UFW Blocking Messages IP Address Appearing ?
I don't know whether this is an attack or a regular event.
UFW blocks shows some thing like this Eg Code:
[ 1636.491227] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=117.21.173.4 DST=x.y.x.w LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=TCP SPT=61196 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0 Action Plan 1. I would like to harden my System, and setup some additional software like intrusion detection Probably Snort?, 2. Using some security tools like Snort, Wireshark Without violating ISP terms. Context: I am using Apache for testing a number of websites, locally, last week I had to disable indexing since I saw some Outside IPs in Apache access logs and which in turn triggered alarm button, I am Confused! Weakness: I don't have much experience hardening Linux only some elementary notions, I would consider myself as a 'Advanced Dummy' learning real world security Issues, Would really like to learn more proactive approach. Please Share your valuable opinion. Thanks You All. Have a Nice Day. |
All times are GMT -5. The time now is 05:37 AM. |