Possible Virus Infection (solved)

For questions regarding system and application security
Forum rules
Post Reply
Message
Author
User avatar
siamhie
Global Moderator
Posts: 3452
Joined: Fri Aug 20, 2021 5:45 pm

Re: Possible Virus Infection

#11 Post by siamhie »

atomick wrote: Sat Jul 05, 2025 10:22 am
Shame we lost /dev/tcp command from the distro.
Try this

Code: Select all

/proc/net/tcp
This is my Fluxbox . There are many others like it, but this one is mine. My Fluxbox is my best friend. It is my life.
I must master it as I must master my life. Without me, my Fluxbox is useless. Without my Fluxbox, I am useless.
Top
User avatar
atomick
Posts: 149
Joined: Tue Jan 30, 2024 11:16 pm

Re: Possible Virus Infection

#12 Post by atomick »

thank you siamhie : at find of a script and cmdline used "ago" won't say along time ago in a ... but use the cmd fair bit eg:

Code: Select all

   (echo >/dev/tcp/localhost/22) &>/dev/null && echo "TCP port 22 open" || echo "TCP port 22 close"
replacing via

Code: Select all

  (echo >/proc/net/tcp/localhost/22) &>/dev/null && echo "TCP port 22 open" || echo "TCP port 22 close"
Believe I tried this when I ran a  sudo find -xdev -type f -name "tcp" -print   # Time I found /dev/tcp to be moved -yes- results showed /proc/net/"tcp"
As well just for fun tried replace my prev ScanPorts Script and wrapper to run thru various ports and finding the /proc/net/tcp does not function and Results are all the same.
/proc and content is set kernel direct. And the well some things can be changed "echo changed" per next - a quick

cd /proc/net then performing as root user not sudo.

Code: Select all

    file tcp  # result was "Empty" 
ls -lat                  # Also shows all files in this directory are all "Zero (0) byte " in size meaning no value usage. ? 

dr-xr-xr-x  6 root root 0 Jul  5 12:24 stat/
-r--r--r--  1 root root 0 Jul  5 12:24 tcp
-r--r--r--  1 root root 0 Jul  5 12:24 tcp6
-r--r--r--  1 root root 0 Jul  5 12:24 udp
-r--r--r--  1 root root 0 Jul  5 12:24 udp6
-r--r--r--  1 root root 0 Jul  5 12:24 udplite
-r--r--r--  1 root root 0 Jul  5 12:24 udplite6
-r--r--r--  1 root root 0 Jul  5 12:24 unix
                               ^^  - all column  
ls -lat | awk '{print $5}'    # nice column of all 0's
stat directory all files also again zero byte empty ? Both MX-23.6-ahs and virtualbox iso copy of same image. same source
Think I deduced Sorry to have seen /dev/tcp distro removed. and possibly more research to see about a recover or new pkg addition.
I use nmap in place of as another app to install. PS: I use a different ssh port than 22 but the example is easy to relate let alone translate too cmdln syntax shown:

Cheers and thank you.. we all learn Happy July 4th/5th from greater nord d'blanc. (white north).
Top
User avatar
atomick
Posts: 149
Joined: Tue Jan 30, 2024 11:16 pm

Re: Possible Virus Infection

#13 Post by atomick »

funny pre-examples of /dev/tcp - in retesting and do not know if adding a new app tcpflow
may have helped and the way /proc/net/tcp is similar Directory format and content as /dev
much to my surprise - the command worked in checking my own local host for ssh port "22" as open or closed.

food for thought. Surprises and the many ways Linux helps to skin an issue. Learn something everyday.
yet a great deal of info with hope it inspires more to dig into things learn what is under the hood. cheers.
Top
User avatar
outlaw
Posts: 33
Joined: Thu Jul 13, 2006 6:35 pm

Re: Possible Virus Infection

#14 Post by outlaw »

Unfortunately this problem has been resolved ... the laptop has died and is not worth repairing.

Outlaw
"It has been my experience that folks who have no vices have very few virtues." --Abraham Lincol
Top
Post Reply

Return to “Security”