Results 1 to 4 of 4
Ubuntu doesn't have a firewall installed... So I had to install one... I dlded firestarter and started running it... Then I saw this on the blocked connections event log: Code: ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 02-14-2006 #1
There was a blocked connection to my box
Then I saw this on the blocked connections event log:
Time: Feb 14 03:24:32 Source: 220.127.116.11 Destination: 18.104.22.168 In IF: ppp0 Out IF: Port: 6101 Length: 48 ToS: 0x00 Protocol: TCP Service: Unknown
localhost kernel [4383583.233000] Inbound IN=ppp0 OUT= MAC= SRC=22.214.171.124 DST=126.96.36.199 LEN=63 TOS=0x00 PREC=0x00 TTL=30 ID=63808 PROTO=UDP SPT=2967 DPT=2967 LEN=43
I am using dial-up...
Oh! Another one!
Time: Feb 14 03:39:24 Source: 188.8.131.52 Destination: 184.108.40.206 In IF: ppp0 Out IF: Port: 2967 Length: 63 ToS: 0x00 Protocol: UDP Service: Unknown
* Guess this is another argument for techiemoe against Ubuntu... OK, techie, you were right in considering Ubuntu a piece of crap *-D-
Registered User # 402675
- 02-15-2006 #2
don't worry if it is blocked, then they saw nothing and could do nothing. I get those messages on my router pretty much every day. What you have to worry about is if someone managed to get through and in that case, it wouldn't show up in the logs....
These are just some random sites trying to see if they can get through and do some mischief, nothing major to worry about.
If your ip address is the 129.xxxxx then the 2nd one just shows you tried to connect to some service and the firewall blocked it.
last I checked, techie seemed to like the latest Ubuntu (sort of)....Life is complex, it has a real part and an imaginary part.
- 02-18-2006 #3Originally Posted by AlexK
Of course, opinions differ and while techiemoe might not like Ubuntu some other user might [I am still ambivalent...]
I read the manual for firestarter and understood it at last. Now, my problem is that I am not seeing any events of attempting to connect to my box and that sort of freak me...
How can I know if my computer has been attacked and compromised? How do I know that someone changed configuration files and what not?
Registered User # 402675
- 02-18-2006 #4
If you setup firestarter to ignore or not report packets or something like that, then you won't see the messages.
As for seeing if someone got through, take a look at SNORT, it is an intrusion detection system which is what you might be looking for to complement your firewall.Life is complex, it has a real part and an imaginary part.