Bizzare network attack?


 
Thread Tools Search this Thread
Special Forums IP Networking Bizzare network attack?
# 1  
Old 01-08-2010
Bizzare network attack?

A server I host is having very rare glitches where a file the user downloads will have incorrect contents. This almost never happens when I am looking, I caught it once and only once -- a user messaged me saying his antivirus had given him a warning about an image file downloaded from his webspace, I downloaded it myself and found that it was a text file full of cialis misspellings.

The file as stored was unaltered, and the next time I downloaded the file it was innocent again. I'm so far unable to find any rogue processes, users, or even any obvious way this substitution could have been made.

Right now I'm doing a brute-force check of all installed binary files in my system, doing checksums to compare them to their stored values, but that hasn't turned up anything useful yet.

I suspect this is rather some sort of bizzare network attack, but have only a vague idea what or how... I once read about the wireless toy airpwn, which operates by injecting response packets before the real response arrives. There are other computers on the same switch as the server, other computers I don't control. Could they be spoofing me?
# 2  
Old 01-15-2010
I hope it's not too late, but let me rephrase and try to think (though it's hard when Dream Theater are injecting stereo sounds directly into the brain Smilie )
The user downloaded the file, and it was corrupted - the user is on a totally different than your location, right ? Then, you downloaded it, and it was bad again. Then, the file, on the server, was OK ? To me, it sounds that someone with access has changed the file while it was on the server and you should rather dig into the server's access logs. While it's possible that someone will spoof you via those insecure Wi-fi networks and protocols, do you really suspect someone in your area messing with files ? If it's the infamous cialis - have you check the anti-virus status of the systems ? My $0.2.
# 3  
Old 01-21-2010
Quote:
Originally Posted by sysgate
I hope it's not too late, but let me rephrase and try to think (though it's hard when Dream Theater are injecting stereo sounds directly into the brain Smilie )
The user downloaded the file, and it was corrupted - the user is on a totally different than your location, right ? Then, you downloaded it, and it was bad again. Then, the file, on the server, was OK ? To me, it sounds that someone with access has changed the file while it was on the server and you should rather dig into the server's access logs.
The file was not modified. Its state on the server appears to have always been clean.
Quote:
While it's possible that someone will spoof you via those insecure Wi-fi networks and protocols, do you really suspect someone in your area messing with files?
There's no wireless involved. airpwn was just an example of the principle I was thinking of -- if you're in the same medium/switch and catch an incoming request, it may be possible to respond before the real recipient does. It's not computers "in the same area" as much as the same building, on the same switch.
Quote:
If it's the infamous cialis - have you check the anti-virus status of the systems ? My $0.2.
That was my first guess. What I was actually wondering was whether that was possible, to spoof another IP address of something on the same switch.

The incident hasn't been repeated, which seems really odd if anything in the system has actually been compromised. Maybe it happened because of something on the uploader's machine.
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Bizzare behavior on redirect of stdout

Oracle Linux 5.6 64-bit (derivative of RHEL) Dear Ann Landers, This is about as bizarre as anything I've ever seen. I have a little test script I've been working with. When I redirect stdout to a file, no file. Make a copy of the script to another name. Execute it and redirect stdout, and... (4 Replies)
Discussion started by: edstevens
4 Replies

2. Programming

Bizzare optimization problem

I have a C program that, for the life of me, I can't see any possible stack corruption in but for some reason corrupts a local variable to 0 when not referenced. My compiler is gcc 4.3.4. But my question's not really a code question, it's a compiler question. The glitch is weirdly specific: ... (3 Replies)
Discussion started by: Corona688
3 Replies

3. UNIX for Advanced & Expert Users

Bizzare TCP/IP problem

Hi all. I have a really really weird problem that I've been working on for days. The problem manifested as users cannot connect to our web servers via SSH when they're using our wireless network. Here's where it gets weird: - Clients from anywhere other than the wireless subnet can... (4 Replies)
Discussion started by: pileofrogs
4 Replies

4. Shell Programming and Scripting

help with counting processes, bizzare behavior

I have a ksh script (dtksh Version M-12/28/93d on Solaris 10) that is run daily by cron and sometime hangs forever. I need to detect if there is an old copy hung before I start the new run, and if so send an email and exit the script. Here is part of the code: #!/usr/dt/bin/dtksh... (4 Replies)
Discussion started by: 73rdUserID
4 Replies

5. Cybersecurity

Network attack - so what?

In my logs I find entries about attacks on my system. I know IP addresses, I know date and time and I know what they tried to do. So what's the best I can do now? Tell everybody that there are cybercriminals on that network? Write an email to their admin? Anything else? (10 Replies)
Discussion started by: Action
10 Replies

6. Cybersecurity

What I think is a DoS attack

About 3 days ago our Apache logs started filling with the following errors: mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows) OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified These initially were... (1 Reply)
Discussion started by: ccj4467
1 Replies

7. Programming

very bizzare file writing problem

I'm trying to write a function which opens a file pointer and writes one of the function parameters into the file, however for some reason Im getting a core dump error. The code is as below void WriteToFile(char *file_name, char *data) { FILE *fptr; /*disk_name_size is a... (10 Replies)
Discussion started by: JamesGoh
10 Replies

8. UNIX for Advanced & Expert Users

Bizzare (while statement)

I'm trying to use the while statement to increment a positive number, with a leading "0". when I pass it through, it seems to come out with a negative value, and all the increments remain negative. This is what I have: i=010986294184 j=010986988888 while ; do echo $i i=(($i + 1)) done... (8 Replies)
Discussion started by: Khoomfire
8 Replies
Login or Register to Ask a Question