Networking :: Firestarter Is Blocking So Many Connection Attempts\ Analyse?

Mar 2, 2010

Since yesterday Firestarter has been prompting me that it is blocking external connection attempts as shown in the picture below:I'm not even going to bother covering the IP addresses because I personally don't see why I should care but as you can see, there has been loads of them attempting to connect to ports 3674 - 3675. I ran nmap 127.0.0.1 and it came back as 631 being the only one open. So then I thought maybe lsof -i would mention much more but all it shown was:

@boris:~$ cat meh
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
cupsd 1644 root 5u IPv6 14329 0t0 TCP localhost:ipp (LISTEN)

[code]...

View 1 Replies


ADVERTISEMENT

Ubuntu Security :: Firestarter Keeps Blocking Ip's?

Mar 8, 2011

im having a bit of a problem with Firestarter, i have Transmission opened and i am downloading a movie but when i check Firestarter i see hundreds and hundreds of Ip's that are blocked, and like 10ip's every second that get blocked.

[Code].....

View 2 Replies View Related

Ubuntu :: Automatic IP Blocking After 3 Failed Attempts?

Oct 9, 2010

I am looking for a way to automatically block an ip address and add it to /etc/hosts.deny when they have 3 consecutive password failures or try connecting to a name that doesn't exist more than like twice to help limit the brute force attacks I am experiencing.Is there an easy way to do this already implemented in Ubuntu?

View 7 Replies View Related

Ubuntu :: Firestarter Firewall Is Blocking Mozilla

Oct 6, 2010

I updated my system with system updates and when i restarted.I couldn't access the internet from my desktop. i got on laptop internet worked just fine..i disabled firestarter and mozilla connected to the internet just fine. I turned firestarter on. and i couldn't reach anything.. What do I have to do to get firestarter to allow me to connect to the internet via firefox

View 3 Replies View Related

Ubuntu Networking :: UFW Failing To Log All Connection Attempts?

Feb 17, 2011

I am trying to write a little port knocking daemon that needs to see every failed connection attempt on every port on the system. The primary way to do this (as the Wikipedia page points out) is to monitor the firewall log file. I am using UFW and reading its output in /var/log/kern.log. Typically, when UFW blocks something, it prints a little line like this:

Quote:
Feb 17 10:42:42 serin kernel: [323588.279588] [UFW BLOCK INPUT]: IN=eth0 OUT= MAC=00:0b:e6:00:85:96:00:09:5b:9f:41:a4:08:00 SRC=192.168.0.4 DST=192.168.0.8 LEN=60 TOS=0x00 PREC=0x20 TTL=49 ID=46945 PROTO=TCP SPT=56849 DPT=1723 WINDOW=5840 RES=0x00 SYN URGP=0

But it seems that whenever UFW experiences a significant "load" (my client sends eight packets over the span of about 25 seconds, not too significant if you ask me), it just kind of "gives up" after 10 or so attempts. Log messages stop appearing in kern.log. I know the packets are coming; wireshark confirms this.

It seems to me that a buffer of some sort is filling up, because if I give the system a breather and try sending my sequence again in, say, three minutes, it prints log messages for 10-12 straight attempts before giving up again. I've tried sending packets at longer intervals and reading from other logs like /var/log/messages, but none of this has helped. Does anyone have any idea why UFW would fail to log all blocked connection attempts?

View 1 Replies View Related

Networking :: Firestarter Firewall And Connection Sharing?

Jul 22, 2010

I am trying to set up a computer to act as a firewall/gateway on my network, and am using the Firestarter program to do this. Everything appears to be set up correctly, and I followed the instructions on their website completely, and I get an error message when I try to start the firewall. It says that eth0 (my internal NIC) isn't ready, and to make sure it's active.

View 3 Replies View Related

Ubuntu Networking :: Internet Connection Sharing Via Firestarter?

Feb 5, 2010

At my home I am using firestarter to connect my XBOX 360 to the internet and it works perfectly, never crashes etc and I get a moderate NAT which I've never experienced any problems in having.

I have my devices set up like this

eth0 - ifconfig eth0 192.168.2.1 netmask 255.255.255.0 broadcast 192.168.2.255
XBOX - 192.168.2.10 netmask 255.255.255.0 broadcast 192.168.255 gateway 192.168.2.1

This configuration works perfectly on my router at my house which has the IP of 192.168.0.1

However at my friends house he has a router with the IP adress of 192.168.2.10 or 192.168.2.7*, I don't remember exactly but I'll find out tonight. I have tried changing my IP settings on my xbox and eth0 to no avail. I noticed instantly that the XBOX IP is the same as my friends router. what the new settings would be, or simply changing the router's IP.

