My question is simple - is there any linux app or applet which is able to show (monitor) incoming and outgoing connections assuming it's a direct internet access? I was using a firewall on a system off Redmont which was able to show every connection, listening ports of services if some were opened etc.
View 1 Replies
I am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedOS : CentOS 5.3 64bit How to trace incoming and outgoing network traffic for a give user? User 'A' logs in to the system and does various network connectivity As root user need to find what are the outgoing and incoming connection that are related with user 'A'. basically need to check the connection flow. netstat will show ESTABLISHED, LISTEN etc.. need something like tcpdump
Eg:- --user option for tcpdump tcpdump -vv -nn -i eth0 host 10.200.2.1 and tcp dst port 8080 --user A Can someone tell me any tool which can do such thing? Even if it can show the process ID of the client application which is trying to establish network connectivity will do.
I have a bunch of Ubuntu boxes on one subnet, 192.168.1.0. I have a Windows 7 box on another subnet, 192.168.2.0. I am able to ping and SSH to all servers on the .1 subnet except for one server, which I will call PITA. I will attempt to SSH to PITA, and it won't respond, nor does it respond to pings. I will the SSH to PITA from another of the test servers, successfully connect, and then when I SSH from my Windows 7 machine I can connect successfully. If I first connect via console to PITA and send some pings out (to anywhere, like 4.2.2.2), I can also connect from my Windows 7 machine. I've never seen anything like this.
One of the weird things is that I used PITA to create an image that I then used to create many of the other test servers, and they work fine, so I'm not sure what the problem is. I've checked /var/log/messages and syslog and there's nothing in them that indicates a problem. I've rebooted this server, restarted SSH, changed the IP in case it was conflicting with something else, forced an ARP update in case it was cached (since I had bonded the interfaces), cleared the ARP cache on my own machine, verified Network Manager is not installed...and I still have this issue.
Here are some network-related config:
/etc/network/interfaces
Quote:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
[code]....
How could we bcc all outgoing / incoming email through my Sendmail (8.14) Server?
I tried this /etc/procmailrc
:0c
! backupmail@domain.com
But this get looped and backupmail received multiple emails of each for domain.com while sending locally from one user to another user.
I just started using Skype and I am having a problem with the incoming/outgoing audio dropping out. The videoconference will start normal the connection being perfect. The guys on the other end can see me perfectly and can hear me loud and clear for the first say...10-20 secs but afterwards the outgoing audio from my part is dropping off and they can not hear me anymore. They can still see me. I can still be seen on the other end and typing and the share screen works perfect from my part or from their part but they can not hear me anymore..
Or there are days when it goes the other way round. The incoming sound would be dropping out. I can still be seen and heard on the other end and typing and the share screen works prefect but I am not able to hear them. I am using Slackware 13.1 on a XFCE desktop installed from the official DVD downloaded from the official site and the sound works perfect. I have no problem watching videos and hearing the sound in ..... or any other audio-video streaming sites.
I need to configure iptables to block incoming traffic (except specific ports), but allows all outgoing traffic.
I am able to block incoming traffic, but doing so also prevents outgoing traffic (tested by telnet [URL] 80)
The following was used:
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -I INPUT 1 -i lo -j ACCEPT
iptables -A INPUT -j DROP
Also, even allowing NOT SYN requests still prevents outgoing traffic.
iptables -I INPUT 1 -p tcp ! --syn -j ACCEPT
Another point:
# modinfo ipt_state
modinfo: could not open /lib/modules/2.6.18-028stab070.14/modules.dep
How to install ipt_state module on ubuntu?
As a part of migration I am proposing different scenarios to my organization. One which is asked to prepare is to configure multiple mail servers to handle incoming and outgoing mails. Say I have -[URL], I need to have accept mails from [URL] and send mail from [URL].
View 1 Replies View RelatedOn our webhosting servers, where is primary running apache, sometimes starts huge outgoing traffic to random IP addressess (each time of attack is it just one IP). It's always UDP,and according to my investigation tcpdump, it looks like p2p. The problem is in big outgoing traffic, and secondly in filling ip_conntract table /proc/net/ip_conntrack. I think, that one of our webhosting users has some virus uploaded on his FTP, which is time to time ran. I think, that if I can map outgoing traffic to particular process ID, it will be easy to find the PID in access log of webserver and than see what URL it causes.
What I have checked already:
- outgoing UDP connections are not listed in netstat - so cannot get PID from there
- Apache with PHP is in safe mode - cannot exec binaries, cgi is disabled
- I can see tons of records in tcpdump, but from the dump I'm not able to get PID
- In time of attack I was trying to run `lsof`, but nothing to see - didn't found the attacker
- I went through apache access log - I took time of attack -i.e. 02:22 am - grep from access log all hits between 02:20 and 02:29 am and try to call all them again - problem didn't occured
- checked the POST records from access log - nothing
- grepped all php files for keyword 'fsockopen' and 'torrent'
- from iptables --log-uid I have found user nobody (under apache is ran)
I think that the key is able to match outgoing connection to PID, than it will be easy.
