Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
A few weeks ago I thought one hard drive was on its way toward failing because of rhythmic thumping noises from it. Today I found out what was probably causing the noise: logging of a huge number of dropped packets. A very small sample:
Two questions which despite looking through posts here I can't find the answer to:
(1) Should I be concerned?
(2) Is there a way to disable logging this stuff, since it just interferes with normal operations and is a burden on the hard drive?
I have a regular ADSL setup with dynamic address assignment, and the DNS servers of my ISP are specified at startup. I use iptables with Guarddog as a frontend and the only protocols I permit are HTTP, HTTPS, POP3, POP3S, ping, traceroute, DNS, Real Networks access (for audio/video), and one high-numbered port TCP access that I use for administering webspace that I lease.
These dropped packets seem to occur at any time of day or night unpredictably.
I did the same as you, but by using Guarddog to disable logging, since I'm no iptables whiz!
Do you think these probes represent attempted probes by ill-meaning parties, or what?
I know that ISP's will sometimes probe their customers' machines pretty frequently for one reason or another, but I don't know if that applies to DSL users as well as dial-up. Anyway, supposedly nothing gets through my firewall except via the protocols I set up, and GRP's "Shields Up" test always results in a "perfect stealth" rating....
LOL, I am no iptables whiz either, but this forum has provided me with lots of info.
The shields up thing is what I too use, with the same results. Also, my wife is a die hard W2000 person running Norton 2004 Internet Security. We have found that she never gets an alert when she connects to the net through the linux firewall. But when going through her external modem, alerts are very common.
From what I have seen, most of the unrequested packet traffic is from Windows boxes that have been taken over. Many of the people I know running Windows don't understand, or care about security, until their box starts to really slow down, or stop working. At that point they get serious, but only until someone fixes it for them.
My ISP "myvine" indicated to me that infected Windows boxes are a problem, but not one they are willing to deal with. I guess that as long as people make their connection payment, the ISP's are happy.
Thanks for the insight. I get quite a bit of spoofed email, and I imagine some of the same computers that have been hijacked for that purpose are also sending out these pings or whatever they are. My ISP (sbcglobal.net) threatened to suspend the accounts of users who didn't apply firewalls and antivirus to their Windows machines, but I never heard if they actually did or not. Even if they did, there would be plenty of other ISP's putting up with this stuff--and no guarantee that any users would properly protect their machines anyway.
and that stuff with 'limit' will make sure you only see a maximum of 3 logs a minute.
Thanks! I'll copy that for future reference. For now, I just have all logging turned off; it seems to me I don't need it, for it's an established fact that those probes, or whatever they are, are arriving and being rebuffed; there's nothing I can do about them (though I devoutly wish there were, and that it involved, if feasible, putting their ultimate originators in jail), and so I just turned off all logging using Guarddog, which allows, as I recall, a couple of levels of logging.
Interesting to see this fine-tuning method. Thanks again.