Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A few weeks ago I thought one hard drive was on its way toward failing because of rhythmic thumping noises from it. Today I found out what was probably causing the noise: logging of a huge number of dropped packets. A very small sample:
Two questions which despite looking through posts here I can't find the answer to:
(1) Should I be concerned?
(2) Is there a way to disable logging this stuff, since it just interferes with normal operations and is a burden on the hard drive?
I have a regular ADSL setup with dynamic address assignment, and the DNS servers of my ISP are specified at startup. I use iptables with Guarddog as a frontend and the only protocols I permit are HTTP, HTTPS, POP3, POP3S, ping, traceroute, DNS, Real Networks access (for audio/video), and one high-numbered port TCP access that I use for administering webspace that I lease.
These dropped packets seem to occur at any time of day or night unpredictably.
What you have, looks like the normal stuff that uses up bandwidth.
On a 486 firewall unit running Slackware and IP tables, I have quit logging the dropped packets.
In my IPtables script was a line:
iptables -A INPUT -j LOG --log-prefix "INPUT_DROP: "
by placing the # in front of that line, the logging ended.
Thanks for posting that portion of your log. It lets me know that others have the same issue.
I did the same as you, but by using Guarddog to disable logging, since I'm no iptables whiz!
Do you think these probes represent attempted probes by ill-meaning parties, or what?
I know that ISP's will sometimes probe their customers' machines pretty frequently for one reason or another, but I don't know if that applies to DSL users as well as dial-up. Anyway, supposedly nothing gets through my firewall except via the protocols I set up, and GRP's "Shields Up" test always results in a "perfect stealth" rating....
LOL, I am no iptables whiz either, but this forum has provided me with lots of info.
The shields up thing is what I too use, with the same results. Also, my wife is a die hard W2000 person running Norton 2004 Internet Security. We have found that she never gets an alert when she connects to the net through the linux firewall. But when going through her external modem, alerts are very common.
From what I have seen, most of the unrequested packet traffic is from Windows boxes that have been taken over. Many of the people I know running Windows don't understand, or care about security, until their box starts to really slow down, or stop working. At that point they get serious, but only until someone fixes it for them.
My ISP "myvine" indicated to me that infected Windows boxes are a problem, but not one they are willing to deal with. I guess that as long as people make their connection payment, the ISP's are happy.
Thanks for the insight. I get quite a bit of spoofed email, and I imagine some of the same computers that have been hijacked for that purpose are also sending out these pings or whatever they are. My ISP (sbcglobal.net) threatened to suspend the accounts of users who didn't apply firewalls and antivirus to their Windows machines, but I never heard if they actually did or not. Even if they did, there would be plenty of other ISP's putting up with this stuff--and no guarantee that any users would properly protect their machines anyway.
I don't know how you would configure it with guarddog, but you can set up iptables logging like this:
iptables -A kill_bad -p tcp ! --syn -m state --state NEW \
-m limit --limit 3/minute --limit-burst 3 \
-j LOG --log-level info --log-prefix "New not syn:"
and that stuff with 'limit' will make sure you only see a maximum of 3 logs a minute.
and that stuff with 'limit' will make sure you only see a maximum of 3 logs a minute.
Thanks! I'll copy that for future reference. For now, I just have all logging turned off; it seems to me I don't need it, for it's an established fact that those probes, or whatever they are, are arriving and being rebuffed; there's nothing I can do about them (though I devoutly wish there were, and that it involved, if feasible, putting their ultimate originators in jail), and so I just turned off all logging using Guarddog, which allows, as I recall, a couple of levels of logging.
Interesting to see this fine-tuning method. Thanks again.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.