There was a blocked connection to my box

[daacosta]

Ubuntu doesn't have a firewall installed... So I had to install one... I dlded firestarter and started running it...

Then I saw this on the blocked connections event log:

Code:

Time: Feb 14 03:24:32 Source: 66.120.93.6 Destination: 129.15.167.95 In IF: ppp0 Out IF:  Port: 6101 Length: 48 ToS: 0x00 Protocol: TCP Service: Unknown

Of course, I also looked at the system logs and found this:

Code:

localhost kernel [4383583.233000] Inbound IN=ppp0 OUT= MAC= SRC=129.15.34.24 DST=129.15.167.138 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=63808 PROTO=UDP SPT=2967 DPT=2967 LEN=43

Should I worry?

I am using dial-up...

Oh! Another one!

Code:

Time: Feb 14 03:39:24 Source: 129.15.34.24 Destination: 129.15.167.138 In IF: ppp0 Out IF:  Port: 2967 Length: 63 ToS: 0x00 Protocol: UDP Service: Unknown

My question is, what do I do with this? Is somebody trying to poke around my computer?

* Guess this is another argument for techiemoe against Ubuntu... OK, techie, you were right in considering Ubuntu a piece of crap *

[AlexK]

don't worry if it is blocked, then they saw nothing and could do nothing. I get those messages on my router pretty much every day. What you have to worry about is if someone managed to get through and in that case, it wouldn't show up in the logs....

These are just some random sites trying to see if they can get through and do some mischief, nothing major to worry about.

If your ip address is the 129.xxxxx then the 2nd one just shows you tried to connect to some service and the firewall blocked it.

last I checked, techie seemed to like the latest Ubuntu (sort of)....

[daacosta]

don't worry if it is blocked, then they saw nothing and could do nothing. I get those messages on my router pretty much every day. What you have to worry about is if someone managed to get through and in that case, it wouldn't show up in the logs....

These are just some random sites trying to see if they can get through and do some mischief, nothing major to worry about.

If your ip address is the 129.xxxxx then the 2nd one just shows you tried to connect to some service and the firewall blocked it.

last I checked, techie seemed to like the latest Ubuntu (sort of)....

Ubuntu has certain idiosincracies that a person installing it should be aware of. I wholeheartedly reccomend the review offered in distrowatch only because the author seems to take care of showing the good and the bad points of the distro while showing you how to fix it.

Of course, opinions differ and while techiemoe might not like Ubuntu some other user might [I am still ambivalent...]

I read the manual for firestarter and understood it at last. Now, my problem is that I am not seeing any events of attempting to connect to my box and that sort of freak me...

How can I know if my computer has been attacked and compromised? How do I know that someone changed configuration files and what not?

[AlexK]

If you setup firestarter to ignore or not report packets or something like that, then you won't see the messages.

As for seeing if someone got through, take a look at SNORT, it is an intrusion detection system which is what you might be looking for to complement your firewall.