LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   Attempts to conect to my box! (https://www.linuxquestions.org/questions/slackware-14/attempts-to-conect-to-my-box-33536/)

NSKL 10-23-2002 09:36 AM
Attempts to conect to my box!
 
Every now and then i get warnings in /var/log/secure such as this:
Oct 23 16:23:22 SlackBox proftpd[251]: refused connect from root@217.166.249.162
Oct 23 16:29:47 SlackBox proftpd[259]: refused connect from root@217.166.249.162

And its usually from different IPs. My LAN is down, so it's no one from the LAN but from the net. Sometimes people try up to 50 times or so in a row. Fortunately i have set rules in /etc/hosts.allow/deny so the connection is refused, but is this something to worry about or is just some sysadmin or script kiddie scaning a range of IPs under which i fell?
And why is this guy surfing as root in the first place???
Thanks
-NSKL

Mara 10-23-2002 12:55 PM
Script kiddies... You can;t do much about them. A good firewall+upgraded software+good configuration and it should be OK. But they won't stop trying.

Excalibur 10-23-2002 08:56 PM
If your internet connection is a dynamic IP address and not static, it could be someone attempting to download via ftp from the prior lease of the IP address.

As far as surfing as "root" I think there are quite a few of us that do it.

NSKL 10-24-2002 09:27 AM
Yes its a dynamic IP.
Anyway i guess theres nothing to worry about as long as i keep everything safely confugured and up to date as Mara suggested.
Thanks
-NSKL

Aussie 10-31-2002 08:31 AM
As a public service I have my rc.firewall script available for download, feel free to use/modify it to fit your requirements :-)

NSKL 11-01-2002 03:11 AM
Thanks, i'll "merge" it with mine, to get NAT (conection sharing) as well.
Thanks
-NSKL

Aussie 11-01-2002 03:19 AM
Go for it, thats what it's up there for :)

NSKL 11-01-2002 03:22 AM
Ugh, by the way... Does anybody know of a good tutorial how-to that will explain all the flags and setting up a firewall? The man page is damn complicated for me at this point..
Thanks

Aussie 11-01-2002 03:35 AM
Like an iptables tutorial perhaps?

nautilus_1987 11-01-2002 07:32 AM
Actually LIDS configuration is the most difficult thing user can deal with... I haven't configured mine yet.
NSKL btw iplog is a good tool for logging all connection attempts to you box

wonderpun 11-01-2002 08:59 AM
Well since we're talking about security know so you might want to check this out:
linsec
I know it's quite old but it has some interesting thoughts and I must agree with nautilus: iplog is a very great tool. You can get it here:
iplog
Good luck NSKL!

nautilus_1987 11-01-2002 02:18 PM
Aussie was you writing rc.firewall by yourself?

NSKL 11-01-2002 03:19 PM
Thanks for all the info!
-NSKL

Mux 11-01-2002 04:18 PM
Aussie, i found very interesting the accounting part of your rc.firewall. Some time ago, when i read the iptables-tutorial there was little to be found about the -c option so i didn't pay any attention to it when making my script (i think i will be yanking it out of yours :D, given that i am just recently starting with bash prog.. ).
Could you post the TRAFFIC file to see what the results look like??

Mux. :)


All times are GMT -5. The time now is 05:27 AM.