Find the answer to your Linux question:
Results 1 to 4 of 4
Ubuntu doesn't have a firewall installed... So I had to install one... I dlded firestarter and started running it... Then I saw this on the blocked connections event log: Code: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Newbie daacosta's Avatar
    Join Date
    Sep 2005
    Location
    Medellín, Colombia
    Posts
    213

    Exclamation There was a blocked connection to my box


    Ubuntu doesn't have a firewall installed... So I had to install one... I dlded firestarter and started running it...

    Then I saw this on the blocked connections event log:

    Code:
    Time: Feb 14 03:24:32 Source: 66.120.93.6 Destination: 129.15.167.95 In IF: ppp0 Out IF:  Port: 6101 Length: 48 ToS: 0x00 Protocol: TCP Service: Unknown
    Of course, I also looked at the system logs and found this:

    Code:
    localhost kernel [4383583.233000] Inbound IN=ppp0 OUT= MAC= SRC=129.15.34.24 DST=129.15.167.138 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=63808 PROTO=UDP SPT=2967 DPT=2967 LEN=43
    Should I worry?

    I am using dial-up...

    Oh! Another one!

    Code:
    Time: Feb 14 03:39:24 Source: 129.15.34.24 Destination: 129.15.167.138 In IF: ppp0 Out IF:  Port: 2967 Length: 63 ToS: 0x00 Protocol: UDP Service: Unknown
    My question is, what do I do with this? Is somebody trying to poke around my computer?

    * Guess this is another argument for techiemoe against Ubuntu... OK, techie, you were right in considering Ubuntu a piece of crap *
    -D-

    Registered User # 402675

  2. #2
    Linux Guru AlexK's Avatar
    Join Date
    Feb 2005
    Location
    Earth
    Posts
    3,379
    don't worry if it is blocked, then they saw nothing and could do nothing. I get those messages on my router pretty much every day. What you have to worry about is if someone managed to get through and in that case, it wouldn't show up in the logs....

    These are just some random sites trying to see if they can get through and do some mischief, nothing major to worry about.

    If your ip address is the 129.xxxxx then the 2nd one just shows you tried to connect to some service and the firewall blocked it.

    last I checked, techie seemed to like the latest Ubuntu (sort of)....
    Life is complex, it has a real part and an imaginary part.

  3. #3
    Linux Newbie daacosta's Avatar
    Join Date
    Sep 2005
    Location
    Medellín, Colombia
    Posts
    213
    Quote Originally Posted by AlexK
    don't worry if it is blocked, then they saw nothing and could do nothing. I get those messages on my router pretty much every day. What you have to worry about is if someone managed to get through and in that case, it wouldn't show up in the logs....

    These are just some random sites trying to see if they can get through and do some mischief, nothing major to worry about.

    If your ip address is the 129.xxxxx then the 2nd one just shows you tried to connect to some service and the firewall blocked it.

    last I checked, techie seemed to like the latest Ubuntu (sort of)....
    Ubuntu has certain idiosincracies that a person installing it should be aware of. I wholeheartedly reccomend the review offered in distrowatch only because the author seems to take care of showing the good and the bad points of the distro while showing you how to fix it.

    Of course, opinions differ and while techiemoe might not like Ubuntu some other user might [I am still ambivalent...]

    I read the manual for firestarter and understood it at last. Now, my problem is that I am not seeing any events of attempting to connect to my box and that sort of freak me...

    How can I know if my computer has been attacked and compromised? How do I know that someone changed configuration files and what not?

    -D-

    Registered User # 402675

  4. #4
    Linux Guru AlexK's Avatar
    Join Date
    Feb 2005
    Location
    Earth
    Posts
    3,379
    If you setup firestarter to ignore or not report packets or something like that, then you won't see the messages.

    As for seeing if someone got through, take a look at SNORT, it is an intrusion detection system which is what you might be looking for to complement your firewall.
    Life is complex, it has a real part and an imaginary part.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •