iptables help needed

Simon Slater pyevet at aapt.net.au
Thu Jun 5 11:00:31 UTC 2008


On Thu, 2008-06-05 at 09:51 +0200, François Patte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Le 05.06.2008 01:33, Simon Slater a écrit :
> | On Wed, 2008-06-04 at 19:31 +0200, François Patte wrote:
> |
> 
> |> Someone in Tahiti is scanning your computer.... No danger though!
> | I need to learn more about regular security checks and firewalling
> | before we get a  DSL line. I spotted that IP, didn't know where it came
> | from, but at the moment I don't know what is dangerous & what isn't.
> | Any pointers to good reading?
> 
> http://en.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html

Thanks, looks good.  I'll study it after this is working.
> 
> just open services you need and good firewall rules make a good security.
> 
> | Jun  5 09:27:01 ipex kernel: eth0: Setting promiscuous mode.
> | Jun  5 09:27:01 ipex kernel: device eth0 entered promiscuous mode
> 
> Have you some "sniffer" running permanently on your computer?
> 
Not that I know of.
> |
> | I closed down the browsers on the desktop to remove any extra traffic.
> | This is typical of what happens when requesting the Internet from the
> | laptop.
> 
> Can you simply ping some site from your laptop
> 
> ping google.com
> 
Nothing at all now ( I shut down to connect to a new UPS and restarted).
Can ping locally but nothing from the laptop onto the internet.
> and see what happens in the log on your desktop:
> 
> tail -f /var/log/messages
> 
> You will the logs while they are recorded in the messages file.
> 
This shows (or doesn't) 5 attempts to reach one site and 5 more on
another.

[root at ipex ~]# tail -f  /var/log/messages
Jun  5 20:38:50 ipex pppd[2489]: Connection terminated.
Jun  5 20:38:55 ipex pppd[2489]: Exit.
Jun  5 20:49:31 ipex pppd[2866]: pppd 2.4.4 started by root, uid 0
Jun  5 20:49:31 ipex pppd[2866]: Using interface ppp0
Jun  5 20:49:31 ipex pppd[2866]: Connect: ppp0 <--> /dev/ttyS0
Jun  5 20:49:38 ipex pppd[2866]: PAP authentication succeeded
Jun  5 20:49:39 ipex pppd[2866]: local  IP address 59.101.173.16
Jun  5 20:49:39 ipex pppd[2866]: remote IP address 210.8.1.253
Jun  5 20:49:39 ipex pppd[2866]: primary   DNS address 203.8.183.1
Jun  5 20:49:39 ipex pppd[2866]: secondary DNS address 192.189.54.33
Jun  5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=67
ID=44130 PROTO=UDP SPT=10638 DPT=1026 LEN=492
Jun  5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65
ID=44131 PROTO=UDP SPT=10638 DPT=1027 LEN=492
Jun  5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65
ID=44132 PROTO=UDP SPT=10638 DPT=1028 LEN=492
Jun  5 20:54:13 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=189.71.105.137 DST=59.101.173.16 LEN=78 TOS=0x00 PREC=0x00 TTL=105
ID=32591 PROTO=UDP SPT=62535 DPT=137 LEN=58

Again it looks like someone is looking at this box.  But after such a
short time connected?


-- 
Regards,
Simon





More information about the fedora-list mailing list