LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Closed Thread
  Search this Thread
Old 10-23-2016, 12:43 PM   #1
robolux
Member
 
Registered: Oct 2016
Posts: 31

Rep: Reputation: Disabled
Lubuntu 16.04 Suspicious Traffic


Hi!

Yesterday I installed Lubuntu 16.04 to my HDD and discovered some very strange traffic both incoming and outgoing from the ntp port, listed under 123/udp.

After researching the connecting IPs I found out that most of them correspond to local software businesses and IT firms.

I checked the traffic with iftop, which showed that multiple bytes, in some cases even +1KB, was sent and received to and from those IPs.

Screenshot: https://s12.postimg.org/w647skop9/screen.png


.)Do I have to be worried, that those services transmitted malware or other harmful code?

.)How can I permanently block those connections or port?

I have tried using the following, unsuccessfully.

-->with the built in firewall

Code:
    sudo ufw deny 123/udp


    sudo ufw deny ntp
-->with iptables

Code:
    sudo iptables -A OUTPUT -p udp --dport 123 -j DROP


    sudo iptables -A INPUT -p udp --sport 123 -j DROP
Thank you!

Last edited by buntuluxx; 3 Hours Ago at 02:40 PM.
 
Old 10-24-2016, 08:55 AM   #2
michaelk
Moderator
 
Registered: Aug 2002
Posts: 15,243

Rep: Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624Reputation: 1624
Please post your thread in only one forum. Posting a single thread in the most relevant forum will make it easier for members to help you and will keep the discussion in one place. This thread is being closed because it is a duplicate.

Continue here:
http://www.linuxquestions.org/questi...ic-4175592039/
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Lubuntu Suspicious Traffic robolux Linux - Security 8 10-24-2016 12:37 AM
LXer: No Audio in Lubuntu? - Lubuntu Audio Configuration and Volume Control LXer Syndicated Linux News 0 05-23-2016 12:17 AM
Suspicious Inbound/Outbound traffic dimitris.kalamaras Linux - Security 5 04-04-2006 10:30 AM
Suspicious network traffic Config Linux - Security 9 03-09-2003 08:23 AM


All times are GMT -5. The time now is 06:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration