The IP geo locations were from places like norway, turkey, and of all freaking places the pensions and labor office in warsaw poland. I dont go a day without monitoring everything, in fact, ill spend 8 hours just doing my own security checks some days. Ive reset permissions in terminal again and reconfigured murus to be even more secure and am reading everything i can. L found an exploit with nmap but the hacker deleted the data, he would also leave random non script files on my desktop, likely to freak me out, Mac is a tough nut to crack though but the last thing he did was enable remote login from system preferences, which i check pretty regularly and he some how corrupted my last murus config. Once you find the culprit ip in tcp dump, pretty much anything in the control sector is potentially in your hands. There are good server articles on the web about that. At the end of the day knowing whatt a ddos /dos/ flood attack looks like is crucial. This isnt even one one hundredth of what ive read and done in terminal. Again some commands are taken from unix source to push a person to read up on it. Especially with nmap.Ĭut and paste commands for osx. Murus will cost you a few weeks reading but the stuff ive posted was an effort made in a couple years. But Nmap can reveal massive amounts on your local network.īy far the simplest and easiest thing to do is the NSA guidelines and use Murus. Nmap is too powerful you can get in serious trouble using it the wrong way as hackers use it for brute force attacks and ddos. Little snitch does geo location, but with hackers thats useless. But the general consensus is murus is better. Icefloor is said to be good but murus is said to be better, I tried little snitch and was impressed. Then you need a mac os firewall front end, any decent one isnt a fire wall you dont need a literal fire wall you need control over the power of the unix framework behind osx. Tcpdump (-n(resolves ip addresses/ -p takes it out of promiscuous mode/ -s forces absolute not relative ip resolution) sudo is running as root. I havent added a wireshark part to my regimen yet but you should. but in the end sudo tcpdump -n -p -s is most all of what you need to know youre being hacked. You need to do insane amounts of research on these. Sudo killall -HUP mDNSResponder sudo killall mDNSResponderHelper sudo dscacheutil -flushcache Sudo nmap -sV -Pn -script=http-malware-host 192.168.0.x (your IP address) Sudo ifconfig -a for a rudimentary cut and pasteĮssentially an ipconfig type command that reveals local informationĬhkrootkit scans a mac for rootkits and turns up timed as infected due to apples reprogramming Sudo ifconfig en0 ether openssl rand -hex 6 | sed 's/\(.\)/\1:/g s/.$//' swpied from linux server pages
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |