Does a firewall exist, that shows "whois" info for ALL new connections that are attempted? Or even better, "smartwhois" info?New connections meaning, connections to IP blocks never connected to before. So you go to a site that belongs to owner A, and if an attempt is covertly made to connect to another site that belongs to owner B, an alert is shown and you choose if you trust this owner.
View 14 RepliesI have noticed interesting problem. I use two browsers - Firefox and Konqueror. Konqueror is configured to use tor, Firefox not. Using Gufw I block all incoming and outgoing traffic and it works while using Firefox, I mean that I can't view any www site and it is ok. But if I use Konqueror I can establish any conection. How to understand this? Should I have different firewall while using tor?
View 5 Replies View RelatedI know that GNU/Linux does not need a firewall (due to iptables), but I would like a basic firewall that would watch incoming and outgoing connections. I would prefer it to have a try icon and be able to run as a regular user, such that I can add it to my .fluxbox/startup file. Anyone know of any good ones? They don't actually have to interface into iptables (because I would do that myself), but if they do it would be a bonus.
View 4 Replies View RelatedMy connection manager shows wired connections and shows wireless as being disabled. here is some terminal info getting wireless going?
Here is a bunch of things I have tried and the results.
nixon@nixon-desktop:~$ sudo ifup wlan0
Ignoring unknown interface wlan0=wlan0.
nixon@nixon-desktop:~$ sudo ifdown wlan0
ifdown: interface wlan0 not configured
[Code].....
I'm encountering a strange problem. I need to open and forward all UDP and TCP ports related to VoIPtelephony (5000:32000) in the Suse 11.1 server that's acting as router/firewall in our setup. The ports must redirect to a Asterisk server in the local network. (This server has the IP adress 192.168.0.3)I've opened ports in Yast (Firewall>Ports>Advanced) and putted in some masquerading rulesirewall>Masquerading):0/0,192.168.0.3,tcp,5000:31000,5000:310000/0,192.168.0.3,udp,5000:31000,5000:31000when I do a nmap localhost I get:Starting Nmap 4.75 at 2010-01-08 16:52 CETInteresting ports on localhost (127.0.0.1):
Not shown: 991 closed ports
PORT STATE SERVICE
21/tcp open ftp
[code]....
I keep finding packets that appear to be whois on port 44. they appear to originate from me to whois.arin.net (2 packets each time) and 199.212.0.43 (also 2 packets each time) when I put 199.212.0.43 in the URL box it says "Failure To Connect To Web Server". when I whois it it says:
Quote:
Available at [url] And yes, I did get the same packets when I used whois. Why is my computer randomly whoising stuff?
Is it fair to say that connLimit and hashlimit are very similiar on Linux i.e. while hashlimit caters to limits for groups of ports, they both set the connection rate limit per host? How in IPTables, do I configure a policy that limits connections on a port that encapsulates the total sum of all connections from all hosts? i.e. I do not want to allow more than 6000conn/minute for port range that is the sum of all connecting hosts?
View 3 Replies View RelatedCan we use iptables as firewall instead of Juniper firewall
View 2 Replies View RelatedI run ubuntu on home pc and am very happy with it. I use internet to surf and to see my email on gmail.com etc. What commands should I give to setup ufw firewall so that only this much is allowed? Also, where can I see if some other connections have been blocked?
View 9 Replies View RelatedI want to write a custom rule to allow all connections to the ip addresses on my local network (192.168.2.2 through ...99) but I don't know how. I know adding a custom rule asks me to read a file and put it in "iptables" format, but I don't know how...
View 5 Replies View Relatednmap is showing a port as closed. I have the firewall stopped on both hosts.It shows as closed on localhost as well.The process that's listening to that port is not started from xinetd so i doubt hosts.allow/deny is the issue.I can't help but feel that I'm forgetting some other access control mechanism.Both hosts are RHEl5.4
View 3 Replies View RelatedI have problem on VPS running opensuse. When I enable firewall outbound connections stop working. I have tried everything I know (not much when it comes to firewall (iptables)) but could not solve this.
Here is my ifconfig:
Code:
I used xxx.xxx.xxx.xxx to hide real address.
I messed up my Network Connections when I put a different NIC in my computer. Now I just went back to using the old NIC. It shows up in ifconfig, but the GUI Network Connections is blank. When I manually Add the connection back to the GUI Network Connections, the settings are not reflected when doing ifconfig.For example, I change the IP address for eth0 in GUI Network Connections, save the settings,
View 6 Replies View RelatedI am still new to ubuntu and I use firestarter as my firewall tool and I was told that its just ufw in a gui. Well anyways I noticed a connection to 174.129.241.144 using https and python, I didn't have any scripts running and my browser was closed, I read the man files for ufw and it said to do something like deny from 174.129.0.0/12 and I want to block all incoming and outgoing connections to this IP range and I was wondering how to do that, I heard of iptables that it would be able to do this but I dont know anything about it. What I should learn so I can handle these kinds of situation in the future and how I can block this ip subnet or also what does the /8, /12, and /16 stand for?
View 7 Replies View RelatedI have a Suse11 box with 2 network cards:
I have squid as a proxy on the Suse box, and with the default firewall I have to enable masquerading to allow clients on the eth3:1-3 to send and receive mail through the Suse box. I found the Suse firewall completely inadequate (all P2P software/connections are allowed once you enable masquerading) and had to install ConfigServer Security & Firewall. In die configuration of csf I could get my way around getting smtp to work for the eth3:1-3 clients, but pop3 connections does not go through the box. I know I need to allow port 110 and 995 to masquerade of NAT (or something) and then the same for port 22
I tried installing F-prot's linux scanner but it doesn't seem to want to install and I am tired of messing with it.
So I am wondering if I even need it or if there is something else.
I am behind a firewall already with my router if that helps any.
I guess I am having trouble understanding why virus protection is less necessary.
Do people not write viruses for linux systems?
I have used the information available at wiki.debian.org/iwlagn to install firmware etc for my Intel Pro Wireless 4965 card.According to the network applet the connection is good, but it only seems to work when my ethernet cable is plugged in.I get no connection without the cable in, even though clicking on "edit connections" showshat ethernet is shown as "device not managed".With the cable plugged in I can get emails. Iceweasel will connect to the internet, but Epiphany will not.Without the cable I get no internet connection at all
View 9 Replies View RelatedI remember that I did configure my desktop PC for wired and wireless connections since openSUSE 11.2, 11.3 and 11.4. Currently I have openSUSE11.4 x86_64 KDE. Today I happen to notice that the icon for NetworkManager in the taskbar has been replaced with a red X. I discovered that Network Manager only shows VPN tab, whereas Wired and Wireless tabs are greyed out. The strange thing is I still have Internet connection with the CAT5 cable being plugged in. I can still configure wired and wireless connections via YAST but I cannot fix Network Manager settings.
View 9 Replies View RelatedWhen I get on the internet with Mozilla I am getting advertising that mentions the city I live in. How is that information being sent from my computer and how can I stop it? Is this in a file I can edit or delete?
View 14 Replies View RelatedEach computer has certain hardware that has its own ID...My understanding is that this info can be used to identify you.
Is there a way to either permanently change the ID values of that hardware in the bios or hardware, or at least a way to alter what you transmit to websites when that info is recorded?
What information is being transmitted as I post right now?
Lately I have become very concerned about data mining. I do not want corporations to be saving my web browsing behavior so they can market me products, and I do not want that same info being given to the government either. I have an expectation of privacy on the internet.
have a problem with my network-manager in ubuntu 10.10.when I dial one of my vpn connections, my other vpn connections be disabled and I can't use them!I tried to restart network-manager and gnome-panel, but it does't seem to solve this problem.
View 1 Replies View RelatedI have an sshd server up and running (F13 64bit) I'd like to connect to a pc that's behind a firewall using ssh tunnelling, so I have something like
ssh -R 1234:127.0.0.1:22 myuser@mypc
then from mypc I can succesfully login to the remote pc. I have just une question. How can I list the ssh active connections and the forwarded ports ?
