Ubuntu Security :: Router Logs Show Outgoing Telnet Connection
Apr 22, 2010
I have my router configured so that it drops outgoing telnet connections (and other protocols I don't use). It's a 2wire gateway. 192.168.1.65 is the internal IP of my ubuntu box.I'm trying to figure out what normal network traffic looks like and whether I should be worried by this log entry. At the time this happened I was testing out TOR (just navigating to a few sites (dell, ubuntu forums, etc.) nothing all that interesting.)
In an effort to learn more about firewalls and iptables I have left behind gui set-up tools and have setup a firewall using iptables that logs to its own file. The firewall is as follows:
Code: *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :TCP - [0:0]
I open this thread after an unsuccessful long search over the Web. Essentially what I want is to block the outgoing connection of a program. All I know about this program is its name and so I don't have any information regarding the ports it utilizes or the address it may contact.
I'm trying to get wireless working in F10. Using pci wireless card with Atheros chipset. To be sure, I tested this hardware with a PCLinuxOS Live CD. Connects to AP perfectly.
Hardware drivers seem all OK in F10, and ifconfig shows wlan0 as expected. When I use the Wireless-Assistant 0.5.7 there's no connection.
Actually, the AP logs show numerous connections and disconnections.
Preferring CLI, I'm using a drop-dead simple wpa_supplicant.conf as follows :
Should Ipost some debugging output from wpa_supplicant -Dwext -c/etc/wpa_supplicant/wpa_supplicant.conf -iwlan0 -d
A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
I have a Linux IPTables firewall on Centos 5.3.It has one physical interface to the internet and 2 internal interfaces to a DMZ and TRUSTED zone respectively.There are 10 virtual interfaces linked to the physical public interface.Emails are being sent from my server in the DMZ out to the internet, but it is being shown as coming from the firewall IP address.It must show as coming from one of the virtual interfaces.
It has been found that a certain isp changes my ip if a certain sequence of buttons is clicked upon in the adsl router's web page.Is there any bot smart enough to log into the router, go to the right page, and click upon certain buttons when F9 is pressed?
I just putup the fedora15 on my PC. there are several msg coming up from selinux saying permission denied, though I am not doing any administrative activity. the PC being a workstation for reaserch. how can I know the denial is for an security intrusion attempt. how can I set conditions to see the logs of all security intrusions. how can I set exclusive msg-ing from selinux that the denial is for a security intrusion attempt.
I'm running Ubuntu 8.04.3 server on my XP Pro SP3 machine using VMWare. I'm trying to set up a static IP address but I can no longer ping anything except my router (not even the XP machine it's hosted on). I'm using "bridged" mode in VMware
Here's my /etc/network/interfaces file: Code: auto lo iface lo inet loopback
I have a minecraft server running on a P4 box running Ubuntu server 11.04 64bit. Now would it be secure, if I allowed ufw to allow outgoing? Or would this be a huge flaw someone could exploit?
I would like to log and drop outgoing connection attempts, but the log is not showing the destination IPs.I have the following Iptable rules for my browser:
Code: Select alliptables -N LOGGING iptables -A OUTPUT -j LOGGING iptables -A LOGGING -j LOG --log-prefix "browser connections: " --log-level 6 iptables -A LOGGING -j DROP
Mobloquer starts up at boot and before I've even opened firefox or transmission or anything, mobloquer shows that is has started blocking several outgoing connections as well as ton of incoming connections. I was wondering if the outgoing connections is normal and what's a normal amount of network activity to show up in system monitor when I'm not actively using the internet.
I am using a PC to telnet into a Lucid Lynx Ubuntu system, and trying to record audio via a microphone which is connected to the Ubuntu system, and play it back on the PC. The microphone works when recording and playing directly on the Ubuntu system (so I know it's not hardware), but not when recording over the telnet connection. Playing other audio files does work over the telnet connection (so once again, I know it's not hardware), it's just the recording that doesn't work.
So basically it's just the audio-in over the telnet connection that Ubuntu isn't liking.
I tried removing PulseAudio (as I had a Fedora system that I had to do this with also, and that was the fix for that system), but apparently recording doesn't work at all in Ubuntu without it, as the microphone wouldn't work directly on the system anymore after in removed it. So I reinstalled it, but I am still stuck.
I cannot use any other programs to accomplish this - and I don't think I have to, I believe something is just messed up somewhere that is not allowing my microphone to pick up sound over the telnet connection, but I don't know what it is.
I have it at lot that when a system crashes fatally and restarts (due to a power outage, kernel panic, tripping over a cord or something), there is no mention of it in the log. It just shows that the system was started. Is there a tool that will show this in the log? With a message like "system was not shut down properly or had a fatal crash / kernel panic" when restarting? It is pretty easy to do, just have a lock file somewhere that is removed when the system shuts down gracefully and that is left when it is not. And mechanism that checks this when starting up. It would also be possible to tell when the crash occured, as you can update the lock file from time to time and when the systems dies, it cannot anymore.
I have an application that uses a telnet console, and I have an autostart script to start it (and check that it is running).The problem is that if the program is not startet by root, or by using sudo, I cant get access to the telnet console, it just says "connection refused".The application works fine, but I cant acces its console, so I have to shut it down, and then restart it with sudo to be able to log in to it.Anyone know how to make the script start the application with enough rights?
Wrong prefix, its Ubuntu not Lubuntu. Three devices:
Laptop 1: ---Can ssh to any device. ---Accepts any internal ssh.
Desktop 1: ---Can ssh to any device. ---Accepts any internal ssh.
Desktop 2: ---Can ssh to any device. ---Can ssh to itself through localhost or 192.168.1.130. ---Any ssh(and telnet) aimed at this device times out.
All three devices recently had openssh-server installed yet only one seems deviant. I've been trying to ssh into desktop 2 to no avail, yes the machine is reachable, yes sshd is running, yes ufw is disabled, and no there is no external firewall that I know of. Anything else I can try? The router for the LAN being dd-wrt.
I'm trying to do a SSH connection between my home and work PC both machines are running ubuntu 10.04. I have read all the comunity documentation at [URL] from Work PC. I went on to the web site what is my ip address and noted down the number, From Home i opened a terminal and typed: pnig (ip address). to which their was no reply, now i'm assuming i need to configure the works router to except connection requests, is this Correct?
Also what information do i need from my works network and how do i get it? I understand that I need the routers expernal ip address, but how do i referiance a specified computer after that address? What program do i use in ubunu and how is that information applied to it?
I have CENTOS 5.4 Installed in one machine and i used Real IP provided by our ISP.My requirements for Mailserver are:
Dovecot Postfix
everythings done but when i tried to telnet my External IP it giving me an error of telnet connection refused but i can able to ssh to my external IP and also i disabled the firewall but still no luck.
I want to log the user name and password passed through the default telnet client on Fedora (7 to 11) system.I have thought of something like this:(Download Telent client src)->(modify src)->(compile and install)but i am not sure...
Trying 192.168.100.9... telnet: Unable to connect to remote host: Connection refused
[Code].....
This last one is strange as I the IP looks odd.
What I am doing wrong, and how do I fix it. After much surfing many mosts say that telnet is not used anymore but I want to use it to test my smtp server.
when i try a telnet to a host like that: telnet 10.10.10.10 1234 i got this: telnet: Unable to connect to remote host: Connection refused.
1/ does this mean that the problem is not due to a firewall, but that the host 10.10.10.10 doesn't listen on the port 1234? other way does this mean that my firewall is authorizing traffic on the port 1234?
and when i try a telnet on another port like that: telnet 10.10.10.10 1235 i get: Trying 10.10.10.10 ...
in this case this
2/ does this mean that the firewall is blocking the traffic between my host and the 10.10.10.10 on the port 1235?
Machine A is located behind client firewall. The machine runs telnetd. This is Linux machine with Python 2.5.4 installed. I do not know the IP addy of the router and firewall is not open incoming. outgoing firewall is open.
Machine B (Windows machine) is a server with well known IP address. I can install any programs I want on either machine.
The idea is that I want Machine A to open a socket to machine B. Then I want to hold that socket and use to run a telnet session from Machine B to Machine A telnetd server.
I want to create script wherein it will check the application if its running. The command that I'll be using to check the application is telnet (if you can recommend others, that's ok). I've an application and it is listening to port 1808. If I do telnet localhost 1808, the response is :
What I want to happen is if the response is like to code above, it will execute a commands. Obviously, above code knows that the application is not working so I need to execute a commands. I created a script before using expect but I don't think it will work because I haven't establish a shell yet unlike successful telnet I could spawn expect.
