I'm running 10.04 LTS Desktop and I'm wondering if there any default packages that are automatically scanning for hosts? I'm on a university network and they're really touchy about any computers scanning ports/hosts and they keep disabling my computer. I'm just wondering if there's anything like that installed by default - maybe some of the zeroconf stuff?
View 2 RepliesIs possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new
I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all). I was reading aboud SNORT HIDS, NIDS... AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
I run SSH on a publicly open server and see following attempts in /var/log/auth.log which I was told by some one could be port scanning attempts.(Not sure though)
Code:
Nov 18 23:50:19 server sshd[21716]: Did not receive identification string from 186.0.80.197
Nov 19 00:05:57 server sshd[24056]: Did not receive identification string from 85.108.110.66
How can I block above such attempts?
I was testing the security of my Ubuntu 10.04 64bit install by running a port scan from [URL] and I came upon some odd results. It appears that basically all my ports are closed, but only Port 646 is dropping packets silently. Furthermore, Port 80 is open.
View 5 Replies View RelatedIs possible to detect port scanning just by using utilities included in linux (netstat, iptables...), Yes there is utility called psad but I would write some scripts for my own and learn something new
writing own Intrusion Detection System? I am not a C++ geeg, so first thing that comes to my mind is that i will use simple BASH SCRIPT that will interact with iptables and monitor user activity, network activity etc. (but I thing that would not be good solution due to performance and capabilities, and also I am not familliar with memory in linux at all). I was reading aboud SNORT HIDS, NIDS... AFAIK some information can be obtainet from /proc but I have no idea which values should be monitored.
Got 3 computers connected by ethernet to a router modem. At this router modem only port 80 is forwarded to a web server (one of the 3 computers). Now I realized several times a port scanning attack displayed at interactive firewall of Webserver ( Apache at Mandriva LINUX ). Actually the message is port scanning attempt of heanet (actually this names are different mostly). I wonder how to figure out is this portscanning attack possible through port 80 or is the modemrouter (Draytek VIGOR) misconfigured, compromised or one of the other 2 machines (Windows) are compromised and attacking the server inside intranet?
View 2 Replies View RelatedI want to do a simple port redirect, i.e. whatever comes trough whatever interface on port AAAA will get redirected to port BBBBI thought that iptables -t nat -I PREROUTING --source 0/0 --destination 0/0 -p tcp --dport AAAA -j REDIRECT --to-ports BBBBhowever it doesn't work, e.g. nc -v -w2 -z localhost AAAA gives:
nc: connect to localhost port AAAA (tcp) failed: Connection refused
while
nc -v -w2 -z localhost BBBB
[code]....
I've just bought a GEETEK Hercules USB Wlan adapter, which has the Ralink rt3072 chipset. The Connection manager can find wireless APs, but it won't connect to any of those. Also, aircrack-ng does not find any APs while scanning.After some tinkering and a lot of restarting, I can now connect t wireless networks, although slowly. However, I still can't use it with aircrack-ng.
View 6 Replies View RelatedAs a frequent traveler, I spend most of my time in Hotel these months.My laptop is Ubuntu Maverick.Is there any UI tools for wifi scanning and auto-connection in Ubuntu?I have tried wifiradar. Although it could scan out the wifi SSID, while, the wifiradar could not connect to the WIFI.
View 4 Replies View RelatedI have an hp compaq 6720s laptop dualboot vista/ubuntu lucyd.My wireless card is Intel Corporation PRO/Wireless 3945ABG [Golan] Network Connection (rev 02), controlled by wicd 1.7.0 (gnome network manager connects/disconects the net continuously).The problem is, any time I do a scanning with wicd or from command line to see the wifi nets around,my wireless is disconnected, then it connects again because is set to automatic reconnection
View 2 Replies View RelatedI have made an EPSON RX500 multifunction device (printer/scanner) available over my router with the lpd protocol. Both PCs (ubuntu 10.04 laptop wireless, 8.10 desktop wired) connected to it can print, but not scan, since XSANE does not recognize the scanner over the network. It does hoverer both, scanning and printing, if connected with an USB cable. How can i configure xsane to recognize my RX500 over the network?
