Security :: Strange Ports On Public Ip?
Dec 2, 2010
looking at my router logs i've noticed for the past while a range of source ports from 60000 to about 65000 from my source external ip to destination external ip always on port 80. I have 3 boxes on this network and this only seems to happen when i connect the one laptop. I even reinstalled the distro downloaded from trusted source but the router is still logging this.. netstat -ntulp shows nothing operating in this range. chkrootkit shows nothing.. Was thinking maybe someone was spoofing the external address but it's been happening on network startup for a month now
View 4 Replies
ADVERTISEMENT
Feb 14, 2011
Within the documentation of example OpenVPN setups there is a setup that shows an OpenVPN Server with two network interfaces. One interfaces is plugged into the public internet network and the second interface is plugged into the private network.
Normally I assume that it would be best to place the OpenVPN system inside the network behind the router and firewall and open only the ports needed on the router to allow access to the OpenVPN system. All other router ports would be closed. This is the first example they show. To see what I am talking about see page(s) 6-7 here -> [URL]
If one were to use the two interface public facing setup, when would that setup best be justified? I guess if you didn't want to open any ports on the router/firewall then this could be justified but then you have to lock down this public system individually instead of having it protected by the network firewall.
View 1 Replies
View Related
Jul 8, 2010
I recently got a nice, lightly used IBM Thinkpad laptop. It has wireless capability for the Internet. Linux is the only OS in the laptop. At home, I don't have wireless-- I have a wired DSL connection for my laptop and for my IBM desktop (which also only has Linux as OS).
When I took the laptop to the public library, wireless is provided there for free and I had no trouble connecting to the system there. But since I'm new to wireless, what do I need to have installed to have a secure laptop when in the public library (or when I'm anywhere else that offers free wifi) using the wireless connection? [I use Firestarter as my firewall in the laptop and in the desktop.] Do I have to install some software to make sure my laptop is secured from spying and invasions when in the library or is the Firestarter enough? If Firestarter is not enough, what is that wifi security software by name?
[My OS is MEPIS 8.5, a Debian-based distro.]
View 2 Replies
View Related
May 12, 2011
Suddenly, I'm getting lots of messages in my CentOS 5.6 secure log : -
May 12 13:07:49 CentOS55 webmin[14538]: Successful login as root from 192.168.0.203
May 12 13:10:03 CentOS55 userhelper[14698]: pam_timestamp(system-config-securitylevel:session): updated timestamp file `/var/run/sudo/root/unknown'
[code]....
View 1 Replies
View Related
May 28, 2011
I've lately been getting some strange nfs mount requests for non existant users' home directories on a F14 machine to my file server (CentOS).The message log on the file server shows the following
May 23 03:10:53 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
May 24 03:21:13 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
May 25 03:26:53 data mountd[4835]: can't stat exported dir /export/home/httpd: No such file or directory
[code]....
View 2 Replies
View Related
Mar 30, 2011
I was just looking around and did a tail on my syslog and some strange entries came up:
[Code].....
I'm a Verizon customer in Maryland, USA running Linux at my home and I don't understand why named is looking at servers in France and Saudi Arabia. Am I just being paranoid?
View 6 Replies
View Related
Mar 7, 2010
I am trying to figure out the best way to set up 1-1 NAT for three public ips to three private ips through a ubuntu gateway machine.
I am running ubuntu server 9.10 and the set up is:
Internet/ISP modem -> NIC 1 Ubuntu Gateway Machine NIC 2 -> Three PCs with Private IPs
I had a few questions on how to do this correctly and securely.
1) What packages do I need to install (aside from the basic ubuntu server installation and possibly DHCP3-Server)
2) How do I assign all three public IPs to the NIC connected to the ISP modem? All addresses will be static, will I need the DHCP3-Server package?
3) Once I have the three public IPs assigned how do I map each specific public IP to the private IP address associated with it and provide the correct loopback? I want to make sure each response from the internal machines are sent out as their specific public IP.
4) Aside from allowing all connections, how should IP tables be configured to allow web services to one internal machine, mail to another internal machine and DNS to the other internal machine?
View 14 Replies
View Related
Jun 6, 2011
I've got a p12 certificate (I own the secret key), and I would like to export the public key to gpg keyservers. How to achieve this?It works flawlessly inside gpgsm and kleopatra, but I cannot send keys:
Code:
$ gpgsm --send-keys 0xDA4E5DD0
gpgsm: this command has not yet been implemented
View 1 Replies
View Related
Mar 30, 2011
Recently I've been finding two strange-looking files on my Windows shared folders! Their names are 'khy' and 'qffhtx.exe', they appear as hidden, and they're hard to delete!! especially the first one because it has no extension. I use Ubuntu 10.10, but I am worried because I also dual-boot Windows XP. Today I tried to open the .exe file in nautilus to see what is inside and I received the message "Unable to open archive", 'khy' is apparently an empty text file. Then I unmounted my /home partition so my files are out of the way, and I ran the .exe file using WINE,
Now I have a strange-looking applet on my top panel!! and it says "Script paused", also it says "Exit', and also Wine command prompt says something strange about "LockWindowUpdate", don't imagine it I'll post the screenshots so you can see it for yourselves. Also --and this is weird-- the virus apparently is trying to call a Windows process named csrcs.exe!! Again, I'll post the screenshots.
If this is a virus, then it's like a fish out of the water on my Ubuntu, it's probably trying to do something but it can't find its way around, it's kinda funny, but Im worried because I also dual-boot Windows XP, I'm having a hard time trying to remember the name KHY, it's a very weird acronym, it's the acronym of a disease, according to what I googled, i'm sure it's a virus!!! Anyway it's HARD to remember!!!
what can I do about this? How can I see the "script"? can Ubuntu kick its ***?how can I clean my Windows?
View 9 Replies
View Related
Oct 18, 2010
I have an encrypted document (with my key) which I should decrypt. After the generation of my key, my computer is formated and new reinstalled. Now GnuPG find my key public and I can't use it for decryption!
View 9 Replies
View Related
Jul 22, 2010
I have to make sym link of phpmyadmin in /var/www in order to run phpmyadmin. I read that links can't be chmod-ed. The link ot folder phpmyadmin has 777 permissions. When browse in it every file has only read and for the root read/write access.
Is that a problem (777 access rights on sym link phpmyadmin on /var/www folder)?
View 1 Replies
View Related
Sep 21, 2010
Is there anyway i can ssh/rdp/telnet into my server from the outside bypassing comcast ALL blocked ports
View 1 Replies
View Related
Sep 8, 2010
I can't get this to work on my machines.
So far I have:
1. created a key with ssh-keygen on the server to be logged in to
2. copied the .pub key to my local machine
3. chmod 700 ~/.ssh on both machines
4. chomd 600 ~/.ssh/ic_rsa on the server, and on known_hosts on my local machine
5. added the .pub key to ~/known_hosts on my local machine
my local machine doesn't have an "authorized_keys" file which is what everything is telling me I should append my .pub key to. The only thing that was in my .ssh folder was known_hosts, so I tried that. I also tried making an authorized_hosts file to no avail, changing permissions appropriatly on all files.
Should I/Can I reset ssh in some way? Is there are reason I don't have an authorized_keys file or is my known_hosts file my authorized_keys file?
Would it be better just to uninstall/reinstall ssh?
View 2 Replies
View Related
Jul 17, 2011
how safe is it to run Ubuntu updates when I'm connecting via a public network (wireless or wired) from a hotel (or other public settings). I'm not familiar with the internals but is there an additional validation mechanism for the package servers other than the URL ?
View 4 Replies
View Related
Mar 24, 2010
I have trouble with rsa authentication:
I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys
I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect:
ssh sampleuser@sapleserver
I get that: permission denied (public key)... I know I do smth wrong but I don't know what.
View 2 Replies
View Related
Feb 18, 2010
In my ~/.ssh I have a number of public keys and one private key (id_rsa). How can I verify which one makes a pair with the private one.Or, can one generate the public one from the private key (in reasonable time)?
View 4 Replies
View Related
Apr 28, 2011
I have open ports on my computer for vsftpd, pptpd, and I need help to filter this ports because they aper as open ports on internet, and this is pretty risky
View 3 Replies
View Related
Apr 1, 2010
After reading a lot about networking and security I decided to check the security of my own ubuntu box. So I went installing Nmap and discovered that port 139 was "open". Since I 'd read how to use ufw I created a deny rule for port 139. After a second scan with Nmap it still said that port 139 was open as shown below.
[Code]...
View 9 Replies
View Related
Jul 27, 2010
I'm locking down my laptop. I know I can use a firewall to ensure nothing gets through that I didn't catch, and I certainly plan on using one, but in the meantime, I want to know what exactly is running on my system.
nmap localhost returns:
Code:
james@james-linux:~$ nmap localhost
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.
Interesting ports on localhost (127.0.0.1):
Not shown: 994 closed ports
PORT STATE SERVICE
25/tcp open smtp
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds
However, I know that localhost goes back to the loopback interface, 127.0.0.1. So, to see what was really open, I ran nmap 192.168.0.108, which is my laptop's IP at the moment.
