LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-30-2006, 06:31 PM   #1
eerstkoffie
LQ Newbie
 
Registered: Aug 2005
Location: Netherlands
Distribution: Debian-Sarge
Posts: 9

Rep: Reputation: 0
shoulf i block Amanda in firewall ?


in my firewall (firestarter on debian), in 'active connections' i see

source - my ip
destination - dsl.kern.com.au
port - 10080
service - Amanda

i googled for Amanda and it seemes to be an network backup tool.
but i don't run that and don't know the destination adres...

what is this ? someone copiying info from me ?
what should i do ?

thanks for your info.....

jw
 
Old 08-30-2006, 07:20 PM   #2
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 12 LXDE
Posts: 555

Rep: Reputation: 33
You should disable all unwanted services such as Amanda as each one represents a potential security risk. This isn't done from your firewall but by altering the scripts in /etc/init.d. Don't panic, there are some good tools to help you do this in Debian, look at:

http://www.debianhelp.co.uk/unwanted.htm

You might also want to read:

http://www.debian.org/doc/manuals/se...to/ch3.en.html
 
Old 08-30-2006, 08:34 PM   #3
eerstkoffie
LQ Newbie
 
Registered: Aug 2005
Location: Netherlands
Distribution: Debian-Sarge
Posts: 9

Original Poster
Rep: Reputation: 0
sysv-rc-conf

thanks man for your quick and complete reply !
learned a lot again.
installed sysv-rc-conf and ran it as root.
it indeed meniones all the runlevels and a lot of services to enable or disable.
but sysv-rc-conf doesn't list a service called Amanda or something like that. disabeling networking is a safe solution but too rigid, i think ;-)

now, i blocked port 10080 Amanda in firestarter, but i'm more interested in your (more safe) solution.
checked your links but could not find 'amanda' things listed...
did i oversee something ? or is amanda a part of a more general service that i should disable ?

thanks !
 
Old 08-31-2006, 03:13 PM   #4
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 12 LXDE
Posts: 555

Rep: Reputation: 33
Quote:
is amanda a part of a more general service that i should disable ?
Amanda is a network backup package that allows multiple computers to be backed up regardless of the individual operating systems. It's very popular but totally unnecessary on a desktop machine like mine.

On the basis that I never knowingly run any background task that I do not need I personally would find a way to disable Amanda. Since I don't have it installed, I can't look on my system to find the necessary files for you and a google hasn't thrown much light on the matter. From what you say, it seems to be an exception to the norm in some way.

Of course, if you are not going to use Amanda, the ultimate solution is to remove it using apt-get. It doesn't get more elegant than not having it cluttering up your system in the first place.

Quote:
disabeling networking is a safe solution but too rigid, i think
It rather depends on what you mean by "networking". I have a home network in the sense that my router allows my son's laptop to access the broadband modem, but I disabled NFS-common, RPC Portmapper and Samba as they are useless to me and each one represents open ports. The usual recommendation for hardening your system is that you run as few services as necessary. You can google to find what the various services do, then decide which ones you really want or need. The ones you don't can be disabled or removed.

Hope this helps
 
Old 08-31-2006, 09:26 PM   #5
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 61
You say it was only noticed as a hit blocked by Firestarter. I think I would recognize it as a potentially hostile attempt, but Firestarter seems to be handling it well. I wouldn't worry about it too much unless you begin to see other activity coming from the same place. Do you have a NAT router, or is Firestarter your complete firewall?
 
Old 09-01-2006, 05:10 AM   #6
mikieboy
Member
 
Registered: Apr 2004
Location: Warrington, Cheshire, UK
Distribution: Linux Mint 12 LXDE
Posts: 555

Rep: Reputation: 33
Re: dsl.kern.com.au

This is on the list of spammers on sdf.lonestar.org
rickh is right, it should be treated as hostile.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how do i block an application from accessing network? firewall? hisnumber666isback Linux - Software 1 05-06-2006 11:45 PM
Block P2P on Shorewall Firewall bharathvn Linux - Security 6 02-13-2006 03:25 AM
Why doesnt my firewall block all ports ALInux Linux - Networking 4 12-05-2005 05:49 PM
Can linux/bsd firewall block malware? hottdogg General 1 11-19-2005 01:49 AM
Block Yahoo Messanger via Firewall omid1979 Linux - Security 3 07-07-2005 11:43 AM


All times are GMT -5. The time now is 08:41 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration