iptables help needed
Simon Slater
pyevet at aapt.net.au
Thu Jun 5 11:00:31 UTC 2008
On Thu, 2008-06-05 at 09:51 +0200, François Patte wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Le 05.06.2008 01:33, Simon Slater a écrit :
> | On Wed, 2008-06-04 at 19:31 +0200, François Patte wrote:
> |
>
> |> Someone in Tahiti is scanning your computer.... No danger though!
> | I need to learn more about regular security checks and firewalling
> | before we get a DSL line. I spotted that IP, didn't know where it came
> | from, but at the moment I don't know what is dangerous & what isn't.
> | Any pointers to good reading?
>
> http://en.tldp.org/HOWTO/Security-Quickstart-HOWTO/index.html
Thanks, looks good. I'll study it after this is working.
>
> just open services you need and good firewall rules make a good security.
>
> | Jun 5 09:27:01 ipex kernel: eth0: Setting promiscuous mode.
> | Jun 5 09:27:01 ipex kernel: device eth0 entered promiscuous mode
>
> Have you some "sniffer" running permanently on your computer?
>
Not that I know of.
> |
> | I closed down the browsers on the desktop to remove any extra traffic.
> | This is typical of what happens when requesting the Internet from the
> | laptop.
>
> Can you simply ping some site from your laptop
>
> ping google.com
>
Nothing at all now ( I shut down to connect to a new UPS and restarted).
Can ping locally but nothing from the laptop onto the internet.
> and see what happens in the log on your desktop:
>
> tail -f /var/log/messages
>
> You will the logs while they are recorded in the messages file.
>
This shows (or doesn't) 5 attempts to reach one site and 5 more on
another.
[root at ipex ~]# tail -f /var/log/messages
Jun 5 20:38:50 ipex pppd[2489]: Connection terminated.
Jun 5 20:38:55 ipex pppd[2489]: Exit.
Jun 5 20:49:31 ipex pppd[2866]: pppd 2.4.4 started by root, uid 0
Jun 5 20:49:31 ipex pppd[2866]: Using interface ppp0
Jun 5 20:49:31 ipex pppd[2866]: Connect: ppp0 <--> /dev/ttyS0
Jun 5 20:49:38 ipex pppd[2866]: PAP authentication succeeded
Jun 5 20:49:39 ipex pppd[2866]: local IP address 59.101.173.16
Jun 5 20:49:39 ipex pppd[2866]: remote IP address 210.8.1.253
Jun 5 20:49:39 ipex pppd[2866]: primary DNS address 203.8.183.1
Jun 5 20:49:39 ipex pppd[2866]: secondary DNS address 192.189.54.33
Jun 5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=67
ID=44130 PROTO=UDP SPT=10638 DPT=1026 LEN=492
Jun 5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65
ID=44131 PROTO=UDP SPT=10638 DPT=1027 LEN=492
Jun 5 20:53:47 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=24.64.147.96 DST=59.101.173.16 LEN=512 TOS=0x00 PREC=0x00 TTL=65
ID=44132 PROTO=UDP SPT=10638 DPT=1028 LEN=492
Jun 5 20:54:13 ipex kernel: [IPTABLES DROP] : IN=ppp0 OUT= MAC=
SRC=189.71.105.137 DST=59.101.173.16 LEN=78 TOS=0x00 PREC=0x00 TTL=105
ID=32591 PROTO=UDP SPT=62535 DPT=137 LEN=58
Again it looks like someone is looking at this box. But after such a
short time connected?
--
Regards,
Simon
More information about the fedora-list
mailing list