Code:
james@james-linux:~$ nmap 192.168.0.108
Starting Nmap 5.00 ( http://nmap.org ) at 2010-07-26 23:33 CDT
Interesting ports on 192.168.0.108:
Not shown: 996 closed ports
PORT STATE SERVICE
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2049/tcp open nfs
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Now if I understand correctly, I can attribute 139 and 445 to my Samba share. That I'm okay with. What I don't know is 111 and 2049. Does anyone know what these ports are, what's running on them, and how I could turn them off, supposing that they are a security risk?
View 9 Replies
View Related
Mar 18, 2011
I'm getting heat from the head networking office that ports 21, 110, and 143 are open. I can telnet to those ports from a remote machine (not localhost) and get a prompt. There does not seem to be anything listening on those ports according to netstat. I've tried using iptables to discard all traffic to a from those ports but I can still telnet to them. This is a lucid desktop machine.
View 4 Replies
View Related
Mar 30, 2011
We do NOT support samba on our Unbuntu servers but still zillions of windows machines are constantly trying to connect on the SMB ports. I've added a rule that drops access to destination ports 137-138 and that seems to work. But it creates many many log entries documenting that the packet has been dropped. I've been researching and cannot come up with a way to suppress logging for these drops.
View 4 Replies
View Related
Jun 30, 2010
I enabled ufw yesterday, and am finding log entries like:
Jun 30 13:07:51 xxxx kernel: [15702368.296557] [UFW BLOCK] IN=eth1 OUT= MAC=00:22:19:5e:8f:23:00:0c:db:fc:8b:00:08:00 SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=55 ID=47632 PROTO=TCP SPT=58875 DPT=80 WINDOW=65535 RES=0x00 ACK FIN URGP=0
What is puzzling is I did the command: ufw allow 80.
View 5 Replies
View Related
Mar 26, 2010
At the moment we have one SSH server with the private key being on a usb flash drive, and the public key being on the server in authorized_keys2. Now that three more servers are coming online, should we generate new keys, so we have muliple private and public keys (one pair for each server), or use the same two keys to access all the servers
View 5 Replies
View Related
Mar 31, 2010
I am using Nautilus to connect to an external server. Currently, I use password authentication, and all works fine. I just type sftp://SERVER and the connection is established after providing the login credentials. However, I changed the server to only accept Public Key Authentication and disabled password authentication, and as a consequence I could not login using Nautilus anymore. Is there some way to make this work?
View 9 Replies
View Related
Aug 26, 2010
I have a problem with my ubuntu account. I am running 4 virtual machines, based on jeos-8.04 and I am using a public key authentication to login to my account (via ssh). This is not the problem, I have the key and the passphrase. But when I am logged in, I can't sudo, because I forgot the password for the accout.
View 6 Replies
View Related
Nov 4, 2010
I'd like to know if this is common security flaw or normal to open up FTP to the public which is of course protected with password for 3rd party access to maintain our public facing / production website ?
If yes, what sort of FTP application to install in Ubuntu ?
View 1 Replies
View Related
Jan 13, 2011
Our local community wants to provide broadband access for people who don't own a computer. I have been given the task of setting this up and I am going to use Ubuntu. Internet access will be via a usb dongle to a T-Mobile 3.5g network. Initially we are intending to limit access to just Internet browsing. Most users will probably be older people, rather than teenage hackers. configuring/securing a default Ubuntu install for this sort of use.
View 3 Replies
View Related
Dec 8, 2009
have tried to close ports 443,80,22 & 23 without success.Does anybody have any idea how to do this. I close them in a terminal and their still opened. I closed them in services and their still open what am I not doing right?
View 14 Replies
View Related
Apr 10, 2010
I installed Ubuntu 9.10 recently. I heard that there will be no open ports in the system unless I specifically open one. How do I scan to find a open port in my system.
View 9 Replies
View Related
Jul 6, 2010
when i enable my ufw it completely shuts me out and closed my internet connection. i installed firewall configuraiton interface and through it defined rules to accept incoming internet connections on port 80, i can see the rules are there but when i enable my firewall it just shuts me out completely again.
when i do(with my firewall enabled):
Code:
$ sudo ufw status
it gives me:
Quote:
Status: active
[Code].....
I also messed around with fwbuilder and iptables but since then deleted fwbuilder(besides i just compiled firewall policy and never actually installed it because of errors while trying to install it. Iptables I cleared with:
Code:
$ sudo iptables -F
View 9 Replies
View Related
