in my firewall (firestarter on debian), in 'active connections' i see

source - my ip
destination - dsl.kern.com.au
port - 10080
service - Amanda

i googled for Amanda and it seemes to be an network backup tool.
but i don't run that and don't know the destination adres...

what is this ? someone copiying info from me ?
what should i do ?

thanks for your info.....

jw

You should disable all unwanted services such as Amanda as each one represents a potential security risk. This isn't done from your firewall but by altering the scripts in /etc/init.d. Don't panic, there are some good tools to help you do this in Debian, look at:

http://www.debianhelp.co.uk/unwanted.htm

You might also want to read:

http://www.debian.org/doc/manuals/se...to/ch3.en.html

thanks man for your quick and complete reply !
learned a lot again.
installed sysv-rc-conf and ran it as root.
it indeed meniones all the runlevels and a lot of services to enable or disable.
but sysv-rc-conf doesn't list a service called Amanda or something like that. disabeling networking is a safe solution but too rigid, i think ;-)

now, i blocked port 10080 Amanda in firestarter, but i'm more interested in your (more safe) solution.
checked your links but could not find 'amanda' things listed...
did i oversee something ? or is amanda a part of a more general service that i should disable ?

thanks !

Amanda is a network backup package that allows multiple computers to be backed up regardless of the individual operating systems. It's very popular but totally unnecessary on a desktop machine like mine.

On the basis that I never knowingly run any background task that I do not need I personally would find a way to disable Amanda. Since I don't have it installed, I can't look on my system to find the necessary files for you and a google hasn't thrown much light on the matter. From what you say, it seems to be an exception to the norm in some way.

Of course, if you are not going to use Amanda, the ultimate solution is to remove it using apt-get. It doesn't get more elegant than not having it cluttering up your system in the first place.

It rather depends on what you mean by "networking". I have a home network in the sense that my router allows my son's laptop to access the broadband modem, but I disabled NFS-common, RPC Portmapper and Samba as they are useless to me and each one represents open ports. The usual recommendation for hardening your system is that you run as few services as necessary. You can google to find what the various services do, then decide which ones you really want or need. The ones you don't can be disabled or removed.

Hope this helps

You say it was only noticed as a hit blocked by Firestarter. I think I would recognize it as a potentially hostile attempt, but Firestarter seems to be handling it well. I wouldn't worry about it too much unless you begin to see other activity coming from the same place. Do you have a NAT router, or is Firestarter your complete firewall?

Re: dsl.kern.com.au

This is on the list of spammers on sdf.lonestar.org
rickh is right, it should be treated as hostile.