However there is also an issue with the DNS servers. I can't find them anywhere on the router or on the router box itself. I heard that I could point it towards my default gateway however.

View 2 Replies View Related

Ubuntu Networking :: Router Blocking The Internet Connection?

Jun 17, 2010

I bought a wired broadband dsl router to provide another layer of security for my computer running ubuntu. I just plugged it in without installing any software etc. It blocks the internet connection.

View 3 Replies View Related

Debian :: Log And Drop Outgoing Connection Attempts

Sep 11, 2015

I would like to log and drop outgoing connection attempts, but the log is not showing the destination IPs.I have the following Iptable rules for my browser:

Code: Select alliptables -N LOGGING
iptables -A OUTPUT -j LOGGING
iptables -A LOGGING -j LOG --log-prefix "browser connections: " --log-level 6
iptables -A LOGGING -j DROP

Only after removing the DROP line it works.

View 14 Replies View Related

Red Hat / Fedora :: Logging Connection Attempts With Iptables

Mar 8, 2010

I'm having a lot of problems getting NIS set up with our firewall. I've looked online and no one seems to have any answers. When the firewall is off, NIS works. When it's on, it doesn't.I would like to know which ports NIS needs by logging connection attempts on the server, since I would swear the right ports seem open already. Right now I'm using this to generate the log entries:

iptables -I INPUT -m state --state NEW -j LOG --log-prefix "New Connection: "
iptables -I OUTPUT -m state --state NEW -j LOG --log-prefix "New Connection: "

However, I think it must only work for successful connections, because I'm not seeing any new entries when I try running the NIS client on another machine (ypbind).

View 5 Replies View Related

Ubuntu Security :: Firestarter Prevents Internet Connection?

Jan 1, 2011

I am running ubuntu 10.10. I recently enabled the firewall and installed Firestarter to configure it. Bad decision apparently. I can't connect to the internet using Firefox unless I first stop the firewall using Firestarter. After I do that, Firefox connects to the internet just fine.

If I uninstall Firestarter, will the ubuntu firewall function as it did originally, before I configured it? Or will it continue to function the way it does right now, which doesn't allow me to connect to the internet?

View 9 Replies View Related

Ubuntu Servers :: Firestarter Doesn't Allow Anyway To Block Incoming Connection By IP

Sep 19, 2010

What is the absolute quickest or easiest way to block an incoming connection by their IP address? I'm running an apache2 LAMP server on Ubuntu 8.10. For example, let's say I'm watching my server error logs and I see someone using a script to check for phpmyadmin and other such folders. Right away I know this is a hack attempt. Firestarter does not allow ANY way to block an incoming connection by IP (to my disappointment) and adding the IP to an apache configuration file requires an apache restart (way too much trouble and time).

View 5 Replies View Related

Ubuntu Security :: Unwanted Open Ports - Firestarter Does Not Show Any Active Connection

Sep 11, 2010

A portscan reveals that port 39878 is 'open', service: 'unknown. I deny service for this port in Firestarter FW 'policy' Firestarter does not show any active connection. I am not running any apps, so how can I close this port?

View 9 Replies View Related

Fedora Security :: SElinux Is Blocking My Internet Connection

Mar 15, 2009

SElinux is blocking my internet connection and every time when I connect t the internet (pppoe connection) I ge message.

View 2 Replies View Related

Security :: IPtables Port 25 Connection Limit Without Blocking Barracudas

Jan 11, 2011

I am at a loss how to prevent Denial of Service attacks to port 25 and not block legitimate connections from 2 Barracuda 800(s) and block smart phones such as iPhones/Blackberrys/iPhones that use the server smtp.server.com for email.
Presently for port 25
RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 25 -j ACCEPT

The 2 Barracuda 800(s) make port 25 connections all the time, plus users with smart_phones have the incoming server type:
IMAP
pop.server.com
smtp.server.com

Is there a way to keep Denial of Service attacks from happening with iptables rules without causing blocking to the Barracuda(s) that make constant port 25 connections & smart phones that poll? I was thinking if I allowed the Barracuda(s) in these lines
-s (barracuda)24.xx.xx.xx -d (emailserver)24.00.xx.xx -p tcp -m tcp --dport 25 -m state --state NEW -j ACCEPT

Where the source would be the Barracuda going to the email server. It would be allowed, then I am left with how to allow other connections like Smart_Phones that connect via Port 25. I am thinking if I put rules in place doing connection counts in a minute it would result in errors connecting to the server and people would start complaining. Plus any limiting may result in blocking real traffic. Then would I need to allow the ISP range in the above example to accept port 25, I am still left with how to drop a flood/denial of service attack.

