Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have big troubles with my server. I'm running a Ubuntu Server 12.04 system using two physical NIC's and this morning i found the annoying error of "w00tw00t.at.isc.sans.win32" in both my apache2 error.log and other_vhosts_access.log
Luckily i've got a second NIC to access my server on but when trying to connect to the first NIC i cant find the server.
When checking www.whatsmyip.org i have a new IP each time. How can i remove this extremely annoying bug? It seems that w00tw00t has crapped all over my iptables but i cant find anything on my server.
If your IP is changing it is usually because you are on a dynamic allocation plan.
If your hosts DNS A record points to an IP you no longer occupy, then no, you won't be able to connect by domain name.
This is unrelated to your log entries.
Also, none of this has anything to do with iptables.
this morning i found the annoying error of "w00tw00t.at.isc.sans.win32" in both my apache2 error.log and other_vhosts_access.log (..) How can i remove this extremely annoying bug? It seems that w00tw00t has crapped all over my iptables but i cant find anything on my server.
Ok but when looking up one of the it's that www.whatsmyip.org says I have I originates in China and when reading about w00tw00t one of the taglines is that it's using spoofed IP's from China, India etc.
I want to know why I can't connect to my external ip.
when looking up one of the ip's that www.whatsmyip.org says I have I originates in China
Unless you know you rented a virtual, shared or whatever server in the PRC (who would anyway?) you're probably doing something wrong.
Quote:
Originally Posted by junkyhlm
when reading about w00tw00t one of the taglines is that it's using spoofed IP's from China, India etc.
If you look at your access_log and error_log you'll probably note all return codes are all 4xx ones like 404, 403, etc, etc meaning the scanner doesn't find anything. Bottom line is that as long as you only run supported, current software releases, have hardened your server and your web stack and regularly audit the machine you've got (almost) nothing to fear from any remote scanners.
Quote:
Originally Posted by junkyhlm
I want to know why I can't connect to my external ip.
Are they both connected? Did you check your servers network configuration and 'ifconfig' or 'ip link show' output for which external IP addresses it has? Does your web server / SSH daemon listen on those addresses?
Nothing listens to the connections. My configuration is as follows:
Eth0
Behind router (DLink DIR-655)
This is the iface that apache uses for the webbservern.
Eth1
Backup entrance that I don't usually use.
When checking the log files I saw the w00tw00t entries and started to read about them. Shortly after I wasn't able to connect to my eth0 ext ip. Then i tried to look up my ip since I thought that I had gotten a new one, at www.whatsmyip.org since that site seemed to be the only one that reported the eth0 ip.
When checking the router status i had a working ip but I could not connect the server on it. I will check my router settings when I get home (since I retarded the fucker and now I can't access the ui any more).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.