I've only got to
netstat -tunva
but this returns only (filtered)
tcp 0 0 127.0.0.1:1234 0.0.0.0:* LISTEN
tcp 0 0 ::ffff:172.16.0.XXX:22 ::ffff:172.16.1.XXX:60744 ESTABLISHED
Now I know that the first is the tunnel end but how can I connect the two lines if I don't know the port number (ie: someone else estabilieshes another tunnel)
I have been setting up multiple security system in the area and was wondering what was the easiest way is to get the camera information that one would need in setting up survellance systems like zoneminder. I use xawtv for testing and
PHP Code:
zmu -d <device_path> -q -v
But how can I get specific information about NTSC/PAL cameras or IP cameras. In other words is there a specific tool for that purpose? I can see my video cameras fine using xawtv -c /dev/video but can I look at those log files to see what setting it used for the cameras
anyone can explain me why whois sometime does not reply for some ip only ?
View 4 Replies View RelatedFor some time now I've been noticing the network activity light for my linux box blinking like mad on my router. After a little looking around for ways to see what connections my box has established, I found the following using lsof -i
Code:
bash 13839 root 1u IPv4 3118972 TCP shana:49148->Oslo.NO.EU.undernet.org:ircd (SYN_SENT)
bash 13839 root 2u IPv4 3118986 TCP shana:34323->161.53.178.240:distinct
[code]....
I know I'm not using IRC, and I have my sshd locked down fairly tight, requiring a key to log in, so obviously, it looks like there's something or somebody in Croatia (the origin of that IP address) connecting my system to undernet.org for some nefarious purpose. Looking at my processes, ID 13839 shows up as
Code:
13839 ? S 0:00 bash
Just 'bash', not '-bash' as
Code:
13426 pts/0 S 0:00 -bash
my session appears. Previously, this odd bash process was ID 2704, which seemed to imply that it had launched fairly soon after my system booted up which really makes me wonder. Oh, and yes, I did kill that 2704 process, and it returned as this 13839. 2704 also had those same IRC connections present in lsof.
on my linux server i have many websites but with difrent ips address, is some way to i can block all the ips with many connection (100+) just from my website not from all websites
View 5 Replies View RelatedIts been really bugging me that whenever I scan my connection with wireshark I see this one person sending me a SYN packet every minute on port 445. I know this is the dangerous port that the Conficker worm travels along. So far my computer seems to be immune and I know, at least on the Linux side that I can just add a rule to my ip tables to block that port indefinitely. I want to know what the next step is.
00 0c 41 b2 e4 1d 00 11 09 b2 2f 0e 08 00 45 00
00 30 91 84 40 00 80 06 d1 c7 46 4f 86 29 XX XX
XX XX 10 43 01 bd 9e 23 d6 27 00 00 00 00 70 02
ff ff 65 58 00 00 02 04 05 b4 01 01 04 02
This is one of the packet captures I am getting. After sending me this and getting no reply, all of a sudden he goes up an ip. Basically this would be the pseudocode for what it looks like hes doing on my end.
while(1){
for(int i = 1; i != 255; i++){
send_connection_attempt("XX.XX.XX." + i);
}
}
To me this looks like this guy has hijacked a computer and is using it to run a script over. He is still scanning my network as I said earlier, what should I do? Should I contact my ISP? or just nail down the hatches and make sure nothing is exposed on my network?
i want set up IDS(Intrusion detection system) and Firewall in my home just for learning.. The Goal is learn IDS log and Firewall log..
View 4 Replies View RelatedI checked all the logs in /var/log but couldn't see anything (I was hoping /var/log/auth.log would have it, just like it has ssh connections in there). I've got a machine that several people VNC into and I would like to keep track of things. Are there other VNC servers out there that keep logs? I could switch, but I went with krfb because it works perfectly for me and came already installed.
View 2 Replies View RelatedI might be misunderstanding the log but it looks like UFW is blocking connections. I want to allow all incoming and outgoing. I guess what I'm saying is that the servers on my computer will open ports but all other ports should respond with closed just like a default Ubuntu install. Trying to use UFW to monitor connections without really doing any firewalling.
Code:
Aug 1 07:14:07 universal-mechanism kernel: [311111.963762] [UFW BLOCK] IN=eth0 OUT= MAC=00:1f:c6:8a:e9:66:00:01:5c:32:f4:c1:08:00 SRC=72.21.203.146 DST=174.44.178.56 LEN=40 TOS=0x00 PREC=0x00 TTL=233 ID=51984 DF PROTO=TCP SPT=80 DPT=54466 WINDOW=8201 RES=0x00 RST URGP=0