View 4 Replies View Related

Ubuntu :: Firestarter Removal - Error "zooming Up The Screen Containing Firestarter In It"

Feb 5, 2010

I installed firestarter and then at a later date uninstalled/purged it, both actions via synaptic. I have a very verbose boot, I like to see what's going on, and noticed after the uninstall/purge that I was getting an error zooming up the screen containing firestarter in it. After many restarts I found that a file was left in /etc/network/if-up.d/50firestarter and this file was simply a script trying to restart firestarter. At this point I've commented out the calling line and followed the commented line with exit 0. This removes the error but there's still a link calling the file so, is this a bug or am I missing something? It appears the uninstall/purge wasn't entirely complete.

View 1 Replies View Related

Programming :: C - For System Calls, Is Blocking Or Non-blocking Default?

Mar 23, 2010

For system calls, is blocking or non-blocking default in C? Simple question, just am not seeing the answer super quickly.

View 4 Replies View Related

General :: Analyse The Output Of Tcpdump ?

Jul 14, 2010

I am trying to analyze the output of tcpdump, but I am unable to figure out what the output is. as I think that the security my computer would be compromised by this output.

View 2 Replies View Related

Programming :: Get Webalizer To Analyse Some Log Files?

Aug 2, 2010

I'm trying to get webalizer to analyse some log files. The server uses virtual hosts and has log rotations on and also uses turbopanel (now known as simple control panel). Because of this, the documentation is limited and webalizer works in a weird way. I found this perl script under turbopanel called webalizerrun.pl the code is as follows:

Code:
#!/usr/bin/perl
$WEBALIZER = "/usr/bin/webalizer";
chomp($var = shift);
$wdir = "$var/conf/webalizer";
opendir(DIR, $wdir) or die "Unable to read $wdir: $!";

[Code]...

Here's what I want to do, and I believe I can do this using this code with slight modifications. As of now, the log files for each site is in the folder specified above with the file named as "domain-name_access_log" and then the log rotation just adds a number to the end of that. I want use this perl script to run webalizer for a particular site and have its output be placed in directory.

1.) Line 4: chomp($var = shift): I know chomp is used to remove trailing characters, but what character in this case? How may I find that out? Also what does $var = shift do inside chomp?

2.) Line 8: What exactly does the readdir function do? What does it return to $domain?

The rest seems similar to csh, checks if it's dir or file and then changes to the directory and runs webalizer on that directory.

View 14 Replies View Related

Ubuntu Networking :: Firestarter Blocks 192.168.1.1 And 100?

Jul 23, 2010

I have wireless connection between my router and PC. It is the only computer connected. Sometimes Firestarter blocks ports 1900 and 6771 from 192.168.1.100 IP address and sometimes port 68 from 192.168.1.1 IP. I'm a bit confused because 192.168.1.100 is the IP addres i use to open ports in router and 192.168.1.1 is used to access the router settings..

View 7 Replies View Related

Ubuntu Networking :: Use The Firestarter Firewall?

Sep 26, 2010

i connect to internet with the connection (with Name: DSL Connection 1) that made by myself. now i wanna use the firestarter but i have a problem.

View 5 Replies View Related

Ubuntu Networking :: How To Allow DAAP In Firestarter?

Oct 22, 2010

I allowed ports 3689 and 5353 for incoming and outgoing traffic in firestarter but my other machines wont detect a DAAP share. They do see them when I turn off firestarter. I'm even more confused when I see that I have a local connection using port 56690 when I turn off firestarter and monitor the log. It seems that DAAP is using 56690 but when I allow it for incoming/outgoing it still doesnt pick up my DAAP shares.

Is there a way I could fix this? I mean, I could run without a firewall but...idk if thats such a good idea :/

View 1 Replies View Related

Ubuntu Networking :: 9.04 Printer Has Too Many Failed Attempts?

Mar 27, 2010

Why is it that the darn printer keeps breaking on this thing (Ubuntu) ??? It's either every damn update that keeps messing this up. One computer is bad enough, I can't imagine having to take care of even five with this thing always screwing something up. What the hell is going on??? Yeah I'm tired of this thing always messing up the printer. Please fix this thing, separate the browsers if you have to, do whatever it takes, but please STOP messing up the printers...and I don't even print that often.Oh yeah, when you first start the OS up, the drive seems to go on for a while longer now. I only put the regular updates and don't tweak anything.

View 9 Replies View Related

Ubuntu Networking :: Wlan Not Ready With Firestarter

Nov 8, 2010

All I want to do is share my internet connection that comes through the eth0 cable to my wlan0 wiki card. Firestarter seems the convenient tool for doing this. BUT it keeps telling me wlan0 not ready. The card is connected correctly and network-manager does see incoming signals.

View 1 Replies View Related

Ubuntu Networking :: XRDP Being Blocked By Firestarter?

Dec 8, 2010

I recently installed the XRDP server on my desktop edition of Ubuntu v10.04 following the simple instructions available here. I did this on two computers. One computer has Firestarter installed while the other does not.

When I use Windows to connect to the Ubuntu box without Firestarter, everything works just fine. However, when I try to connect to the one running Firestarter, I get a pop up showing an error message (see the attached file).

I checked the incoming rules in Firestarter and I don't see a way to add RDP sessions to the list of exceptions. I also tried adding my IP address in the host section but this too didn't help the situation.

View 1 Replies View Related

Programming :: Blocking And Non Blocking TCP Send/recv?

Dec 25, 2010

I have a device that is working on modbus protocol andI have written a small program(with block TCP read method ) to read its registers via modbus protocol.my program is working very well but except those times that I unplug the Ethernet cable or turning off the modbus gateway during programs work.at this time my program stops on recv system call (if it reach this system call exacly when I unplug Ethernet cable or turning off the modbus gateway during programs work).I changed my source to work in nonblock TCP method, at this time with the same situation my program does not stop/block on recv system call but after pluging back the Ethernet cable or resuming the connectivity situation back it reads data incorrectly .this is my code:Quote:

#define DEBUG
#include <fcntl.h>
#include <string.h>

[code]...

View 5 Replies View Related

Ubuntu Networking :: Multiple Port Forwarding Firestarter?

Apr 21, 2010

I have a system running 9.10 configured with Firestarter acting as a router. We have multiple Xbox 360's on the network. Unless some ports are forwarded, the Xbox has a NAT type of "Moderate". I have been able to set an Xbox with a Static IP and forward the necessary ports for that IP, which allows the Xbox's NAT to become "Open." My question is, how do I do this for multiple Xboxs? If the follow the same procedure for additional Xboxes, only one Xbox at a time can have an "Open" NAT type, and the rest would be "Moderate". The ports the Xbox uses cannot be changed via the Xbox.

View 3 Replies View Related

Ubuntu Networking :: Networkmanager - Set The Number Of Attempts At Connecting To A Network

May 6, 2010

set the number of retries networkmanager attempts to connect to a network to infinity?

I live in an area of Australia were wired internet dare not tread (or so say the ISPs). My only real choice is 3G wireless broadband, and even that is iffy at times. Often late at night the network towers do "something" (reset, maintenance, etc. - no idea) and the internet drops out, networkmanager tries to reconnect, fails, tries again, (etc. etc.) until it ultimately gives up, requiring human intervention when the towers are done with whatever it is they are doing. This happens frequently, and I'd like to have networkmanager keep trying "forever" until it connects so I don't have to restart the connection each morning.

Where would such a thing be set? How does networkmanager know when to give up?

View 5 Replies View Related

Fedora Networking :: Firestarter Blocks Adhoc Wireless Printer

Aug 20, 2009

I have the following machine :
laptop : Dell Inspiron E1505
Wireless : Intel Pro Wireless 3945 (ipw3945-1.2.2 + ipw3945d-1.7.22 + ipw3945-ucode-1.14.2 / eth1)
Printer : HP C4580 Photosmart wireless (hplip-3.9.8)
Ethernet : Broadcom Corporation BCM4401-B0100Base-TX (b44.ko / eth0)
External Modem : Siemens CL-110 ADSL
OS : Fedora 6+11 (currently on fc6)

The external modem is connected via the laptop ethernet and provides the internet connection.
The printer is connected via wireless adhoc to the laptop's IPW3945 wireless card. I use firestarter as firewall. When firestarter is disabled everything works fine. If enabled it blocks my printer. I have tried to open every possible port via firestarter (according to several other threads) with no luck. My printer is set (under system-config-printer) as :

Code:
hp:/net/Photosmart_C4500_series?ip=192.168.2.5
$ netstat -rn .....

View 2 Replies View Related

Fedora Networking :: Send Data/ping Pc4 From Pc1 Via Pc2 And Pc3 Using Firewall Firestarter?

Aug 23, 2010

I am a bit new to fedora I have the following scenario in testbed of mobile ad hoc network

pc1 pc2 pc3 pc4
192.168.1.1 192.168.1.2 192.168.1.3 192.168.1.4

Now I have the source as pc1 and pc4 is destination and I want to send data/ping pc4 from pc1 via pc2 and pc3 using firewall firestarter,

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved