On Thu, 2008-06-05 at 09:51 +0200, François Patte wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Le 05.06.2008 01:33, Simon Slater a écrit : > | On Wed, 2008-06-04 at 19:31 +0200, François Patte wrote: > | > > |> Someone in Tahiti is scanning your computer.... No danger though! > | I need to learn more about regular security checks and firewalling > | before we get a DSL line. I spotted that IP, didn't know where it came > | from, but at the moment I don't know what is dangerous & what isn't. > | Any pointers to good reading? > > http://en.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html Thanks, looks good. I'll study it after this is working. > > just open services you need and good firewall rules make a good security. > > | Jun 5 09:27:01 ipex kernel: eth0: Setting promiscuous mode. > | Jun 5 09:27:01 ipex kernel: device eth0 entered promiscuous mode > > Have you some "sniffer" running permanently on your computer? > Not that I know of. > | > | I closed down the browsers on the desktop to remove any extra traffic. > | This is typical of what happens when requesting the Internet from the > | laptop. > > Can you simply ping some site from your laptop > > ping google.com > Nothing at all now ( I shut down to connect to a new UPS and restarted). Can ping locally but nothing from the laptop onto the internet. > and see what happens in the log on your desktop: > > tail -f /var/log/messages > > You will the logs while they are recorded in the messages file. > This shows (or doesn't) 5 attempts to reach one site and 5 more on another. [root@ipex ~]# tail -f /var/log/messages Jun 5 20:38:50 ipex pppd[2489]: Connection terminated. Jun 5 20:38:55 ipex pppd[2489]: Exit. Jun 5 20:49:31 ipex pppd[2866]: pppd 2.4.4 started by root, uid 0 Jun 5 20:49:31 ipex pppd[2866]: Using interface ppp0 Jun 5 20:49:31 ipex pppd[2866]: Connect: ppp0 <--> /dev/ttyS0 Jun 5 20:49:38 ipex pppd[2866]: PAP authentication succeeded Jun 5 20:49:39 ipex pppd[2866]: local IP address 59.101.173.16 Jun 5 20:49:39 ipex pppd[2866]: remote IP address 210.8.1.253 Jun 5 20:49:39 ipex pppd[2866]: primary DNS address 203.8.183.1 Jun 5 20:49:39 ipex pppd[2866]: secondary DNS address 192.189.54.33 Jun 5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=67 ID=44130 PROTO=UDP SPT=10638 DPT=1026 LEN=492 Jun 5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65 ID=44131 PROTO=UDP SPT=10638 DPT=1027 LEN=492 Jun 5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65 ID=44132 PROTO=UDP SPT=10638 DPT=1028 LEN=492 Jun 5 20:54:13 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC= SRC=189.71.105.137 DST=59.101.173.16 LEN=78 TOS=0x00 PREC=0x00 TTL=105 ID=32591 PROTO=UDP SPT=62535 DPT=137 LEN=58 Again it looks like someone is looking at this box. But after such a short time connected? -- Regards, Simon -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
