General :: Port Scanning Attack Displayed At Interactive Firewall
May 17, 2011
Got 3 computers connected by ethernet to a router modem. At this router modem only port 80 is forwarded to a web server (one of the 3 computers). Now I realized several times a port scanning attack displayed at interactive firewall of Webserver ( Apache at Mandriva LINUX ). Actually the message is port scanning attempt of heanet (actually this names are different mostly). I wonder how to figure out is this portscanning attack possible through port 80 or is the modemrouter (Draytek VIGOR) misconfigured, compromised or one of the other 2 machines (Windows) are compromised and attacking the server inside intranet?
View 2 Replies
ADVERTISEMENT
Aug 24, 2010
I wish to prevent some programs from "phoning home", and to allow other programs to access only specific web servers.Is there any way to interactively allow or decline outbound communication from individual programs on Ubuntu?
View 4 Replies
View Related
Aug 26, 2009
I want to open port 2700 on my firewall but I don't know how I try with Code:iptables -A INPUT -i eth0 -p tcp --sport 2700 -m state --state ESTABLISHED -j ACCEPT But the port is not open I see the firewall configuration with the command setup . I use CentOS 5.3 here a screen of my configuration :http://upbg.net/out.php/i3537_sshot3.pngCurrently my firewall is off because I don't know how to turn on 2700 when the port is open I will turn on firewall .If I write 2700 in other ports field will 2700 be open ? Before 1 month I try but the port was not open . I have only 1 last question will firewall reduce the load of the my server now mysql use many CPU % and I just don't know why
View 14 Replies
View Related
Aug 5, 2011
I'm running 10.04 LTS Desktop and I'm wondering if there any default packages that are automatically scanning for hosts? I'm on a university network and they're really touchy about any computers scanning ports/hosts and they keep disabling my computer. I'm just wondering if there's anything like that installed by default - maybe some of the zeroconf stuff?
View 2 Replies
View Related
Nov 18, 2010
I run SSH on a publicly open server and see following attempts in /var/log/auth.log which I was told by some one could be port scanning attempts.(Not sure though)
Code:
Nov 18 23:50:19 server sshd[21716]: Did not receive identification string from 186.0.80.197
Nov 19 00:05:57 server sshd[24056]: Did not receive identification string from 85.108.110.66
How can I block above such attempts?
View 11 Replies
View Related
Aug 5, 2009
If I forward port 80 to port 3128 for squid with an iptable rule, does port 3128 have to be open on the firewall or is this all routed behind the firewall?
View 4 Replies
View Related
Apr 17, 2011
I want to open the port 18680 on my remote Fedora 14 machine. I didsudo iptables -I INPUT -p tcp --dport 18680 -m state --state NEW,ESTABLISHED -j ACCEPTsudo iptables -I OUTPUT -p tcp --sport 18680 -m state --state ESTABLISHED -j ACCEPTsudo service iptables saveThe status returned is OK.I have also opened the port on my security group on Amazon. Also, I rebooted the machine.When I use the browser to view the application running at port 18680 the browser cannot connect.
View 1 Replies
View Related
Feb 18, 2010
nmap is showing a port as closed. I have the firewall stopped on both hosts.It shows as closed on localhost as well.The process that's listening to that port is not started from xinetd so i doubt hosts.allow/deny is the issue.I can't help but feel that I'm forgetting some other access control mechanism.Both hosts are RHEl5.4
View 3 Replies
View Related
Oct 4, 2010
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new
writing own Intrusion Detection System? I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all). I was reading aboud SNORT HIDS, NIDS... AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
View 1 Replies
View Related
Oct 4, 2010
Is possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all). I was reading aboud SNORT HIDS, NIDS... AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
View 1 Replies
View Related
Jun 6, 2010
I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.
View 5 Replies
View Related
Apr 21, 2010
I have a small home-office network. On that network I have two linux computers, one is a client the other a server.
On the server I have NFS Server setup and mount some NFS exports on the client computer.
On the server I have the firewall on and here it becomes a little tricky.
Since both the server and the client connect to the router the interface (eth1) is theoretically both an internal & external zone.
The router is commercial grade and therefore has a good firewall on it which is also setup. Therefore the firewall on the server is really more of a backup than a necessity. But that's fine, and by having the server's firewall on 'fail2ban' is able to work which I like to have working so I don't want to just turn off the server firewall even though I have good security from the router.
However, when I turn on the server's firewall, the client computer cannot see the NFS server when scanning for server -- done by: clicking on "Choose" next to "NFS Server Hostname" when adding an NFS share in the NFS Client in YaST. Clearly something is being blocked even though I have both "NFS Client" and "NFS Server Service" allowed in the server firewall. The Firewall config. files for these are below.
The Firewall configuration is pretty much "out of the box". That is I have the services I need opened up for the external zone, the other zones are left at their default which means the internal zone, although not used (i.e.: attached to any interface), is completely open.
The perfect solution I guess would be to setup my client computer to connect through a different NIC (perhaps eth0), make that the "Internal Zone" and therefore allow all traffic through to it while still blocking the server from the external zone. However, I cannot make that physical change to my network for now so I am looking for an in between (non-perfect) solution.
In this case I am guessing that means opening up extra NFS ports to the external zone so I have full NFS functionality. I don't mind this because like I said, the router firewall is the main line of defense anyway.
So, given all of the above could someone tell me what I would need to additionally open up in the server firewall to make the NFS server detection work on the client while the firewall was on. Or, if you have a cleverer/better solution without me changing my physical network that would be great.
Hopefully I have written this in enough detail and clearly enough so that all the parameters are clear but if not, feel free to ask me what you like and I'll try to make it clear.
Code:
## Description: Firewall Configuration for NFS kernel server.
#
# Only the variables TCP, UDP, RPC, IP and BROADCAST are allowed.
# More may be supported in the future.
code....
View 6 Replies
View Related
Sep 23, 2010
Red Hat Enterprise Linux 5.5 I want to script to run dual screens if the port of the screen displayed in
View 2 Replies
View Related
Jan 28, 2010
i have to deal with reverse proxy issue and want to access few LAN devices having port 5900 and 9999, what exact steps i have to follow to allow this port in fedora firewall.
View 3 Replies
View Related
Sep 3, 2009
I have a problem sending of file attachment using Instant Messengeri have a firewall using firestarter, if i used outside firewall they can able to recieve my file in instant meesenger but if i used firestarter it always cancelled my sending of file attachment....
View 3 Replies
View Related
Jul 17, 2010
I just installed Mandriva 2010 and set up the interactive firewall via the MLCC. I set it up not to allow any services to connect (didn't check any boxes). However, when I check my system using a port scanner (shields up at www.grc.com) it says that port 23 is open. Does anyone know why this would be and how I can close it When I look at the daemons running I notice that iptables and ip6tables are 'stopped' although shorewall is running - is this correct? I (perhaps wrongly) thought that iptables needed to be running in order for the firewall to work properly.
View 2 Replies
View Related
Mar 9, 2010
I have setup sshd_config for port 3210! I have difficult setup the iptables firewall to allow ssh on port 3210! i always enter this:
iptables -A INPUT -p tcp --dport 3210 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 3210 -j ACCEPT
but after i restart ssh, the system do not allow port 3210... why? do i forget something?
View 4 Replies
View Related
Oct 16, 2009
Jst to tryout ufw I tried to close port 80 on my pc. I'm using Ubunutu 9.04. I sudo ufw enable sudo ufw deny 80. But nmap localhost shows port 80 open why? How can I close it? I will need to control some ports on my next server.
View 2 Replies
View Related
Sep 27, 2010
I have properly configured my router to open a port for Transmission and Vuze. The OpenSuSE firewall settings are somewhat confusing, however. How do I add a port specifically for the BT protocol? I know it's the firewall causing issues, because when I shut it down, my BT apps roar to life, and die with a whimper when I turn it back on. In Ubuntu, opening a port in the router is automatically configured in the firewall; that is apparently not the case with this distro.
So, when I go to Yast Firewall, I see "allowed services" under the tabs available. When I hit that tab, I see a dropdown menu that contains services such as NetBios Server and Samba Server. Am I choosing one of those available and adding a port to it? Am I adding a custom service via the Advanced settings, and if so, why isn't there a way to label the service so that it shows up under allowed services?
View 9 Replies
View Related
Jan 15, 2011
I used to have Opensuse 11.0 and Vuze 4.0.2 and both were working great. Recently I upgraded to OpenSuse 11.3 and installed Vuze 4.5.10. I did not change any configuration in the ADSL router but now I could not get the smiley icon to go green. I followed all the steps given here: A Quick Bittorrent Guide (with screenshots). It doesn't work. so I modified FW_ROUTE and FW_MASQUERADE to yes in /etc/sysconfig/SuSefirewall2. That also does not work. What did I miss here? My ADSL router is DSL-2640T.
View 3 Replies
View Related
Jul 25, 2010
Is there a firewall I can install that will only let certain MAC addresses through on a certain port?
View 2 Replies
View Related
Sep 28, 2010
I can't port forward to ftp behind my firewall, I tried several attempts but none worked.
Can anyone help me solve this?
View 10 Replies
View Related
Jan 26, 2010
I am trying to make a vnc connection from pc #2 to pc #1. Pc #1 is a debian pc behind a zyxel router (P-2602HW-D1A). Pc #2 is a windows xp pc another place at the internet.I have configured the zyxel router to forward incomming trafic on port 5902 to the local ip-adress of the debian box. The debian box is running a vnc server, listening on port 5902.But i dosn?t work.I have tryed to scan the zyxel routers ipadress on port 5902 from the internet, but the scanner says that the port is closed.The vnc server on pc #1 is working fine on the local network. I can connect to the server from a pc on the same side of the zyxel router.Is it deffenitly a router problem, or could it have something to do with debians own firewall?
View 2 Replies
View Related
May 5, 2010
I have a computer which has a public IP.My ISP has allowed only port 22 for my machine to be accessed outside from internet.I want rest of my computers which are connected to this machine be accessible via SSH on internet.I can configure IPTABLES to route different ports to internal machines but since ISP has given only one port for the gateway how can I go for it any guesses. I came across some thing reverse SSH tunneling but that has to keep the connection alive all the time at gateway I want my trusted people to be directly able to access the machines on LAN to which they have account to login in this scenario.
View 3 Replies
View Related
Sep 1, 2010
My host is blocking port 3960 which I need to use for an SVN server, they are telling me that I will have to install my own firewall. I've not done this before and am not sure of what to do or whether anything I can install will be enough protection.
View 2 Replies
View Related
Jan 12, 2010
i'm not able to play music at all. videos videos seem to crash my browser and using either rhythmbox or banshee they crash too.i ran rhythmbox by typing sudo rhythmbox and tried to play a file and it displayed a pop-up window saying that my autioaudiosink element is missing and the terminal displayed this:
code: (rhythmbox:8415): rhythmbox-warning **: unable to grab media player keys: could not get owner of name 'org.gnome.settingsdaemon': no such name
warning: unhandled message: interface=org.freedesktop.dbus.introspectable, path=/, member=introspect
[code]....
View 1 Replies
View Related
Jan 17, 2010
Currently Im having a syslog server that consolidate firewall logs on port 514 udp. Im also having a IDS device that I wish to push its logs to this particular syslog server so that I can retrieve my IDS logs on this server as well.
Is it possible to do so?Having syslog listening on port 514 for both firewall and IDS logs? If it is possible will the logs be recorded in a single log file?Or will it be recorded in a separate log file ie. firewall.log, IDS.log etc?? I wish to have them in separate individual log files or else there will be hard time segregating the log entries in a single file. Can anyone advice on how to achieve this??
View 2 Replies
View Related
Mar 23, 2010
In the firewall, I opened port 5900 for TCP traffic. Now the console is displaying packet information whenever a connection is made. Why does it send a message to stdout/stderr for an allowed connection? How can I stop it? Logging level is set to critical only, and not-accepted packets should only be logged for the internal and DMZ zones.
View 1 Replies
View Related
Sep 5, 2010
i am using 9.10 karmic. Firewall is enabled. added ports with ufw allow [portnumber], and i still cannot connect to a port number. iv tryed ufw allow ssh/tcp but that does not work. the ports work when i disable the firewall and i dont want to do that.
ufw is available in all new installations of Ubuntu since 8.04 LTS, but is disabled by default. The standard Ubuntu installation has a no open service ports policy, so enabling the firewall by default doesn't gain any extra security in the default installation, but could provide confusion for people new to Ubuntu when new software that is installed does not work because of restrictive firewall rules. As a result, when first adding ufw to Ubuntu it was decided that users must 'opt-in' to using the firewall. In Ubuntu 9.04 and later, you can enable ufw during installation using preseeding. See /usr/share/doc/ufw/README.Debian for details.
View 7 Replies
View Related
Apr 15, 2011
How to parse the bunch of values displayed by the socket program into the php file so that further it can be displayed in HTML page
View 1 Replies
View Related
