SlackwareThis Forum is for the discussion of Slackware Linux.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Attempts to conect to my box!
Every now and then i get warnings in /var/log/secure such as this:
Oct 23 16:23:22 SlackBox proftpd: refused connect from firstname.lastname@example.org
Oct 23 16:29:47 SlackBox proftpd: refused connect from email@example.com
And its usually from different IPs. My LAN is down, so it's no one from the LAN but from the net. Sometimes people try up to 50 times or so in a row. Fortunately i have set rules in /etc/hosts.allow/deny so the connection is refused, but is this something to worry about or is just some sysadmin or script kiddie scaning a range of IPs under which i fell?
And why is this guy surfing as root in the first place???
Well since we're talking about security know so you might want to check this out: linsec
I know it's quite old but it has some interesting thoughts and I must agree with nautilus: iplog is a very great tool. You can get it here: iplog
Good luck NSKL!
Aussie, i found very interesting the accounting part of your rc.firewall. Some time ago, when i read the iptables-tutorial there was little to be found about the -c option so i didn't pay any attention to it when making my script (i think i will be yanking it out of yours , given that i am just recently starting with bash prog.. ).
Could you post the TRAFFIC file to see what the results look like??