I don't know whether this is an attack or a regular event.
UFW blocks shows some thing like this
Eg
Code:
[ 1636.491227] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=117.21.173.4 DST=x.y.x.w LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=256 PROTO=TCP SPT=61196 DPT=80 WINDOW=16384 RES=0x00 SYN URGP=0
I have replaced x.y.x.w (my IP)
Action Plan
1. I would like to harden my System, and setup some additional software like
intrusion detection Probably Snort?,
2. Using some security tools like Snort, Wireshark
Without violating ISP terms.
Context:
I am using Apache for testing a number of websites, locally,
last week I had to disable indexing since I saw some Outside IPs
in Apache access logs and which in turn triggered alarm button, I am
Confused!
Weakness:
I don't have much experience hardening Linux
only some elementary notions, I would consider myself as a 'Advanced Dummy'
learning real world security Issues,
Would really like to learn more proactive approach.
Please Share your valuable opinion.
Thanks You All.
Have a Nice Day.