Skip to main content

Local Programs and Services on Computer

The programs running on your computer can give away information about your identity. Particularly those involved in file transfer and logging in to other computers.

Contents

    1 ident lookups
    2 ftp logins
    3 Telnet
    4 ssh keys
    5 Terminal Services/rdesktop
    6 SMB/NMBD
    7 mDNSResponder (Bounjour/Rendezvous/ZeroConf)
    8 UPNP


ident lookups

ident is the TCP identification service. It allows a remote host to determine the local username associated with any TCP connection involving that remote host. Naturally this is a concern, especially if your username reveals your true identity. So when do ident lookups happen? Well technically your machine's ident server will answer any request for a (server, client) port pair for which the destination IP is the same as the ident request source IP. However, normally is only used with FTP, SMTP and IRC traffic, if that. Some web and ssh servers also have it enabled. The best thing to do here is to kill your ident server, or add a firewall entry for port 113. Even better, you may wish to create an obfuscated or common username for regular use. Something like bob, jane, Acidburn, or ZeroCool, perhaps. ;)

    [root@machine ~/dir]# iptables -A INPUT -p tcp --dport ident -j DROP

ftp logins

Be aware that your FTP client may also transmit your username or email address as the anonymous password independent of your ident response. So far I've tested Firefox, links, and ncftp, and none of them report your username OR hostname in the login. So that's good.

Telnet

It is possible for a telnet server to query any arbitrary environment variables from your telnet client. These include USER, HOSTNAME, DISPLAY, etc. However, the default behavior of Linux telnet is to only send DISPLAY and PRINTER. Note that in some cases, DISPLAY may contain your hostname.

ssh keys

The major threat with ssh keys for Mac OS and Linux users is your ssh host key. This can be used to fingerprint you by connecting to port 22 of your IP to verify that you are using the same machine as some other previous IP, either at your ISP or over VPN.

On both operating systems, you should be able to regenerate new ssh host keys with the commands:

    [root@machine ~/dir]# ssh-keygen -t rsa -f ssh_host_key.pub
    [root@machine ~/dir]# ssh-keygen -t rsa -f ssh_host_rsa_key.pub
    [root@machine ~/dir]# ssh-keygen -t dsa -f ssh_host_dsa_key.pub

On Mac OS, these commands should be issued while you are in the /etc directory, and you should use a sudo before them. On Linux, run them as root in the /etc/ssh directory. Use no password for the keys.

ssh login attempts reveal information about your machine only if you have created ssh private keys and the ssh client attempts to use them to log in to the remote host. Password-based login leaks no information about the client other than the IP address.

Realistically, even the scenarios for proving a client's identity via an ssh key exchange are very unlikely. In the case of unsuccessful private key attempts, the only way it could be done is if the attacker's ssh exchange were logged, and then the attacker's private key was seized and demonstrated to provide the same signature as given to the remote host. To do this would require an obscene amount of data collection at the remote host end, just waiting for the attacker to connect. However, if an attacker logged in successfully via an ssh key, all that would need to be shown is that the ssh key existed on your machine to prove you were the attacker. Your local username is never sent as part of the ssh key exchange, even if it is a part of the public key.

Terminal Services/rdesktop

By default, both rdesktop (for Linux) and Microsoft's Terminal Services Client (mstsc.exe) will send your hostname and username to the machine you connect to. In rdesktop, you can override the username with the -u switch, and the hostname with the -n switch. In the MS Terminal Services Client, you can change your username in the "Options" button, but it's not clear that there is any way to avoid transmitting your machine name. Again, in Windows you can change your hostname via either NewSid or via the registry.

SMB/NMBD

Machines running windows file serving broadcast their computer name and description in SMB Master Browser Elections. You probably don't want this traffic spewing across your network connection if you wish to be anonymous. This is how you turn it off in Windows.

In general, it's a good idea not to name your machine something like "Bob Fnord's Evil Hacking Box of Doom", or "JoeSmithsLinuxBox".

Under Mac OS, these services can be turned off under the "Sharing" icon in System Preferences. I would turn just about all of those off if I were you.

Under Linux, you can either remove smbd and nmbd from /etc/rcN.d/ or you can run chkconfig smbd off and chkconfig nmbd off. Note that this just prevents the services from starting. To shut them off, run /etc/init.d/smbd stop (and again for nmbd).

FIXME_WIN32: Server and TCP/IP netbios helper? Is netbios EPM?.. Also check snmp.

mDNSResponder (Bounjour/Rendezvous/ZeroConf)

mDNSResponder is Apple's implementation of ZeroConf, which is used to configure your computer on a network automatically. It also can be used to announce information about your iTunes, iPhoto, and iChat profiles. Obviously this may be undesirable. To turn it off:

    [user@machine ~/dir]$ sudo /System/Library/StartupItems/mDNSResponder/mDNSResponder stop

And to re-enable it:

    [user@machine ~/dir]$ sudo /System/Library/StartupItems/mDNSResponder/mDNSResponder start

To permanently disable it, you can erase or move the mDNSResponder directory from the StartupItems folder.

It should be noted there is also an mDNSResponder installed by default on some Linux systems. You probably want to remove it from /etc/rcN.d, or run chkconfig mDNSResponder off. Don't forget you also have to stop it with /etc/init.d/mDNSResponder stop, since chkconfig only removes it from bootup.

An mdnsresponder.exe is also installed with the Windows version of iTunes. You probably want to remove it/rename it so it is not started. You can check with Task Manager or Process Explorer to see if you have a copy running.

UPNP

UPNP is Microsoft's half-assed attempt at a ZeroConf protocol. It basically does the same thing ZeroConf does, and probably should be disabled. Here is a utility to turn it off. Note that you don't need their utility to turn it off. You can go into Control Panel->Administrative Tools->Services and first STOP and then DISABLE the "Universal Plug and Play Device Host" service. Do the same with "SSDP Directory Services".. 

Labels:

Comments

Post a Comment

Popular posts from this blog

How to hack wifi in Windows 7/8/8.1/10 without any software | using with cmd

How to Hack Wifi password using cmd Hello Friends, In this article we will share some tricks that can help you to hack wifi password using cmd. Youcan experiment these trick with your neighbors or friends. It’s not necessarily that this trick will work with every wifi because of upgraded hardware. But you can still try this crack with wifi having old modems or routers. 1: WEP: Wired Equivalent Privacy (WEP) is one of the widely used security key in wifi devices. It is also the oldest and most popular key and was added in 1999. WEP uses 128 bit and 256-bit encryption. With the help of this tutorial, you can easily get into 128-bit encryption and Hack WiFi password using CMD. 2: WAP and WAP2: Wi-Fi Protected Access is an another version of WiFi encryption and was first used in 2003. It uses the 256-bit encryption model and is tough to hack. WAP2 is an updated version of WAP and was introduced in 2006. Since then it has replaced WAP and is now been used mostly in offices and colleges w
35 comments
Read more

സുമതിയെ കൊന്ന വളവ് | The real Story of Sumathi valavu

സുമതി വളവ്.. മൈലമൂട് സുമതിയെ കൊന്ന വളവ് എന്ന് കേട്ടാല്‍ കേള്‍ക്കുന്നവരുടെ മനസ്സ് അറിയാതൊന്ന് കിടുങ്ങുന്നകാലമുണ്ടായിരുന്നു .അത്ര കണ്ട് ഭയമാണ് ഈ സ്ഥലത്തെക്കുറിച്ച് നാട്ടുകാരുടെ മനസ്സില്‍ഒരു കാലത്ത് ഉണ്ടായിരുന്നത്. അറുപത് വര്‍ഷം മുമ്പ് കൊല ചെയ്ത സുമതിയെന്ന ഗര്‍ഭിണിയായ യുവതിയുടെ ആത്മാവ് ഗതി കിട്ടാതെ ഇവിടെ അലഞ്ഞ് തിരിഞ്ഞ് നടക്കുന്നുവെന്ന വിശ്വാസമാണ് ഭയത്തിന് കാരണം. തിരുവനന്തപുരം ജില്ലയില്‍ കല്ലറ പാലോട് റോഡില്‍ മൈലമൂട്ടില്‍ നിന്നും അര കിലോമീറ്റര്‍ ദൂരെ വനത്തിനുള്ളിലെ കൊടും വളവാണ് സുമതിയെ കൊന്ന വളവ് എന്ന സ്ഥലം. ഇവിടെ വച്ചാണ് സുമതി കൊല്ലപ്പെട്ടത്. വനപ്രദേശമായതിനാല്‍ സന്ധ്യ മയങ്ങുമ്പോള്‍ തന്നെ ഇരുട്ടിലാകുന്ന സ്ഥലമാണിത്. ഇടതിങ്ങി വളര്‍ന്ന് നില്‍ക്കുന്ന മരങ്ങളുള്ള റോഡില്‍ ഒരുവശം വലിയ ഗര്‍ത്തമാണ്.ഒപ്പം കാടിന്റെ വന്യമായ വിജനതയും. ഇതിനൊപ്പം പൊടിപ്പും തൊങ്ങലും വച്ച് പ്രചരിയ്കുന്ന കഥകള്‍ കൂടിയാകുമ്പോള്‍ എത്ര ധൈര്യശാലിയായാലും ഈ സ്ഥലത്തെത്തുമ്പോള്‍ സുമതിയുടെ പ്രേതത്തെക്കുറിച്ച് അറിയാതെയെങ്കിലും ഓര്‍ത്ത് പോകും.പ്രത്യേകിച്ചും രാത്രി കാലങ്ങളില്‍. സുമതി മരിച്ചിട്ട് ഇപ്പോള്‍ അറുപത് വര്‍ഷം കഴിഞ്ഞു. എന്നിട്ടു
2 comments
Read more

A Beginner’s Guide to Getting Started with Bitcoin

A man looks for Bitcoin Oasis If you have heard about blockchain or cryptocurrency, then the term that initially comes to mind is Bitcoin . Launched 12 years ago, it was the late 2017 bull run that created a media frenzy that propelled Bitcoin into the mainstream and our modern day lexicon. Often labeled as the “original” cryptocurrency, Bitcoin has been the catalyst (directly and/or indirectly) behind many new innovations in the blockchain and digital asset space, most notably Ethereum and Monero . Shortly after the late 2017 bull run lost its steam, interest in these new technologies started to fade ― but here we are in 2021 with Bitcoin having risen like a phoenix from the ashes. As you would assume, an appetite for the blockchain and digital asset space has returned and now it is more important than ever that we understand what exactly is behind this unique asset, Bitcoin. This article is meant to be a guide for individuals who are new to cryptocurren
Post a Comment
Read more