Find the answer to your Linux question:
Results 1 to 2 of 2
Hey, Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below: I'm not even going to bother covering the IP ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Dec 2008
    Posts
    35

    Firestarter is blocking so many connection attempts. How to analyse?


    Hey,

    Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below:



    I'm not even going to bother covering the IP addresses because I personally don't see why I should care but as you can see, there has been loads of them attempting to connect to ports 3674 - 3675. I ran nmap 127.0.0.1 and it came back as 631 being the only one open. So then I thought maybe lsof -i would mention much more but all it shown was:

    @boris:~$ cat meh
    COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
    cupsd 1644 root 5u IPv6 14329 0t0 TCP localhost:ipp (LISTEN)
    cupsd 1644 root 6u IPv4 14330 0t0 TCP localhost:ipp (LISTEN)
    kmess 2430 garry 25u IPv4 90196 0t0 TCP Henry.home:60020->by2msg4020412.phx.gbl:msnp (ESTABLISHED)
    dhclient 2628 root 5u IPv4 11084 0t0 UDP *:bootpc
    perl 7951 garry 3u IPv4 86223 0t0 TCP Henry.home:58891->bartol.freenode.net:ircd (ESTABLISHED)
    perl 8248 garry 3u IPv4 86221 0t0 TCP Henry.home:53212->anthony.freenode.net:ircd (ESTABLISHED)
    flock-bin 9150 garry 22u IPv4 93424 0t0 TCP Henry.home:53250->212.140.233.199:www (ESTABLISHED)
    flock-bin 9150 garry 61u IPv4 97114 0t0 TCP Henry.home:35590->ww-in-f17.1e100.net:https (ESTABLISHED)
    flock-bin 9150 garry 62u IPv4 93390 0t0 TCP Henry.home:45306->63.135.86.24:www (ESTABLISHED)
    flock-bin 9150 garry 65u IPv4 92998 0t0 TCP Henry.home:53187->212.140.233.199:www (ESTABLISHED)
    flock-bin 9150 garry 74u IPv4 92999 0t0 TCP Henry.home:53188->212.140.233.199:www (ESTABLISHED)
    flock-bin 9150 garry 78u IPv4 93038 0t0 TCP Henry.home:53191->212.140.233.199:www (ESTABLISHED)
    flock-bin 9150 garry 81u IPv4 93069 0t0 TCP Henry.home:54010->212.140.233.207:www (ESTABLISHED)
    flock-bin 9150 garry 82u IPv4 93048 0t0 TCP Henry.home:53193->212.140.233.199:www (ESTABLISHED)
    flock-bin 9150 garry 83u IPv4 93049 0t0 TCP Henry.home:53194->212.140.233.199:www (ESTABLISHED)
    flock-bin 9150 garry 84u IPv4 93050 0t0 TCP Henry.home:53195->212.140.233.199:www (ESTABLISHED)
    irssi 11383 garry 3u IPv4 89811 0t0 TCP Henry.home:57920->leguin.acc.umu.se:ircd (ESTABLISHED)
    ...and nothing about the ports in the Firestarter window. As you can probably guess, I'm not so familiar with the terminal commands, especially when it comes to networking.

    But also, the last two external connection blocks in the Firestarter window. I checked my router's DHCP and it says that I'm the only one connected and that is the IP the router has assigned to me for my internal network IP so I was wondering if somebody could suggest what that may be?

    But in total, is there anything I can do which can help me analyse these attacks and exactly what is happening a little bit more in-depth rather than it blocked an attack from IP=*, Protocol=*, Service=*?

    Thanks.

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Someone is probing your system thinking there is something open on those 2 ports. Might be in the windows world, don't know. As to the last 2 "192.168.1.254" ip addresses can be spoofed and that is what is happening here. If you are running no external accessable apps then you should be blocking everything. If you want to analyze this further then start google'ing for the port and maybe the ip address. I would not waste my time if the ports are not open to the public.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •