Attempts to conect to my box!
Every now and then i get warnings in /var/log/secure such as this:
Oct 23 16:23:22 SlackBox proftpd[251]: refused connect from root@217.166.249.162 Oct 23 16:29:47 SlackBox proftpd[259]: refused connect from root@217.166.249.162 And its usually from different IPs. My LAN is down, so it's no one from the LAN but from the net. Sometimes people try up to 50 times or so in a row. Fortunately i have set rules in /etc/hosts.allow/deny so the connection is refused, but is this something to worry about or is just some sysadmin or script kiddie scaning a range of IPs under which i fell? And why is this guy surfing as root in the first place??? Thanks -NSKL |
Script kiddies... You can;t do much about them. A good firewall+upgraded software+good configuration and it should be OK. But they won't stop trying.
|
If your internet connection is a dynamic IP address and not static, it could be someone attempting to download via ftp from the prior lease of the IP address.
As far as surfing as "root" I think there are quite a few of us that do it. |
Yes its a dynamic IP.
Anyway i guess theres nothing to worry about as long as i keep everything safely confugured and up to date as Mara suggested. Thanks -NSKL |
As a public service I have my rc.firewall script available for download, feel free to use/modify it to fit your requirements :-)
|
Thanks, i'll "merge" it with mine, to get NAT (conection sharing) as well.
Thanks -NSKL |
Go for it, thats what it's up there for :)
|
Ugh, by the way... Does anybody know of a good tutorial how-to that will explain all the flags and setting up a firewall? The man page is damn complicated for me at this point..
Thanks |
Like an iptables tutorial perhaps?
|
Actually LIDS configuration is the most difficult thing user can deal with... I haven't configured mine yet.
NSKL btw iplog is a good tool for logging all connection attempts to you box |
|
Aussie was you writing rc.firewall by yourself?
|
Thanks for all the info!
-NSKL |
Aussie, i found very interesting the accounting part of your rc.firewall. Some time ago, when i read the iptables-tutorial there was little to be found about the -c option so i didn't pay any attention to it when making my script (i think i will be yanking it out of yours :D, given that i am just recently starting with bash prog.. ).
Could you post the TRAFFIC file to see what the results look like?? Mux. :) |
All times are GMT -5. The time now is 05:27 AM. |