LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Mandriva
User Name
Password
Mandriva This Forum is for the discussion of Mandriva (Mandrake) Linux.

Notices



Reply
 
Search this Thread
Old 05-07-2006, 09:27 PM   #1
dolphans1
Senior Member
 
Registered: Jun 2003
Location: LoneStar
Distribution: Mandriva & Ubuntu
Posts: 1,025

Rep: Reputation: 34
Interactive Firewall Attack Warnings


Hey guys I have been playing around with FTP up on a server and I noticed that my Mandriva Interactive Firewall has been alerting me that someone is scanning my port 1028, port 1029 and port 1030.

There are a bunch of alerts over 30 or more, but when I try and use xtracer to see where the attacks are coming from, I get "no response".

Does anyone know what or why this is happening?

Thanks.....

d-1
 
Old 05-08-2006, 04:16 PM   #2
Xolo
Member
 
Registered: Jul 2004
Location: The Netherlands
Distribution: Mandrake, Knoppix, Coyote Linux, RedHat
Posts: 354
Blog Entries: 3

Rep: Reputation: 31
No real experience with an interactive firewall on Mandriva (yet..?) but a message like 'no response' would leave me to think the host that was scanning you is already offline.
If the firewall has a logging option, you might want to browse the log till you come across the ports you were alerted about, there you should see the IP address(es) at least. Then you can work from there and check whether the host is online or not, and trace it back to it's provider.
 
Old 05-11-2006, 07:59 AM   #3
Emmanuel_uk
Senior Member
 
Registered: Nov 2004
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,604

Rep: Reputation: 47
tail -f /var/log/syslog
should have shorewall outputs including IP
(that does not mean this can be traced further)

There is this organisation: a dsitributed firewall or something
of the like where you can report abuses and also
check if the host was not already blacklisted
(cannot remember the anme for the life of me)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to configure Mandi (Interactive Firewall) kasl33 Mandriva 2 12-20-2005 06:09 PM
non-interactive ssh podollb Linux - Software 3 04-20-2004 04:28 PM
Is this an attack on my firewall? linuxboy69 Linux - Security 6 03-03-2004 11:40 AM
Microsoft ISA Firewall Returns Port Scan Warnings From Linux BIND DNS Servers. ramram29 Linux - Security 4 01-26-2004 11:09 PM
Non interactive FTP lapthorn Linux - Networking 1 11-25-2003 05:00 AM


All times are GMT -5. The time now is 01:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration