11.04 64bit, is asking me to update a language pack, I don't have Firefox, and Firefox isn't present on the entire network.  EvilGrade is a framework which the exploits weaknesses in the auto-update services of multiple common software packages and the attack performed by this framework is one of the best example for client exploitation. This framework tricks the service into believing there is a signed update available for the product, thus prompting the user to install the upgrade where the upgrade is the attacker’s payload. This type of attack is a bit difficult for a normal user to detect since they don’t see anything suspicious and the upgrade looks legitimate.
We can use this framework with the combination of DNS spoofing or Man-in-the-middle attack in order to spoof the software upgrade. This therefore tricks the victim into downloading the upgrade, thereby executing our malicious arbitrary code.
The EvilGrade supports various famous software like Notepad, iTunes, Java plug-in, WinZip, Winamp, DAP, OpenOffices, LinkedIn, Speedbit, etc.
Evilgrade takes the advantage of various applications because most of these verify neither the update contents nor the master update server. Basically, in this type of attack, the attacker seeks to modify the DNS traffic of the victim and return them to some other ip address controlled by the attacker. http://resources.infosecinstitute.com/hacking-autoupdate-evilgrade/ |
|
|
|
Yes, I have been able to see the scripts which appear to be legitimate, therefore, must be false positives from RKH. I'm now back to where I was before I downloaded, installed and misconfigured RKH.  I'll poke around with a manufactured Live CD some and try to discover what the fuzz. Would OSSEC HIDS be of value to see what the fuzz is happening? |
|
|
|
The rootkit would make that file appear to be normal; that's what they do.
If you can boot from a known-good live CD then you'll be able to mount your root partition and see how that file really looks, before the rootkit has a chance to run and start masking itself.
I'm going to have to do this for sure. All of the Linux tools I've used are coming up empty, top and the like, yet the system responds as if it is overloaded by too many processes. When I do this, strace, I found out why there is nothing in ld.so.preload  : access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3still looking... Edit: RKH {Warning} Is this bad? Warning: The command '/usr/sbin/adduser' has been replaced by a script: /usr/sbin/adduser: a /usr/bin/perl script text executable
Warning: The command '/usr/bin/ldd' has been replaced by a script: /usr/bin/ldd: Bourne-Again shell script text executable
Warning: The command '/usr/bin/lwp-request' has been replaced by a script: /usr/bin/lwp-request: a /usr/bin/perl -w script text executable
Warning: The command '/bin/which' has been replaced by a script: /bin/which: POSIX shell script text executable
Checking for hidden files and directories [ Warning ]
Warning: Hidden directory found: '/etc/.java'
Warning: Hidden directory found: '/dev/.udev'
Warning: Hidden directory found: '/dev/.initramfs' |
|
|
|
|
If the current tools are not able to determine what the offender is, assuming some application may be running, what other diagnostic tools or techniques can I use that may help resolve this?
|
|
|
|
1) Desire: Whenever a person has any type of desire, it implies that they are dissatisfied with what currently 'is.' Dissatisfaction implies discontent and a lack of happiness. If you want something that you don't currently have, this is a problem. Desire originates in the will. It is activated, in the realms in which it is directed, by that which is the motivating force, through the will and the mental abilities of the individual. Desire is the power which drives our physical, our spiritul self, while will is the directing force. It is the intent of mind that strengthens desire. I agree with you completely, so I'm actually not sure why you disagreed with what I said. What I disagree with I highlighted. In your view, all desire is negative. Is self-preservation or hunger a lack of happiness? Is it necessary for us to give up all desire for us to be happy? The positions in which we find ourselves are drawn to us through our desire; What we are has been built through desire. The 'is' was achieved through desire. Therefore, happiness or a lack of happiness is desire fulfilled already. |
|
|
|
Unfortunately, it isn't in n00bese, so I would need another source for the difficulty factor. |
|
|
|
To anyone in this thread:
So, based on your theory, what do we do about it then?
It is difficult to provide a specific answer to a vague question. |
|
|
|
|
This system has a quad core 2.8GHz processor, also CPU doesn't appear to be spiking according to top.
|
|
|
|
|
P2pool's actual payout per gigahash per day for the period 8/24/11-9/23/11 or 31 days
Average daily hashrate: 9 GH/s
# Blocks found: 6
6 * 50 / 9 = 33.33333 / 31 = ⊅1.075269 per gigahash per day
Now all that is needed is the difficulty factor for the same period to calculate expected value, then compare.
|
|
|
|
PPS payout: 86,400 seconds/day * MH/sec / 4294.967296 (megahashes/share) * PPS = Payout/day Finding expected PPS: Take Payout/day from Alloscomp's calculator for 1000 MH/s and place into Payout/day of PPS payout to solve expected PPS. To find your Payout per gigahash/s you will need, a pools avg. GH/s for the period your measuring, # of blocks divided by days. Finding the expected payout: According to Alloscomp's Bitcoin Calculator: http://www.alloscomp.com/bitcoin/calculator.phpIf the difficulty factor is 1583177.84744, and the MH/s is 1000, then your Payout per GH/s per day is ⊅0.64 This will be the standard measure, the expected value, for comparing miner, pools or network payouts. Calculating the past 7 day PPS and payout/day for P2pool: P2pool 7 day average hashrate: 222 GH/s Previous 7 days total blocks from 6/14-6/20: 23 23 blocks * 50 / 222 GH/s = 5.18018 / 7 = 7 day avg. Payout per GH/s or ⊅0.740026 per GH/s per day P2pool has been performing for the past 7 days 15.6% better than expected. |
|
|
|
cg@miner:~$ sudo python /usr/share/armory/ArmoryQt.py --offline
********************************************************************************
Loading Armory Engine:
Armory Version: 0.77
PyBtcAddress Version: 1.00
PyBtcWallet Version: 1.35
Detected Operating system: Linux
User home-directory : /home/cg
Satoshi BTC directory : /home/cg/.bitcoin/
Satoshi blk0001.dat : /home/cg/.bitcoin/blk0001.dat
Armory home dir : /home/cg/.armory/
Using settings file: /home/cg/.armory/ArmorySettings.txt
Loading wallets...
Number of wallets read in: 1
Wallet (BgQ9BDU3): "ref52632 " (Encrypted)
Internet connection is Available: True
Satoshi Client is Available: True
640 480
Usermode: Advanced
Attempting to close the main window! cg@miner:~$ sudo python /usr/share/armory/ArmoryQt.py
********************************************************************************
Loading Armory Engine:
Armory Version: 0.77
PyBtcAddress Version: 1.00
PyBtcWallet Version: 1.35
Detected Operating system: Linux
User home-directory : /home/cg
Satoshi BTC directory : /home/cg/.bitcoin/
Satoshi blk0001.dat : /home/cg/.bitcoin/blk0001.dat
Armory home dir : /home/cg/.armory/
Using settings file: /home/cg/.armory/ArmorySettings.txt
Loading wallets...
Number of wallets read in: 1
Wallet (BgQ9BDU3): "ref52632 " (Encrypted)
Internet connection is Available: True
Satoshi Client is Available: True
640 480
Loading blockchain
Attempting to read blockchain from file: /home/cg/.bitcoin/blk0001.dat
/home/cg/.bitcoin/blk0001.dat is 1804.52 MB <---This is the point when hang-time occurs. It appears to be interacting in some way with cgminer. If I run '--offline' there are no issues, but if I run the normal version it kills the hashrate in cgminer. |
|
|
|
Which is exactly why Bitcoin is the most valuable per density. You can fit all the Bitcoin wealth in the world on a microSD card.
After you load all of the Bitcoins on it, eat it and tell me how filling it is.  37% of US city drinking water is privatized already. That means corporations will be dictating price, quality, and how much water you get once they own it all. 37% is now and will only get worse every year. By 2020 all water will be privatized. If they can limit how much water you can access they can limit how much food you can grow to be self sustaining. |
|
|
|
|
BFL is speculating, by pricing their asic product to reflect their idea of where the price of Bitcoin will be after the halving. They show they don't understand Bitcoin or other markets that are affected by supply and demand. If total oil production goes down by half, what happens to the price of oil? Bitcoin is no different. Also, projected value of Bitcoin places it in the $12 per BTC range just before halving time.
|
|
|
|
Given the decentralised nature of the pool, some proponents feel that this is an acceptable price. Let's disect this statement shall we: a decentralized pool = an acceptable price This connotes a sacrifice in some other area. According to the majority of organofcorti's posts, that is profitability. Your using words to paint an unprofitable picture about p2pool that doesn't exist, the blocks attest to this. Seriously though, check_status, your comment was completely out of line. OOC has empirically investigated many pools, in many cases he found inadequacies caused by negligence or malice of the operator. It's not out of line at all. There is a preponderance of evidence of organofcorti's p2pool posts where he flat out says or implies p2pool is the least profitable pool. You are not a fan of p2pool either, some of your remarks have been aimed at having p2pool users mine at other non-p2pool pools. A hater in support of another hater, I'm shocked. Do we need to get the blocks out to see how p2pool provides one of the highest PPS payouts per gigahash when compared against any pool. Most people who mine watch what is said and make decisions on what occurs in posts. Many lack knowledge of how to determine profitability of a given pool, they rely on the thoughts and comments of others whom they deem "smart" and therefore, can be swayed by "Inteligent BS". |
|
|
|
|
The DEA is a military organization created by the executive branch and overseen by the President.
|
|
|
|
It looks like the memory is down a bit, hovering right around 410m-475m while swap is at 3000m. According to top, total RAM consumption by processes is equal to or less than 60%, buffers and free equal 1.2%, 30%-40% unknown. top 1: top - 19:47:39 up 2 days, 3:34, 4 users, load average: 5.28, 4.08, 3.20
Tasks: 137 total, 2 running, 135 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.7%us, 1.7%sy, 0.3%ni, 88.6%id, 7.7%wa, 0.0%hi, 0.1%si, 0.0%st
Mem: 1021836k total, 1010296k used, 11540k free, 1620k buffers
Swap: 4192252k total, 674568k used, 3517684k free, 51276k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
18079 user 20 0 2995m 445m 560 D 0 44.6 1:12.57 python vmstat 1: procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 4 779304 12624 712 56608 7 4 79 98 41 21 2 2 88 8
0 6 781008 11876 1280 58360 457 498 1248 552 354 416 0 1 45 54
1 4 782136 15388 1656 57444 550 379 966 673 447 519 0 1 56 43
0 3 782704 17828 1628 55844 790 381 819 631 477 558 1 1 40 59
1 2 781416 12628 1640 56584 750 0 886 288 451 549 2 0 73 24
0 2 779672 27012 1648 56836 1029 0 1094 18 405 550 0 1 75 24
0 2 778036 28012 1656 58236 1018 0 1279 4 392 534 0 1 73 26
0 2 776976 19076 2248 62524 678 0 1361 151 362 432 1 1 74 25
0 2 776244 19052 2256 61532 952 161 1066 172 402 541 0 1 73 26
0 2 775080 15688 2264 61768 698 23 858 33 404 521 1 1 72 27 top 2, 3 hours later: top - 01:18:38 up 2 days, 9:05, 5 users, load average: 2.83, 2.69, 2.76
Tasks: 140 total, 1 running, 139 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6%us, 1.6%sy, 0.3%ni, 86.4%id, 10.2%wa, 0.0%hi, 0.1%si, 0.0%st
Mem: 1021836k total, 1010740k used, 11096k free, 1228k buffers
Swap: 4192252k total, 957816k used, 3234436k free, 38512k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
18079 user 20 0 3177m 412m 1036 D 0 41.3 4:09.62 python
vmstat 2, 3 hours later: rocs -----------memory---------- ---swap-- -----io---- -system-- ----cpu----
r b swpd free buff cache si so bi bo in cs us sy id wa
0 1 952564 23104 920 38844 21 9 99 97 46 29 2 2 86 10
0 1 949684 10680 1196 39784 1144 0 1266 6 473 674 0 1 73 25
1 3 953348 17040 1180 44040 819 574 1750 686 466 494 1 1 73 25
1 2 952292 17588 1008 43064 902 97 1216 518 436 500 0 1 66 33
0 2 956724 29144 640 35876 827 640 1165 687 443 572 1 1 73 26
1 1 955868 19812 760 42568 397 7 1220 15 407 561 1 1 72 26
0 1 953800 15328 768 40524 1096 40 1390 54 435 600 1 1 74 25
0 1 952620 9472 760 40040 968 97 1523 160 389 453 1 1 73 25
0 1 955092 18528 584 37932 1136 508 1161 510 428 555 0 1 75 24
0 3 954888 11276 592 39480 1114 218 1376 229 397 489 1 1 72 26
0 4 954408 13888 548 40220 570 86 1870 216 516 570 1 0 33 66
0 3 955060 15648 536 38408 910 281 936 476 554 685 1 1 42 56
1 1 956664 13704 592 41472 748 354 1203 769 622 783 1 1 72 26
0 1 956812 13484 596 39128 1064 257 1146 260 616 859 1 1 71 27
0 1 955760 13072 616 39732 879 91 1134 505 443 546 0 1 69 31
0 1 955552 9096 624 40184 1077 208 1252 210 389 485 0 1 73 26
1 1 957000 10096 640 40392 892 348 1131 353 411 479 1 1 71 28
0 1 957204 12220 620 39380 1133 289 1410 349 397 518 0 1 74 25
1 6 956872 8524 584 38432 1000 228 1008 254 449 551 0 1 60 39
0 4 957624 10360 1232 38412 601 234 1095 334 412 411 0 1 43 56
0 6 959648 17668 1156 37200 964 412 1386 461 447 496 1 1 48 51 |
|
|
|
|
Show Posts
