LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 10-23-2002, 09:36 AM   #1
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Rep: Reputation: 46
Attempts to conect to my box!


Every now and then i get warnings in /var/log/secure such as this:
Oct 23 16:23:22 SlackBox proftpd[251]: refused connect from root@217.166.249.162
Oct 23 16:29:47 SlackBox proftpd[259]: refused connect from root@217.166.249.162

And its usually from different IPs. My LAN is down, so it's no one from the LAN but from the net. Sometimes people try up to 50 times or so in a row. Fortunately i have set rules in /etc/hosts.allow/deny so the connection is refused, but is this something to worry about or is just some sysadmin or script kiddie scaning a range of IPs under which i fell?
And why is this guy surfing as root in the first place???
Thanks
-NSKL
 
Old 10-23-2002, 12:55 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,536

Rep: Reputation: 148Reputation: 148
Script kiddies... You can;t do much about them. A good firewall+upgraded software+good configuration and it should be OK. But they won't stop trying.
 
Old 10-23-2002, 08:56 PM   #3
Excalibur
Senior Member
 
Registered: Jun 2002
Location: Northern VA, USA
Distribution: Ubuntu
Posts: 1,180

Rep: Reputation: 45
If your internet connection is a dynamic IP address and not static, it could be someone attempting to download via ftp from the prior lease of the IP address.

As far as surfing as "root" I think there are quite a few of us that do it.
 
Old 10-24-2002, 09:27 AM   #4
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Original Poster
Rep: Reputation: 46
Yes its a dynamic IP.
Anyway i guess theres nothing to worry about as long as i keep everything safely confugured and up to date as Mara suggested.
Thanks
-NSKL
 
Old 10-31-2002, 08:31 AM   #5
Aussie
Senior Member
 
Registered: Sep 2001
Location: Brisvegas, Antipodes
Distribution: Slackware
Posts: 4,590

Rep: Reputation: 56
As a public service I have my rc.firewall script available for download, feel free to use/modify it to fit your requirements :-)
 
Old 11-01-2002, 03:11 AM   #6
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Original Poster
Rep: Reputation: 46
Thanks, i'll "merge" it with mine, to get NAT (conection sharing) as well.
Thanks
-NSKL
 
Old 11-01-2002, 03:19 AM   #7
Aussie
Senior Member
 
Registered: Sep 2001
Location: Brisvegas, Antipodes
Distribution: Slackware
Posts: 4,590

Rep: Reputation: 56
Go for it, thats what it's up there for
 
Old 11-01-2002, 03:22 AM   #8
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Original Poster
Rep: Reputation: 46
Ugh, by the way... Does anybody know of a good tutorial how-to that will explain all the flags and setting up a firewall? The man page is damn complicated for me at this point..
Thanks
 
Old 11-01-2002, 03:35 AM   #9
Aussie
Senior Member
 
Registered: Sep 2001
Location: Brisvegas, Antipodes
Distribution: Slackware
Posts: 4,590

Rep: Reputation: 56
Like an iptables tutorial perhaps?
 
Old 11-01-2002, 07:32 AM   #10
nautilus_1987
Member
 
Registered: Aug 2002
Distribution: Slackware 8.1
Posts: 750

Rep: Reputation: 30
Actually LIDS configuration is the most difficult thing user can deal with... I haven't configured mine yet.
NSKL btw iplog is a good tool for logging all connection attempts to you box
 
Old 11-01-2002, 08:59 AM   #11
wonderpun
Member
 
Registered: Aug 2002
Location: Geekland, Planet Earth
Distribution: Slackware 9.1
Posts: 323

Rep: Reputation: 30
Well since we're talking about security know so you might want to check this out:
linsec
I know it's quite old but it has some interesting thoughts and I must agree with nautilus: iplog is a very great tool. You can get it here:
iplog
Good luck NSKL!
 
Old 11-01-2002, 02:18 PM   #12
nautilus_1987
Member
 
Registered: Aug 2002
Distribution: Slackware 8.1
Posts: 750

Rep: Reputation: 30
Aussie was you writing rc.firewall by yourself?
 
Old 11-01-2002, 03:19 PM   #13
NSKL
Senior Member
 
Registered: Jan 2002
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207

Original Poster
Rep: Reputation: 46
Thanks for all the info!
-NSKL
 
Old 11-01-2002, 04:18 PM   #14
Mux
Member
 
Registered: May 2002
Location: Bs.As., Argentina
Distribution: Slackware; Debian; Suse; RedHat
Posts: 66

Rep: Reputation: 15
Aussie, i found very interesting the accounting part of your rc.firewall. Some time ago, when i read the iptables-tutorial there was little to be found about the -c option so i didn't pay any attention to it when making my script (i think i will be yanking it out of yours , given that i am just recently starting with bash prog.. ).
Could you post the TRAFFIC file to see what the results look like??

Mux.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cannot conect to X server xowl Linux - Software 2 10-09-2005 08:11 PM
Cannot conect to internet on mandrake suckerr70 Linux - Networking 6 04-19-2005 04:08 AM
cant conect to the intertnet hernan Linux - Newbie 2 02-21-2005 03:40 PM
cannot conect to internet Guayacan Slackware 5 01-01-2004 04:51 PM
Conect to the internet Darkangel90 Linux - Newbie 1 09-15-2002 09:24 AM


All times are GMT -5. The time now is 09:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration