Sat down to find Firestarter's tray icon red. I'm a Linux newbie and by no means a security expert. I lean towards slightly paranoid when it comes to my system. I know Linux is a far superior OS for security, but I'm concerned about the Source being clamav-mirror.co.ru.
Time:May 10 09:15:11 Direction: Unknown In:eth0 Out: Port:36608 Source: clamav-mirror.co.ru Destination:192.168.1.3 Length:1500 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 10 11:41:36 Direction: Unknown In:eth0 Out: Port:34961 Source: hosted-by.leaseweb.com Destination:192.168.1.3 Length:485 TOS:0x00 Protocol:TCP Service:Unknown
Thank you in advance for any help and guidance.
clamav-mirror.co.ru appears to be a legitimate ClamAV mirror.
Is Port 36608 open for incoming traffic in your Firestarter policies? If not, this would likely be a routine port scan.
Port scans happen all the time. Getting upset by random port scans is like getting upset by rain hitting your roof: as long as the rain doesn't get in, your roof is working.
What matters is what gets in the ports.
Here's the dig and whois on the clamav domain. Note that dig, whois, and other internet tools are generally included in Linux so you can use them yourself.
I just saw this in Synaptic on Debian 7:
I used Firestarter for awhile. I found it impossible to tightly align open ports with my various applications and services. Things were red or notifying me of problems all the time. So I ultimately just ignored them.
I've since switched to Firewall Builder...but that is a problem too. It puts warnings in /var/log/syslog really often. All these systems cry wolf all the time. You really need to fully understand a multitude of different net protocol issues (UDP vs TCP, stateful packet filtering and ...) to create good firewalls that stay silent until something really "interesting" happens. Half the time they just keep innocent services from working. And if you want to understand things, start with M.Sci courses in network protocols and security and how to break into systems (so you know the bad guys' toolboxes.)
Oh, one more thing. The guys writing Firewall Builder are moving on to sunnier skies (see their website) so support there is not good either. (It DOES handle ipv6.) I had to build Firewall from source for my new Debian Squeeze system. Couldn't just d/l it.
BEST ADVICE: Read some simple books, like O'Reilly's "LINUX Security Cookbook" for starters. That seemed like "security for dummies" to me (I mean no offense. I learned a lot! I still use it! that reminds me: I gotta look up some stuff)
|All times are GMT -5. The time now is 07:44 PM.|