Re: iptables help needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2008-06-05 at 09:51 +0200, François Patte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Le 05.06.2008 01:33, Simon Slater a écrit :
> | On Wed, 2008-06-04 at 19:31 +0200, François Patte wrote:
> |
> 
> |> Someone in Tahiti is scanning your computer.... No danger though!
> | I need to learn more about regular security checks and firewalling
> | before we get a  DSL line. I spotted that IP, didn't know where it came
> | from, but at the moment I don't know what is dangerous & what isn't.
> | Any pointers to good reading?
> 
> http://en.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html

Thanks, looks good.  I'll study it after this is working.
> 
> just open services you need and good firewall rules make a good security.
> 
> | Jun  5 09:27:01 ipex kernel: eth0: Setting promiscuous mode.
> | Jun  5 09:27:01 ipex kernel: device eth0 entered promiscuous mode
> 
> Have you some "sniffer" running permanently on your computer?
> 
Not that I know of.
> |
> | I closed down the browsers on the desktop to remove any extra traffic.
> | This is typical of what happens when requesting the Internet from the
> | laptop.
> 
> Can you simply ping some site from your laptop
> 
> ping google.com
> 
Nothing at all now ( I shut down to connect to a new UPS and restarted).
Can ping locally but nothing from the laptop onto the internet.
> and see what happens in the log on your desktop:
> 
> tail -f /var/log/messages
> 
> You will the logs while they are recorded in the messages file.
> 
This shows (or doesn't) 5 attempts to reach one site and 5 more on
another.

[root@ipex ~]# tail -f  /var/log/messages
Jun  5 20:38:50 ipex pppd[2489]: Connection terminated.
Jun  5 20:38:55 ipex pppd[2489]: Exit.
Jun  5 20:49:31 ipex pppd[2866]: pppd 2.4.4 started by root, uid 0
Jun  5 20:49:31 ipex pppd[2866]: Using interface ppp0
Jun  5 20:49:31 ipex pppd[2866]: Connect: ppp0 <--> /dev/ttyS0
Jun  5 20:49:38 ipex pppd[2866]: PAP authentication succeeded
Jun  5 20:49:39 ipex pppd[2866]: local  IP address 59.101.173.16
Jun  5 20:49:39 ipex pppd[2866]: remote IP address 210.8.1.253
Jun  5 20:49:39 ipex pppd[2866]: primary   DNS address 203.8.183.1
Jun  5 20:49:39 ipex pppd[2866]: secondary DNS address 192.189.54.33
Jun  5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=67
ID=44130 PROTO=UDP SPT=10638 DPT=1026 LEN=492
Jun  5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65
ID=44131 PROTO=UDP SPT=10638 DPT=1027 LEN=492
Jun  5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65
ID=44132 PROTO=UDP SPT=10638 DPT=1028 LEN=492
Jun  5 20:54:13 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=189.71.105.137 DST=59.101.173.16 LEN=78 TOS=0x00 PREC=0x00 TTL=105
ID=32591 PROTO=UDP SPT=62535 DPT=137 LEN=58

Again it looks like someone is looking at this box.  But after such a
short time connected?


-- 
Regards,
Simon


-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux