incoming connections are not being reported to my /var/log/secure. I can't see if people are trying to connect. I can't troubleshoot because I can't do anything.
View 5 RepliesIts been really bugging me that whenever I scan my connection with wireshark I see this one person sending me a SYN packet every minute on port 445. I know this is the dangerous port that the Conficker worm travels along. So far my computer seems to be immune and I know, at least on the Linux side that I can just add a rule to my ip tables to block that port indefinitely. I want to know what the next step is.
00 0c 41 b2 e4 1d 00 11 09 b2 2f 0e 08 00 45 00
00 30 91 84 40 00 80 06 d1 c7 46 4f 86 29 XX XX
XX XX 10 43 01 bd 9e 23 d6 27 00 00 00 00 70 02
ff ff 65 58 00 00 02 04 05 b4 01 01 04 02
This is one of the packet captures I am getting. After sending me this and getting no reply, all of a sudden he goes up an ip. Basically this would be the pseudocode for what it looks like hes doing on my end.
while(1){
for(int i = 1; i != 255; i++){
send_connection_attempt("XX.XX.XX." + i);
}
}
To me this looks like this guy has hijacked a computer and is using it to run a script over. He is still scanning my network as I said earlier, what should I do? Should I contact my ISP? or just nail down the hatches and make sure nothing is exposed on my network?
I need some suggestions on software. I would like to offer remote desktop support to some of our clients, but some of them are using ISP's that block incoming connections so, VNC is out of the question. I was wondering if there is something similar to logmein for ubuntu?
View 1 Replies View RelatedI'm trying to get VNC working but I'm getting this error message:
Quote:
ssh: connect to host my_ip_address port 22: Connection refused
When typing:
Quote:
ssh -f -L 5900:localhost:5900 user@my_ip_address x11vnc -safer -localhost -nopw -once -display :0 && sleep 5 && vncviewer localhost:0
I'm trying to follow the instructions here: [URL] but I'm struggling with point 2 & 3:
Quote:
2. If you have previously reconfigured the firewall on your PC, make sure the firewall allows incoming connections on port 22 from anywhere, and on port 5900 from localhost (also known as 127.0.0.1)
3. If your PC is behind a home router, or any other device that uses NAT, configure your router to send connection attempts on port 22 (but not port 5900) to your PC
So my questions are:
1. I installed a fresh version of Ubuntu 11.4, should I be concerned about step 2? If so, how can I allow incoming connections on port 22 from anywhere, and on port 5900 from localhost?
2. Regarding step 3, I'm using NETGEAR model DGN1000 router. Is that something that I should do from the router's setting page or it's some commands that I should pass through SSH?
I want to allow 100 incoming connections to my linux server running smtp. I know that tcpserver -c will set the limit of allowed incoming connections, but how can I tell what the currently set limit is?
View 4 Replies View RelatedMy question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
View 1 Replies View RelatedI'm using Linux Mint 8 KDE, which is essentially kubuntu karmic.
Been trying to set up bittorrent (tried several different apps), have followed all the usual steps, forwarded ports on both Guarddog and my router, but still no incoming connections. Then tried disabling the firewall in Guarddog - still no incoming connections. Never had any problems configuring my router before so can only think that there must be something else blocking ports in linux other than iptables.Also had same problem just using ufw and gufw
I have a bunch of Ubuntu boxes on one subnet, 192.168.1.0. I have a Windows 7 box on another subnet, 192.168.2.0. I am able to ping and SSH to all servers on the .1 subnet except for one server, which I will call PITA. I will attempt to SSH to PITA, and it won't respond, nor does it respond to pings. I will the SSH to PITA from another of the test servers, successfully connect, and then when I SSH from my Windows 7 machine I can connect successfully. If I first connect via console to PITA and send some pings out (to anywhere, like 4.2.2.2), I can also connect from my Windows 7 machine. I've never seen anything like this.
One of the weird things is that I used PITA to create an image that I then used to create many of the other test servers, and they work fine, so I'm not sure what the problem is. I've checked /var/log/messages and syslog and there's nothing in them that indicates a problem. I've rebooted this server, restarted SSH, changed the IP in case it was conflicting with something else, forced an ARP update in case it was cached (since I had bonded the interfaces), cleared the ARP cache on my own machine, verified Network Manager is not installed...and I still have this issue.
Here are some network-related config:
/etc/network/interfaces
Quote:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
[code]....
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedFC15,Dovecot start is ok,when test,just error: telnet 192.168.1.20 110 +OK Dovecot ready. user test -ERR Plaintext authentication disallowed on non-secure <SSL/TLS> connections.
View 14 Replies View RelatedI have a server that I can only access via SSH (it's located far away) and I would like to secure it by blocking all ports except the ones that I need (which are HTTP and SSH). I still want to be able to make outgoing connections to enable software updates and other things.This is my iptables -L -n :
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:1:21
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:23:79
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:81:65535
code....
In my opinion, this should block all incoming packets except the ones on port 80 and 22, but allow responses to outgoing connections. But a wget http://google.com does not work, it can't establish the connection.
Maybe this is not the best style for iptables rules, but I want to be absolutely sure to not accidently lock myself out from SSH, so I chose not to configure a "block-everything rule".
Does this configuration not enable incoming packets from connections initiated from inside?
I recently installed Fedora 15 now, and during installation I set the internet connection manually, then did update and after reboot, the internet connection settings have been removed. Now I can not set because the network connection to the Internet Connection is inactive. I mention that before the update was functional internet connection.
View 5 Replies View Relatedhave a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
View 1 Replies View RelatedI installed Fedora 15 twice last night because I thought I had screwed up the installation somehow when I ran a df -h and found that it reported all my LVM partitions twice (/, /home, and /var) and it also showed /var/tmp mounted on the same logical volume that /var was mounted on (lv02 = /var AND lv02=/var/tmp). I've never seen this before and it definitely didn't appear like this in Fedora 14. Is this something new to Fedora 15?
View 2 Replies View RelatedI've ran "powertop" on my computer and it showed horrible amount of wake-ups per second:
Code:
Cn Avg residency P-states (frequencies)
C0 (cpu running) (26.7%) 2.81 Ghz 100.0%
polling 0.0ms ( 0.0%) 1400 Mhz 0.0%
C1 16.2ms (60.5%) 1050 Mhz 0.0%
C2 0.0ms (12.8%) 700 Mhz 0.0%
350 Mhz 0.0%
Wakeups-from-idle per second : 63944.8 interval: 5.0s
no ACPI power usage estimate available
Top causes for wakeups:
45.1% ( 15.6) <interrupt> : pata_atiixp
26.0% ( 9.0) <kernel core> : hrtimer_start_range_ns (tick_sched_timer)
9.2% ( 3.2) <kernel core> : hrtimer_start (tick_sched_timer)
5.8% ( 2.0) <kernel core> : add_timer_on (clocksource_watchdog)
1.7% ( 0.6) <interrupt> : ohci_hcd:usb4, radeon, yenta
1.7% ( 0.6) Xorg : queue_delayed_work (delayed_work_timer_fn)
Suggestion: increase the VM dirty writeback time from 5.00 to 15 seconds with:
Echo 1500 > /proc/sys/vm/dirty_writeback_centisecs
This wakes the disk up less frequently for background VM activity
Q - Quit R - Refresh W - Increase Writeback time
If I wait it decreases to 50000, but it is still huge!
Situation is duplicated after complete F12 re-install. All defaults are used and no changes performed after install. Just checked again and let computer run idle for a while. Powertop reports 79604 wake-up per second, even more than before. Again, the top cause is "pata_atiixp". Also, performing suggestions of powertop shown at the bottom of the program does not help either. That decreases wake-up by a few hundreds only. Wake-ups are still well over 50000.
I have two HP Quard core high end server.
OS : Red Hat Enterprise Linux Server release 5.2 (Tikanga)
Kernel : kernel-2.6.18-92.el5
From last couple of days I found entry in dmesg:
Should require KERNEL upgradation.?
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
i'm using Thunderbird as mailclient.n i receive a new mail, i want TB to run an application (which blinks my notebook-keyboardlight ).Is there a way to do that?And btw. does someone know, how to minimize TB 3 in the systray of gnome (Fedora 12)?to get the mailnotification icon in the systray?
View 2 Replies View Relatedduplicate ip, my mistakewhen logged into a fc12 server with ssh, and a node tried to connect to the server using ftp...
View 1 Replies View RelatedBefore explaining the problem, I have to draw the environment. Because of post size limitations, I'll have to break this post in more than one entry.
Physical view
Code:
+--------+ +---+
|storage1|-----| |
+--------+ | s |
| w |
+--------+ | i | +-------+
|router2 |-----| t |-----|router1|--->Internet
+--------+ | c | +-------+
| h |
+--------+ | 8 |
|router3 |-----| |
+--------+ +---+
Device details
[Code]....
I have installed fedora13 OS on it recently,earlier it has both windows and linux but now only fedora13. My laptop's harddisk has probably some bad sectors and a software package "Automatic Bug Reporting Tool" has reported kernel crash,gnome-panel crash. I reported them upto some extent but in totality all I can't report. How to deal with it, why is it happening, and will it be harmful for any part like CPU,RAM,HardDisk of my laptop?
View 1 Replies View RelatedIs it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
View 3 Replies View RelatedRecently did a fresh install of F12, previously used F11 without any problems. Now Evolution move ALL received messages to trash automatically. I have had to make rules to move each e-mail to the inbox but still all incoming messages go straight to Trash.
View 3 Replies View RelatedIn the upcoming days I will be formatting my F14 box and switching to F15. Now I have offered a friend to use some of my storage (8TB) as a ackup for her personal files/photos. I want to set it up so that she can be sure she is the only one having acces to it (so not even I can read them as root).How can I set this up. encryption? account configuration?
Most likely she will upload via secure FTP.She trusts me, but I want to provide her with the piece of mind that it is not accessible by anyone but her.
wel thanx 4that... can any one tell me how to use ioncube on fedora to secure my php code?
View 3 Replies View RelatedAre the default firewall settings of F10 without any modification, sufficiently secure for general usage and to bridge the timeframe between a fresh installation of F10 and the time before the security updates are applied?imilar to how Windows firewall is set without any configuration, or do I need manually configure it to be somewhat secure, or something like Firestarter.
View 14 Replies View RelatedHow to secure the Home folder. I forgot what the script was?
Something like chmod 0700 $HOME. Is that right? I'm just not sure.
An unsuccessful login via a tty by a known user and an unknown user will generate an almost exact line in /var/log/secure with the exception of the last field. To see this specifically do Ctrl-Alt-F2, for example. Now login with a known user and log out. Next attempt a login with a bogus user name which fails. Go back to your GUI enviroment (Ctrl-Alt-F7) and then tail /var/log/secure. For the known user the last field will be "user=some_name_here. The unknown user will not have a "user=" field.
How do I capture the two via different variables in bash?
For example: KNOWN_USER=`syntax that finds the user= field.` echo There is a user= field and the user is mmouse.
UNKNOWN_USER=`syntax that does NOT find the user= field` echo There is NO user= field and an unknown user tried to login.
If been exploring using sed to grab (or not grab) that last field, but haven't hit upon the right syntax yet.
ok so the router works in windows and i know the config details of it.i can see other wifi access points in the area but not my one. i have tried joining it as a "hidden network" to no avail.is there any reason why fedora would not detect my own wifi when it detects substantially weaker signals instead??
View 2 Replies View RelatedI have noticed this now for the 125 time that when you mount a volume and use mount to see if it is ro or rw, it says rw, but actually is read only.
Why is mount reporting it wrong?
systema3:/vol/mysql_vo2 on /mnt/mysql2 type nfs (rw,addr=192.168.10.82)
vs
failed to change ownership of `/mnt/mysql2/.snapshot/hourly.5/v240-2-bin.058' to mysql:mysql
chown: changing ownership of `/mnt/mysql2/.snapshot/hourly.5': Read-only file system