Networking :: Using ESTABLISHED And RELATED Together Seems Dangerous
Apr 16, 2011
I've seen packets coming to my computer through a DD-WRTv24s2 gateway above port 32K several times. I have iptables (using fwbuilder locally) both places. My desktop stops the packets. But I'm guessing the problem is as I described in the title for this post. Yes?If you ESTABLISH a connection to some webpage, and you just accept ESTABLISHED or RELATED datagrams in rule 1 of your iptables, what will keep incoming TCP from that (presumably nefarious) site from going straight to your desktop like the building firewall isn't there?? If the site wants to connect to you above 32k, or portscan you, its RELATED correct? They know your IP. You've ESTABLISHED a connection.If my guess is correct, it would seem wiser to NEVER use these together. Better to ACCEPT all ESTABLISHED. And if something is RELATED, then ACCEPT it only if its the data connection on FTP or individually by service or protocol.
I am running a Debian server, with 2.6.30 kernel and everything standard.I have two ethernet cards (eth1 is the external, eth0 the internal) and I use the server as backup server, firewall, https for email reading with squirrelmail, Samba server, email server and that's it.If I understood correctly IPTABLES, the following OUTPUT rules should allow my server to establish communications with an http server (for dselect), an imaps server (for fetchmail) and an ssh server.However, it does not work, it only works when I allow all OUTPUT (adding "NEW" to "ESTABLISHED,RELATED")).Could anyone let me know what is wrong and how I can fix it (not opening my OUTPUT to any communication)?My IPTABLES script is pretty long, so I only copy/paste the OUTPUT lines unless anyone requests the rest.uote:
We are having an issue with our application where once we start making a few hundred connections to our Linux server, our connections are staying in the established state. When our app is working fine, the client sends a basically a heartbeat every five minutes. It is all nice and clean, receives the FIN and shuts down and that's that. tcpdump as follows:
Code: 12:53:10.965206 IP serverA.xxx.xxx.com.40315 > serverB.xxx.xxx.com.1234: . ack 2 win 46 <nop,nop,timestamp 3299017001 2043788445> 12:58:10.892878 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: S 494392992:494392992(0) win 5840 <mss 1460,sackOK,timestamp 3299316941 0,nop,wscale 7> 12:58:10.894882 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: . ack 3318963465 win 46 <nop,nop,timestamp 3299316941 2044088355> 12:58:10.894886 IP serverA.xxx.xxx.com.40322 > serverB.xxx.xxx.com.1234: P 0:78(78) ack 1 win 46 <nop,nop,timestamp 3299316941 2044088355> .....
Then things start getting busy, and it ends up looking like this: Code: 01:28:10.493760 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: S 774853781:774853781(0) win 5840 <mss 1460,sackOK,timestamp 3344315513 0,nop,wscale 7> 01:28:13.491231 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: S 774853781:774853781(0) win 5840 <mss 1460,sackOK,timestamp 3344318513 0,nop,wscale 7> 01:28:13.491755 IP serverA.xxx.xxx.com.41132 > serverB.xxx.xxx.com.1234: . ack 3597595480 win 46 <nop,nop,timestamp 3344318513 2089089105> ....
What could be the cause if the fin was received at 01:28:13.492743, but hours later this connection is still established: gateway 16514 root 111u IPv4 2714750 TCP serverB.xxx.xxx.com:1234->serverA.xxx.xxx.com:41132 (Established) There is no corresponding connection in the client's netstat.
I was wondering, on a GNU/Linux system including but not limited to *ubuntu, how would I go about determining when the network connection is established on any interface, so I can run a shell script only once at that exact time?The idea that comes to mind is polling-and-sleeping, but I'd like to know if there is another, more robust way? Like an onconnectionestablished javascript event or something.
there is an open wireless i can connect it -in ubuntu- but can not browse anything.we tried to connect via mobile it's working fine ,in addition via Windows XP it's fine ,but not in ubuntu why???!!
I just found something "strange" by using netstat tcp 0 0 myhost.deprecated:53719 amaretti.chimfar.:54406 ESTABLISHED How can I check what is the program that is responsible for this line?
I have received a new modem from my provider and installed it. No problem with that except that there is a problem with my internetconnection. The internetconnection is established.But my computer gives an error every time I want to visit a website:
I bought my new Dell inspiron N1401 64bit laptop. It has windows 7 installed in it, I am begineer to linux. I have installed Ubuntu 11.04 64 bit version. I have a wired internet connection which works fine with my windows 7. When I switch to Ubuntu, when internet cable is plugged, the top right corner, network manager shows connection is established, but when I open firefox I cannot access internet. I tried searching on forums, but I could not make it work. If I type ifconfig command in terminal attached is the output I get, I dont know what is the problem. I want to use Ubuntu than Windows
I see something like internet connection is established. Ive established etho connection but I cant open any sites at all. I also have Windows on another hard disk and it works well. About a week ago I had Ubuntu 8.04 and it worked really fine. What�s wrong? Is there any remedy?
I am trying to connect to a windows 2000 VPN server at work, with my current settings in DOES connect to the VPN and i can ping the domain server which is 10.1.1.2 but the first issue is i cannot ping the other computers on the network(via hostnames) can't remember the ip address of the other machines . second issue is when the connection is established and i RDP into 10.1.1.2 ok great i am connected to the server but any interaction in the RDP session even moving the mouse on the screen kills the session and the VPN connection fails.
Running Ubuntu 10.04 LTS 64Bit
Image of current settings in network manager:
Syslog:
Code: May 11 12:08:04 oliver-desktop NetworkManager: <info> Starting VPN service 'org.freedesktop.NetworkManager.pptp'... May 11 12:08:04 oliver-desktop NetworkManager: <info> VPN service 'org.freedesktop.NetworkManager.pptp' started
After deleting part of the gnome config directories in order to reset gnome (GUI was messed up - No title bars, etc). I lost my bluetooth tethering to my Nokia N900. I cannot redo it as it always fails. Linking from phone to Laptop works, but cannot use it to link up to the internet then. Cable to the phone always worked up till now. Now I cannot get a connection as it stopped working after my upgrade to 11.04.
Trying to debug a network issue - we have problems with scp transfers to a remote host intermittently stalling. I believe it may have something to do with incorrect handling of sack / dsack TCP options. Looking at netstat -s, during a (successful) scp transfer the TCPSACKDiscard and TCPDSACKIgnoredNoUndo counters increase rapidly. This is on the client initiating the transfer to the remote server. This doesn't seem normal, but I'm having difficulty finding an explanation of what exactly these counters signify. The tcp_sack / tcp_dsack / tcp_fack options are enabled in the kernel on both hosts.
How do I debug this further? Are the counters a symptom of a known problem? It's kind of hard to google this, all I get is unrelated netstat output which happens to include 1 or 2 discarded SACKs, not tens of thousands like I am seeing. I can make tcpdumps on the client (unfortunately not the server), but what should I look for?
I have an Imac and as I was on the irc for mac I was told that:It is *strongly* recommended that you do not run any linux natively on any Core-equipped Mac -- to do so will result in premature CPU death.
Ubuntu 11.04, wireless adapter BCM4312.The connection works for a while, for a random length of time from a few minutes to a few hours, then stops working. The laptop says it's connected, and the router says it's connected, but the browser can't find any Web pages, it can't find the router, and there is no response to pings from the router or any other device on the local network or on the Internet. "Host unreachable." When I try to ping to the laptop from another one, it times out.If I shut down the computer and try again a few hours later, it works fine again for a while, then after a while it stops working again.
In case it's relevant, sometimes when I restart networking from the command line, it says "ignoring unknown interface eth1=eth1," even though ifconfig -a lists eth1 as up with an ip address. eth1 is the wireless adapter. Another laptop with Ubuntu 11.04 connects to the same router with no problems.Using a fixed IP address doesn't change anything.
My wired network dead which i used before 1hr. I seen my firestar firewall application blocked a hit from my internet provider gateway address. I allowed all the connection from my provider gateway after that hit. It did not work. I installed a new OS ubuntu 10.04 tls. and assigned the IP address but still I cant acess the internet. It says connection was established but i cant browse net. Some one pls help me. I tried configuring fire fox. no use.I am using Internet dish. I configure it by browser by entering dish IP.
I have problem in making connection to my vpn server I can make connection from windows xp to that but can not open any website and I can not ping 172.16.10.1 when connection established.
These are my configuration files:
server config file:
Quote:
client configuration file:
Quote:
And this is my server syslog tailed file:
Quote:
And I added this routing to /etc/rc.d:
Quote:
And this is my iptable:
Quote:
And vpn connection is lost after establishing a lot.
So you have to run wireshark as root too see the interfaces which I'm ok with but a message says that this is dangerous. I am just wondering WHY this is dangerous? I mean I know sudo gives complete read write access to the system but what I am wondering is why is that BAD for wireshark? What could potentially happen? Can someone expand on this?
The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors is a list of the most widespread and critical programming errors that can lead to serious software vulnerabilities. They are often easy to find, and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from working at all.
The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software.
There is a major problem - networking does not work at all for me in this setup with the new kernel.I use Debian distro on this notebook.I don't have previous experience with submitting a kernel bug and would like to learn how to do it to be able to help the community. There is a tool called reportbug in debian, but it is too much automated, I think - it automatically fills in the kernel version I booted to right now, but I need to report bug to different kernel version, in which networking does not work
Brand new network, just installed, all ubuntu 9.10 boxes connected to a Dell 2206 dumb gigabit switch, and from there to Dlink router to cable modem. Pretty simple. ISP confirms great link out and inbound,
However, http requests can sit for 20-30 seconds (sometimes longer), before content returns, same for pings.
Some thought it might be MTU-related. What is best MTU setting 1500/1492/ ?
I've only used Linux for about a year or two now and have worked through suspend esume and WPA wireless issues with CentOS and my T61p. However, I'm stumped on this one. why my T61p freezes randomly (happened once while writing this topic) with the caps lock light blinking. I'm wondering if it has something to do with my nVidia driversettings andor using my wireless card and/or switching between home wwireless and work wwired connection.
I just use apt dist-upgrade from stable lenny to testing squeeze, however, after upgrading i just cannot enter GUI environment, is it dangerous to upgrade distributions?
initiated update. Grub update required user input. The 'help' message is incorrect. Attached is a .jpg of a Grub message during the upgrade. Question: how does this get corrected? I would post an alternative wording but honestly,
I am new to ubuntu, just installed it a few hours a go. I've managed to get it hooked up to my wireless connection but still the internet doesnt work. What I can do to get it working?
i have just installed ubuntu 10.04 on my laptop hp 550.after i finished installation i connected to internet via eth0 wired connection normally and everything was fine...after about 1 hour i had no internet....i try restart but is the same problem....this is strange because my eth0 says connection established and when i open mozilla i cant open google either..when i ping [URL] it says "cant resolve "
my internet works fine in windows so what should i do to have back my internet on ubuntu...i cant do anything else in ubuntu if i have not internet and i like very much ubuntu so
switched from OpenSUSE to Ubuntu, largely to make things consistent with my netbook running Ubuntu 9.10 Netbook Remix I replaced the / partition but left /home intact I was wondering how to make Thunderbird use the profile already established rather than set up a new one?
copied /home/user/.thunderbird directory to /home/user/.mozilla-thunderbird
