I have an Asus 900 laptop that I put Ubuntu 9.10 on.I know it was made by the Chinese, but why are they trying to hack my pc?I currently put FIRESTARTER a linux firewall on board you can go here to get itNow I can see everyone's IP address and find out where they are and who they are!!
View 9 RepliesI was wondering if firestarter (software firewall) works out of the box or does it need some kind of configuration in order for it to provide protection? Is firestarter even needed with ubuntu?
View 6 Replies View Relatedim having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.
[Code].....
I am new to Ubuntu and till now I have chosen it to be my favorite distro. I use my laptop in various networks, home, work, school. When I run firestarter the wizard does not give me the option for wireless INTERNET, only ethernet.
View 2 Replies View RelatedI've been using Firestarter for a while and have used it to set-up inbound and outbound policies (which are probably way too restricitve) but since turning on boot logging the other day I have noted that the boot log contains the message:
Code:
* Starting the Firestarter firewall [fail] I find this somewhat alarming. I have seen post[URL].ht= firestarter (although have not added it the auto startup list and do not wish to have it start without the root password). What I would like to know is as the computer boots up does it set the iptables to their last setting irrespective of whether firestarter starts or does firestarter need to start to set the iptables and therefore my policies?
what files does firestarter change? I would like to know so I can look at the files so I can learn to do the same thing without firestarter.
View 3 Replies View RelatedI am running Ubuntu 10.10 I have an question about the firewall Firestarter, when checking the firewall it told me there are 9 serious incoming connections what must I do with this info. Inbound is normally blocked as standard i have also see that someone with port 1234 and 12345 have trying to attempt mine system but failed all trojan ports are fully blocked.
View 2 Replies View Relatedi just installed Firestarter firewall and it is showing me 12 serious inbounds after an hour.Is it a serious matter ? What should i do ?
View 3 Replies View RelatedRunning Fedora 10 and 11. Using Firestarter firewall.Does anyone know where Firestarter gets the Events which it displays?I do not find anything in /etc/firestarter/.I suspect Firestarter looks in a log file which Fedora keeps somewhere.
View 2 Replies View RelatedI am running ubuntu 10.10. I recently enabled the firewall and installed Firestarter to configure it. Bad decision apparently. I can't connect to the internet using Firefox unless I first stop the firewall using Firestarter. After I do that, Firefox connects to the internet just fine.
If I uninstall Firestarter, will the ubuntu firewall function as it did originally, before I configured it? Or will it continue to function the way it does right now, which doesn't allow me to connect to the internet?
Just want to stealth ports on my laptop. Had problems with firestarter when I installed in on 10.10. Set Firestater back to defaults and then dumped it with:
Code:
sudo apt-get purge firestarter
Set up Gufw to defaults and now am not sure what I am seeing with iptables.
iptables -L shows .....
Do these settings look correct for default settings for Gufw? or do I still have some problems with the old firestarter settings not being removed. All I want is all ports stealthed. I know that ping is enabled but I believe that is a default setting in ufw. Could I restore iptables to default with:
Code:
sudo iptables -F
and then enable Gufw and set default?
I am running Firestarter on Ubuntu 9.10 64 bit. I have noticed several times that after closing all web apps (Firefox, Thunderbird) that some entries remain under the heading "Active connections" on the Firestarter "Status" tab. Often these show no source program. Currently I have 2 showing which show Firefox as the source. These persist after Firefox is shut down. I have verified that no Firfox process is running. And both of the IPs point to google.I have Disconnected eht0 and they still show. I have logged out and back in and they still show. I must reboot the machine to make these entries go away. Which makes me think perhaps this is a bug in Firestarter(?) Is there another way I can identify truly active connections?
View 2 Replies View RelatedThere are far too many 'events' in Firestarter's log. I can't find which file contains the log either by searching my file system or the internet.
View 4 Replies View RelatedI gave a presentation on the Firestarter Firewall interface at my local LUG meeting tonight (another member followed with a presentation on iptables).You can download a copy of the handout from this link.
View 3 Replies View RelatedI got alarm on Firestarter showing attack from samba service on port 139 . Is that ok for my host computer ? or a serious attack .
View 9 Replies View RelatedI am trying to configure Bittorando and iptables using Firestarter. I have got it working but am concerned about security holes.
Let me explain.
AIUI, the Bittornado program contacts the "tracker" on various ports which (from the previously blocked connections in Firestarter) ranged from 4664 to 65532. Therefore, currently I have set this range to be open to allow downloads of the torrent.
However, this seems, IMHO, to devalue to point of having a restrictive exit policy for Firestarter since now virtually all ports are open. I can see nothing on the Bittornado client to restrict the outgoing ports although the "listening" (incoming) ports can be restricted.
I would prefer to have my system locked-down so that the minimal number of ports are open to initiate external connections so is there any way to achieve this with Bittornado?
A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?
View 9 Replies View RelatedHave homebrewed machine, was running Fedora 8. Installed Fedora 10.Firestarter firewall manager keeps crashing after about 5 minutes. Restarts, runs for a while, then crashes.Thought it might be an IPTABLES turf war with the native Fedora 10 gui firewall manager, so disabled that at System > Admin > Firewall. Also disabled SElinux. Still have problems.Firestarter firewall seems to work OK, just the gui Firestarter monitor/manager.If anyone has ideas as to cause, I'll take a clue.I could use Firestarter to generate the IPTABLES by ..manually editing the /etc/firestarter/inbound|outbound/allow-.. files and then../etc/init.d/firestarter restartBut I find the events log useful to look at. Anyone know where the events log file is kept in the file system?
View 4 Replies View RelatedI installed firestarter and then at a later date uninstalled/purged it, both actions via synaptic. I have a very verbose boot, I like to see what's going on, and noticed after the uninstall/purge that I was getting an error zooming up the screen containing firestarter in it. After many restarts I found that a file was left in /etc/network/if-up.d/50firestarter and this file was simply a script trying to restart firestarter. At this point I've commented out the calling line and followed the commented line with exit 0. This removes the error but there's still a link calling the file so, is this a bug or am I missing something? It appears the uninstall/purge wasn't entirely complete.
View 1 Replies View RelatedJust I install the rkhunter tool via apt-get install rkhunter. When I had run the rkhunter check, rkhunter comes with a warning about "GasKit Rootkit", i dont understand what it is
This server is install new last and maby 1 week old, so i don't understand why this happends.
Using slackware 12.2, xfce, Firefox 3.0.16 and for the past few days i have been getting Persistent System Security Window that looks like MS Firewall and you can't click on the X or Cancel because then it activates a so called security analysis with green progress bar. I open a terminal real quick and issue pkill firefox command.I have been trying to get to the basicconfig site to follow tutorial on firefox security update but that window keeps comming back.I emptied out my /tmp files but i am still having same problem and don't know what to do
View 4 Replies View RelatedWhen I scanned my Ubuntu 10.04 with rkhunter a root kit hunter toolkit, it gave following warning:
Is there something that I have to worry about.
Code:
I had a serious breach of the cellular segment of my communications network this week. All I can say is nobody got hurt. The attackers also knew where to find me via email. I'm concerned that perhaps they've penetrated this aspect of my system as well, although they seemed pretty specifically focused on the phone. There have been no changes on anything on my computer, and of course, I went ahead and changed all the passwords. How can I verify or at least look into the possibility of having been hacked as well.
View 8 Replies View RelatedI've scanned my computer (I'm using Ubuntu 8.04 Hardy Heron) and ClamAV has issued it has found a virus called Exploit.PDF-9669. What seems strange to me is that such a warning always happens (or, at least, in the most cases) in the same folder tree "sys" and ClamAV issues the very same virus/malware warning (Exploit.PDF-9669).
An example:
sys/devices/virtual/vtconsole/vtcon0/uevent: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/address: Exploit.PDF-9669 FOUND
sys/devices/virtual/net/ppp0/broadcast: Exploit.PDF-9669 FOUND
sys/devices/LNXSYSTM:00/device:00/uevent: Exploit.PDF-9669 FOUND
My ClamAV version is 0.94.2/10275/Fri Jan 8 22:06:46 2010. It has been not updated since I installed Hardy in my computer last year. Is my computer in danger?
I'm relatively new to Ubuntu and these forums. I ran rkhunter, and saw this warning in the check for backdoor ports: [14:45:09] Warning: Network TCP port 32982 is being used by /usr/bin/python2.6. Possible rootkit: Solaris Wanuk Use the 'lsof -i' or 'netstat -an' command to check this. I also saw these warnings toward the bottom:
[Code]....
I was wondering first of all about the first warning, the port. I have a feeling that the second set of warnings are false positives, but I would be open to thoughts on that as well.
i get this warning from selinux :
"SELinux is preventing /bin/mailx from append access on the file /var/lib/rkhunter/rkhcronlog.OmRFCZOynG."
I tried to fix it by "# /sbin/restorecon -v /var/lib/rkhunter/rkhcronlog.OmRFCZOynG" as suggested by SELinux but it comes back with another warning, but with a different /rkhcronlog.xxxxxxxxx...
i think its just a way of rkhunter logging issue -. attached here is the actual error message by selinux.
I am running a fresh installation of RHEL 6 box and it shipped with Openssh 5.3.But, /etc/ssh/moduli file doesn't exist even in this new installation and the SSH log warns as below:PHP Code:WARNING: /etc/ssh/moduli does not exist, using fixed modulusDoes this imply that it is using the same random number for key exchange purpose ? Also, does it impose any security risks
View 2 Replies View RelatedSometimes when I try to open some chat application i get a strange warning message asking for password. The message is that /usr/libexec/mission-control is trying to gain access of the system, please provide the password. On top of the message box it shows "Unlock Keyring".
This very weird, as I am also unable to do a print-screen when this message box is up.
what this message is all about and what does the executable /usr/libexec/mission-control do?
I am using Empathy as my chat application
I had been receiving a rkhunter warning on my Fedora 14 server for quite some time now. Attempts to fix the error via information from Google searches have failed. I decided to have a look at bugzilla and what do you know, a fix. The warning:
Quote:
[03:29:08] Warning: The SSH and rkhunter configuration options should be the same:
Warning: The SSH and rkhunter configuration options should be the same:
The fix, according to https://bugzilla.redhat.com/show_bug.cgi?id=596775 is to change
PHP Code:
ALLOW_SSH_PROT_V1=2
to
PHP Code:
ALLOW_SSH_PROT_V1=0
I made the change and ran rkhunter again. No more error. I know everyone was wondering about this.
I was updating the files I have from packman on my test box and got security warning on mplayer and gixine. I switched mirrors and got the same checksum errors on a totally different mirror except I was not re-offered mplayer once I refused it the first time.
View 9 Replies View Related