View 1 Replies View RelatedI actually have two problems: I couldn't get DUN to work with Ubuntu for a while and then one day it just magically worked and would let me find the device and connect to it. And then it broke again. So in my effort to fix the problem it looks like Bluetooth went completely off the rails. When I try to add a Bluetooth device through the manager it just keeps spinning with "Searching for Devices" but the spinning finds nothing (it would run for an eternity if I let it, it seems). hcitool scan reports "Scanning ..." and then drops back to command prompt. hciconfig notes the device is up. The device has no soft/hard locks on it. If anyone has a CLUE about what it could be.
Obvious note: My phone is in bluetooth mode and discoverable so that isn't the problem.
If I make the computer visible, my phone DOES NOT pick up it's there. Also, bluetooth works fine on the Fedora USB stick.
c source code for scanning a shared directory of a host ?
View 3 Replies View RelatedWhen I use the following command:
ssh user@ssh_server -L 5500:localhost:5500 -p 22
everything works fine. I can log in, and local port forwarding is done. Otherwise when I use the command:
ssh user@ssh_server -R 5500:localhost:5500 -p 22
I get an error "remote port forwarding failed for listen port 5500". However when I try remote port forwarding in WinXP by use of putty there is no problem...
The adapter I purchased (Zonet ZEW2508 ) uses the Ralink 2070 chipset - a fact that originally excited me because Ralink seems to be fairly loving to the Linux community. However, despite my best efforts I can't get the thing to work. Initially I tried following directions to set up the driver you can download from the Ralink website. The directions I found were written February first, and Ralink updated the driver February eighth - so as far as I can tell the directions no longer work. After screwing around trying to figure that out for a while I decided to give ndiswrapper a go.
Initially this seemed promising. I just harvested the drivers from the CD and followed one of the many ndiswrapper directions available - most helpful seemed initially to be the Ndiswrapper Troubleshooting Guide found in this forum, however the solutions offered there didn't work either. When I throw an ndiswrapper -l into the terminal it looks promising at first, it tells me the driver is installed and the device is present, but it just doesn't work. When I try iwconfig, or iwlist scan it tells me "no wireless extensions," and "interface doesn't support scanning" respectively. The only devices even listed are lo, eth0, and pan0. There's no wlan0 or anything of the sort.
I want to set my ip as static and port forward it through a specific port can anyone help me with this im using ubuntu 10 with 64 bit OS
View 1 Replies View RelatedI'm trying to use iptables in order to forward all the incoming packets for port 5555 to port 5556 on the same server (192.168.2.101).
I wrote the following commands:
iptables -A PREROUTING -t nat -i any -p tcp --dport 5555 -j DNAT --to 192.168.2.101:5556
iptables -A FORWARD -p tcp -m state --state NEW -d 192.168.2.101 --dport 5556 -j ACCEPT
I'm using a Debian servers, as router/firwall.. I've two ethernet interfaces into the server, one for wan and one for lan. The i use SNAT so my LAN clients can access the internet throgh the debian router. That is working... Now i want to be able to access servers on the LAN site from the WAN site, and i wanna use port address translation (PAT). I have a FTP server running on a lan server, so i'm trying to portward port 21.
iptables -t nat -A PREROUTING -p tcp -i eth1 -d (WANIP) --dport 21 -j DNAT --to 192.168.1.2:21
When people try to access my FTP from the WAN site, they are redirected to the local FTP server, and they are promted for crendentials, but when the credentials are typed, and the local ftp server should answer the wan request, the connections dies.
The wan clients are being promted for credentials, so they are redirected to the local lan server, but after that the connections dies, so i think there is some kind of nat problem, when the local lan server is trying to respond to the wan request..
Here i my iptables script:
#flush table
iptables -F
#input regler
[code]....
I make an application on GNU/Linux which listening on a MULTICAST stream, so I open my unconnected socket, bind it on a MULTICAST address and a port, join the multicast group with the "setsockopt (IP_ADD_MEMBERSHIP)", then I receive datagram on my socket.
Now I've two different instances of the same application that run with their own MULTICAST address and port. And what I found strange is that, after a misconfiguration, I switch the ports, for example:
Emitting on 225.0.0.1/23451 and 225.0.0.2/23452
Receiving on 225.0.0.1/23452 and 225.0.0.2/23451
And my receiving part doesn't care about the MULTICAST address, it looks like the socket is listening on the port number only! I mean that the receiver [225.0.0.1/23452] take its datagrams from emitter [225.0.0.2/23452] and vice-versa!
