shoulf i block Amanda in firewall ?
in my firewall (firestarter on debian), in 'active connections' i see
source - my ip destination - dsl.kern.com.au port - 10080 service - Amanda i googled for Amanda and it seemes to be an network backup tool. but i don't run that and don't know the destination adres... what is this ? someone copiying info from me ? what should i do ? thanks for your info..... jw |
You should disable all unwanted services such as Amanda as each one represents a potential security risk. This isn't done from your firewall but by altering the scripts in /etc/init.d. Don't panic, there are some good tools to help you do this in Debian, look at:
http://www.debianhelp.co.uk/unwanted.htm You might also want to read: http://www.debian.org/doc/manuals/se...to/ch3.en.html |
sysv-rc-conf
thanks man for your quick and complete reply !
learned a lot again. installed sysv-rc-conf and ran it as root. it indeed meniones all the runlevels and a lot of services to enable or disable. but sysv-rc-conf doesn't list a service called Amanda or something like that. disabeling networking is a safe solution but too rigid, i think ;-) now, i blocked port 10080 Amanda in firestarter, but i'm more interested in your (more safe) solution. checked your links but could not find 'amanda' things listed... did i oversee something ? or is amanda a part of a more general service that i should disable ? thanks ! |
Quote:
On the basis that I never knowingly run any background task that I do not need I personally would find a way to disable Amanda. Since I don't have it installed, I can't look on my system to find the necessary files for you and a google hasn't thrown much light on the matter. From what you say, it seems to be an exception to the norm in some way. Of course, if you are not going to use Amanda, the ultimate solution is to remove it using apt-get. It doesn't get more elegant than not having it cluttering up your system in the first place. Quote:
Hope this helps :) |
You say it was only noticed as a hit blocked by Firestarter. I think I would recognize it as a potentially hostile attempt, but Firestarter seems to be handling it well. I wouldn't worry about it too much unless you begin to see other activity coming from the same place. Do you have a NAT router, or is Firestarter your complete firewall?
|
Re: dsl.kern.com.au
This is on the list of spammers on sdf.lonestar.org rickh is right, it should be treated as hostile. |
All times are GMT -5. The time now is 03:28 PM. |