I've got a box with 2 interfaces, with IP1 = 192.168.100.1 and IP2 = 10.1.1.1 respectively on them. I've got an iptables rule that looks like:
Code:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 10.0.0.0/8 -p udp -j SNAT --to-source 10.1.1.1 --random
If I get 2 consecutive packets from the same address and port from 192.168.100.0/24, they get SNAT-ed and come out of the same port on 10.1.1.1. If then I get another packet from the same address and port 10 minutes later, then it gets SNAT-ed, but comes out of a different port on 10.1.1.1. My question is: how can I set the time delay I would like iptables to remember its incoming address/port to outgoing port mappings?
i need is to have http and https allowed, together with mail server (incoming and outgoing) and ftp, ftps and ssh. all other ports have to be closed.
View 3 Replies View RelatedAs too my question, at this time I dont control the router/firewall an I would like to block a port thats used for guild wars on my workstation for a while. The reason for blocking is children have abused it an lost it.In this case I am trying to block outgoing traffic on port 6112. I have tried setting up a proxy server on the workstation, but the game seems to ignore it an jump on. Due to the environment, I enabled the workstation SuSEFirewall2 firewall an tried setting up "lo" as a internal an configure the firewall as a router, then disable 0/0 an configured for 0/0,tcp,443 an re route port 80 traffic to proxy.
When I had my own internet, I had a transparent proxy enforcing rules for access times. So setting up a proxy on each machine would not be a bad thing, even if it took some creative thinking. I am trying, but seem to be missing something.Ideally, I would like to setup a transparent proxy, as my kids have learned alot about system administration an know to check the proxy module. If all they have to do is un check "Use Proxy" an by pass a local proxy server, then I am kinda defeated. An applications such as firefox have a proxy setting they could set to none instead of system
Its been really bugging me that whenever I scan my connection with wireshark I see this one person sending me a SYN packet every minute on port 445. I know this is the dangerous port that the Conficker worm travels along. So far my computer seems to be immune and I know, at least on the Linux side that I can just add a rule to my ip tables to block that port indefinitely. I want to know what the next step is.
00 0c 41 b2 e4 1d 00 11 09 b2 2f 0e 08 00 45 00
00 30 91 84 40 00 80 06 d1 c7 46 4f 86 29 XX XX
XX XX 10 43 01 bd 9e 23 d6 27 00 00 00 00 70 02
ff ff 65 58 00 00 02 04 05 b4 01 01 04 02
This is one of the packet captures I am getting. After sending me this and getting no reply, all of a sudden he goes up an ip. Basically this would be the pseudocode for what it looks like hes doing on my end.
while(1){
for(int i = 1; i != 255; i++){
send_connection_attempt("XX.XX.XX." + i);
}
}
To me this looks like this guy has hijacked a computer and is using it to run a script over. He is still scanning my network as I said earlier, what should I do? Should I contact my ISP? or just nail down the hatches and make sure nothing is exposed on my network?
I need some suggestions on software. I would like to offer remote desktop support to some of our clients, but some of them are using ISP's that block incoming connections so, VNC is out of the question. I was wondering if there is something similar to logmein for ubuntu?
View 1 Replies View Relatedincoming connections are not being reported to my /var/log/secure. I can't see if people are trying to connect. I can't troubleshoot because I can't do anything.
View 5 Replies View RelatedI'm trying to get VNC working but I'm getting this error message:
Quote:
ssh: connect to host my_ip_address port 22: Connection refused
When typing:
Quote:
ssh -f -L 5900:localhost:5900 user@my_ip_address x11vnc -safer -localhost -nopw -once -display :0 && sleep 5 && vncviewer localhost:0
I'm trying to follow the instructions here: [URL] but I'm struggling with point 2 & 3:
Quote:
2. If you have previously reconfigured the firewall on your PC, make sure the firewall allows incoming connections on port 22 from anywhere, and on port 5900 from localhost (also known as 127.0.0.1)
3. If your PC is behind a home router, or any other device that uses NAT, configure your router to send connection attempts on port 22 (but not port 5900) to your PC
So my questions are:
1. I installed a fresh version of Ubuntu 11.4, should I be concerned about step 2? If so, how can I allow incoming connections on port 22 from anywhere, and on port 5900 from localhost?
2. Regarding step 3, I'm using NETGEAR model DGN1000 router. Is that something that I should do from the router's setting page or it's some commands that I should pass through SSH?
I want to allow 100 incoming connections to my linux server running smtp. I know that tcpserver -c will set the limit of allowed incoming connections, but how can I tell what the currently set limit is?
View 4 Replies View RelatedI'm using Linux Mint 8 KDE, which is essentially kubuntu karmic.
Been trying to set up bittorrent (tried several different apps), have followed all the usual steps, forwarded ports on both Guarddog and my router, but still no incoming connections. Then tried disabling the firewall in Guarddog - still no incoming connections. Never had any problems configuring my router before so can only think that there must be something else blocking ports in linux other than iptables.Also had same problem just using ufw and gufw
Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
View 2 Replies View RelatedI have a ubuntu 10.04 dedicated server that I am having problems with. It intermittently cannot connect to any other servers outside its network.
Code:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 received, 100% packet loss, time 7008ms
(I have tried a bunch of other ips too and none outside its network are pingable) I'm not sure if this is a problem with my server or a problem with the networking outside the server. I have been emailing my server provider and they keep on insisting the problem is with the server and that their network is working fine. Apparently all of their other servers work and they can login into the gateway and ping 8.8.8.8 from there. So they just want to reinstall the OS, but I thought I'd post here to see if anyone has any ideas.
Here is some info I have gained while troubleshooting: I haven't changed any settings at all on the server for months. I haven't done any updates for about a week. The strangest thing is that this is intermittent, there have been a few times in the last 24 hours where I have been able to ping 8.8.8.8 or other ips, but 98% of the time I can't. I have also tried rebooting the server, which had no effect. I can ping the gateway, and I can ping other servers on the same subnet. I can ssh onto the server from my home internet connection, and I can view webpages on apache, so incoming connections work.
How I can refuse an outgoing connection on opensuse firewall by default outbound policy is permissive, and the p2p I explicitly deny an outgoing, according to protocol, remote port and local port.
But I can add rules as how to run opensuse firewall rules are permissive only for inbound traffic and so I can not specifically deny an outgoing connection.
Before using fwbuilder is very powerful and configurable but now I'm with suse for convenience but want to know if you can do what I want, if not I will have to use fwbuilder.
What is the easiest way to setup an incoming and outgoing mail server on centos? Without using a control panel, such was webmin.
View 2 Replies View RelatedI just set up a new router for our home office. I've enabled traffic logging, and I'd like to have the logs emailed to me. However, in order to configure email-notification, the router needs and outgoing mail server. Forgive me, but I don't really understand the terminology being used here. I've googled this a bit, but I'm not sure I now what "outgoing" vs "incoming" mean in the context. I tried using my gmail account as the outgoing mail server (smpt.gmail.com) but it requires TTLS encryption, and there's no option for that on my router.
So I figured I'd setup a simple mail server on my local network. I have a dedicated server machine, so I'd just configure a mail server there. But I got stumped at the first input box (in the yast module):"Outgoing Mail Server".That's what I wanted to use this server for. What is this "outgoing mail server"? I understand it in a normal emai context (I think) but this is confusing me. I've read through the HowTo on the openSUSE wiki, but it still doesn't answer this question.Isn't there some way to have a simple, local mail server (without MX records and the like) so I can send email from a local machine?
As a beginner I installed Fedora 11 yesterday. Everything went well until I installed Evolution and Thunderbird. Incoming mails went well, but outgoing mails not.
View 6 Replies View RelatedI want to have separate incoming and outgoing mail servers with smtp authentication.
Server1 will act as incoming mail server
Server2 will act as outgoing mail server
How can i authenticate domains users of Server1 from Server2 for smtp authentication.
There is a big problem with opensuse 11.4 and virtual interfaces.Until 11.2 outgoing traffic by default was sent by the eth0 address nevertheless which virtual interfaces did exist if any was used.Now there seems to be sent by the last interface listed with ifconfig.The outgoing address in this case will be 10.0.0.3.This is very problematic with smtp control etc.
View 1 Replies View RelatedI have openSUSE 11.2 installed and i need to create a gateway server that allows virtual private network connections. I want to play with my friends some lan games, but we are in different networks, so i want to create this gateway server so we can connect with VPN clients to this server and play freely.
View 7 Replies View RelatedDoes anyone know how to permanently enable X connections from all machines on my local network. I keep having to enter 'xhost +' to allow X connections.
View 2 Replies View RelatedI have no Internet Access with Firefox
I first tried an upgrade from 11.3 to 11.4 and lost Internet Access, so i re-loaded 11.4 from scratch on clean partitions.
I am connected to my wireless WPA2/PSK connection, have an IP, am able to see the network.
I turned off and disabled the SUSE firewall.
I tried setting Firefox proxy settings to auto and to none, i dont use proxy.
I am currently posting this through an SSH connection to my 11.1 server from the new install of 11.4 on a Dell latitude D600 laptop (not using the on-board Broadcomm that is an issue for a later date).
I am running out of ideas anyone got a clue.
I had a google of this but can't find anything useful. I use networkmanager to configure my wireless card. Currently this only works when I'm logged in to KDE. If I log out the system loses the network connection. Is there a way to make it persistent using NetworkManager?
View 9 Replies View Related