I'm trying to setup a Centos 5.6 Squid Proxy Server with Content Filtering & Antivirus Scanning Incoming HTTP Traffic from the Internet
I then proceeded to setup an configure the Proxy Server, i was able to test and confirm that Squid and Dansguardian Content Filter is working, however i dont know if Clamav is scanning HTTP traffic before it hits the client/server. Is there a way i can check if the Antivirus scanning is working.. is there some log file or real world test i can i can do to confirm that Clamav is scanning incoming traffic or even blocking potential viruses ??
Anyone who has squid proxy server with Clamav configured and its working can share there settings/setup with me and how they tested it ??
How can i redirect data received on a port to another port located in a different machine? Can i do this using IPTABLES ?
View 4 Replies View RelatedI have a mail server on which I would like to block port 25 on my eth0 for everyone except our external spam filter. the problem is that I want our users to be able to connect via port 10025 which is forwarded to port 25, which then is blocked...
View 2 Replies View RelatedI had to add them to my firewall script when I installed openvpn on my dd-wrt router:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
what should I add/change to set up port forwarding of port 1000 to ip 192.168.1.200. also how to get the answer sent by 192.168.1.200 follow the same route used by the data received through port forwarding.
i have an embbeded hardware that uses bootp for booting from a Network Managemnt Host (NMH)on the same ethernet. The embedded hardware has both kind of ports i.e ethernet as well as E1/T1. I would like ask, what do i require to establish a communication-link between the embedded hardware and the NMH throuh E1/T1 ports of embedded hardware, so as to make it boot through from E1/T1. Further, NMH possesses only ethernet port. Just to refine my questions i'd like to know what additions do i need to do on my NMH , like may be i have to put an E1/T1 port or is it possible that the E1/T1 port can be directly connected to an ethernet port on the other host.
pardon me if i am not making absolute sense here as my knowledge is limited on Layer 1 and layer 2.
how to access networking port and run scripts on that port so as to gain access of remote machine.is that possible through command prompt or through software.
i kno ip address of my frnd who is chattin with me .okay.i want to run an application on his computer .i came to kno tht we can run script o through port
share the implemented "c" program for scanning the available wireless network.
View 2 Replies View RelatedI installed ZTE MF 626 modem in my F10 with kernel 2.6.27.12-170, i run usb_modeswitch and so far things happened normally. Watching through /var/log/messages it says that F10 detects two port device for this modem: ttyUSB1 and ttyUSB2, and in the sequence it disable port ttyUSB1 BUT Network Manager still set this port.I mean, when i connect via wvdial appointing to ttyUSB2 i get connection, but Network Manager fails to do it appointing to ttyUSB1. How to change device port in Network Manager?
View 1 Replies View RelatedI didn't find a solution to making my 3G/GPRS "modem" reconnect automatically when the connection fails, so I made a solution of my own. It's very annoying when you're downloading a file overnight, only to find that the connection has failed 5 min after you went to sleep.Restarting the NetworkManager daemon makes it automatically connect to all configured interfaces, including 3G/GPRS, so I made a simple script to do that.First, we check if the modem is even connected. Replace Huawei with the brand you're using. Any unique word on the line in lsusb will do fine as well. Then we check if the connection is up, and if it is, we simply exit. Otherwise, the NM daemon is restarted, which causes the 3g/gprs to reconnect.
View 2 Replies View RelatedI installed Ubuntu on a machine of our laboratory. Since we are at the university connections may pass through a proxy (whose url we ignore). All things concerning system update are nearly unusable. Several posts say to add in apt strings like $ export http_proxy="http:" $ export ftp_proxy="http:" but I don't know the url proxy at all.Firefox is set to "Direct internet connection" and all work well. In Windows all connection properties were set to "automatic" and updates were ok.Is there a way to have an automatic recognition by apt?
View 4 Replies View RelatedI like the faster boot of 10.04, but how do I get smbd to start automatically on a boot up?
Every thing is fine if I sudo service smbd start but I don't see where I'm supposed to have it run automatically on a reboot.