LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-21-2005, 04:31 PM   #1
hongman
Member
 
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285

Rep: Reputation: 35
someone eavesdropping on me?


Hello

I was just typing a post and then a box came up saying it could not grab my mouse, someone may be eavesdropping on me. Then another came up about the keyboard.

The mouse + keyboard still worked but everything stopped responding.

I did Ctrl-Alt-Backspace to bring me back to the login and its been fine since...

Whats happening? I dont have a firewall on here I was under the impression that IPtables was installed by default. Plus this is going thru the internet thru my XP box, which has a firewall.

Help?! I'm not being hacked am I?

Hong
 
Old 02-21-2005, 04:42 PM   #2
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
Hey
Iptables may be installed by default, but you have to set the rules (ie "computer let me access this port") yourself.

I can't comment on the hacking bit, but I'm sure someone will help you out. In the meantime, I strongly suggest looking to setting up a proper firewall on your server. Your won't need anything difficult.

hamish
 
Old 02-21-2005, 04:59 PM   #3
hongman
Member
 
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285

Original Poster
Rep: Reputation: 35
Quote:
Iptables may be installed by default, but you have to set the rules (ie "computer let me access this port") yourself.
OK...can someone help me/elaborate on this please...

Quote:
I can't comment on the hacking bit, but I'm sure someone will help you out. In the meantime, I strongly suggest looking to setting up a proper firewall on your server. Your won't need anything difficult.
Any reco's?
 
Old 02-21-2005, 05:20 PM   #4
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
Regarding firewall, I assume that your computer isn't serving anything to the Internet (ie, you don't run a webserver or anything).

Therefore, you basically just want to allow all request OUT of your box, but not allow any into your box.

If you have iptables installed, you should be able to start it by running:
# /etc/init.d/iptables start

Assuming that your disribution has installed the correct iptables as modules, then these will be loaded. Most distros do have iptables in the kernel by default. If not, you will have to recompile the kernel.

Assuming that you do get iptables started, then you should download this code, and paste it into a file called firewall-script.sh

Code:
#!/bin/sh
#The first line is just a regular header for a script.

#I now assume that your network interface is named as eth0.
#Change the following line to match your configuration.
EXT=eth0

#Next,  clean everything, so old firewall confgurations don't get on the way:
iptables --flush
iptables --table nat --flush
#Without arguments, the --delete-chain deletes all the additional chains.
iptables --delete-chain

#Disallows everything not explicitly allowed:
iptables --policy INPUT DROP
iptables --policy FORWARD DROP
iptables --policy OUTPUT DROP

#We want to allow ourself to send anything (this reverts the previous OUTPUT policy)
iptables --policy OUTPUT ACCEPT

#Allow the machine to connect to itself:
iptables --append INPUT --in-interface lo --jump ACCEPT

#Recieve anything from others in case you have first initiated a connection (eg. get a web page when you ask for one):
# Get ping replies from others:
iptables --append INPUT --in-interface $EXT -m state --state ESTABLISHED,RELATED -j ACCEPT

#Recieve ping requests from others:
iptables --append INPUT --in-interface $EXT -p icmp --icmp-type echo-request -j ACCEPT

####### PORT SPECIFIC REQUESTS #######

# ssh this is a service which you will probably be running, and it is a good idea to let yourself SSH into your computer.
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 22 -j ACCEPT
this script assumes that your NIC is eth0.

now, do:
# chmod +x firewall-script.sh
# sh firewall-script.sh

this will load the rules into the firewall.

do:
# iptables -nvL
and you should see something like:

Code:
hamish@pi hamish $ sudo /sbin/iptables -nvL
Chain INPUT (policy DROP 56450 packets, 4800K bytes)
 pkts bytes target     prot opt in     out     source               destination
2223K  338M ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
  16M   17G ACCEPT     all  --  eth0   *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
     0     0 ACCEPT     icmp --  eth0   *       0.0.0.0/0            0.0.0.0/0           icmp type 8
  392 22012 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:22
Now, assuming you can still do everything you want to do, save those rules to the computer.
# iptables-save

Hope this helps. Basically, it sets out what to do once you have iptables running. Some other members will no doubt be able to help you some more.

hamish
 
Old 02-21-2005, 05:37 PM   #5
shengchieh
Member
 
Registered: Jul 2004
Location: Palo Alto, CA
Distribution: #! Korora
Posts: 472

Rep: Reputation: 30
A bunch of firewalls in

http://www.websamba.com/Linux_Docs_Links
-> Softwares
-> firewll

Firestarter seems to be a commom one.

Sheng-Chieh
 
Old 02-21-2005, 05:44 PM   #6
cs-cam
Senior Member
 
Registered: May 2004
Location: Australia
Distribution: Gentoo
Posts: 3,545

Rep: Reputation: 57
I don't know for sure but I read somewhere that all the linux firewalls like Firestarter and Guarddog are simply GUI front ends for iptables.
 
Old 02-21-2005, 07:50 PM   #7
brainiac
Member
 
Registered: Jan 2005
Location: middle of a cornfield, IL
Distribution: Kanotix HD Install, Debian Testing, XP Pro,Vista RC1
Posts: 145

Rep: Reputation: 15
I have used Firestarter on my Fedora machine and it is an easy setup for iptables. It also works well.
 
Old 02-22-2005, 03:56 AM   #8
hongman
Member
 
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285

Original Poster
Rep: Reputation: 35
Brilliant, thanks for the replies.

So Guarddog and Firestarter are gui's for iptables...interesting...

Do I have to manually start iptables each time I log on? If so, how would I do that?

And yes, for now just allowing all outgoing is fine. But I will want to use it to serve in the near future as a webserver and ftp...will this be sufficient?

I found one called Smoothwall Express - any opinions on that?

I'll do more when I gt in from work.

Thanks

Hong
 
Old 02-22-2005, 05:22 AM   #9
hamish
Member
 
Registered: Aug 2003
Location: Edinburgh
Distribution: Server: Gentoo2004; Desktop: Ubuntu
Posts: 720

Rep: Reputation: 30
I assume you have a distro installed on your linux machine, and that you are not just using Knoppix LiveCD.

If you have a distro installed, then you can tell iptables to start on boot. And it will use the rules which you saved, using iptables-save.

Smoothwall might be a distribution in itself. As it, a small distro which you install on a dedicated server for routing.

If you want to allow sharing on FTP and websites, add these two lines to the firewall script:

Code:
# http
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 80 -j ACCEPT
# ftp
iptables --append INPUT --in-interface $EXT -p tcp --destination-port 21 -j ACCEPT
hamish
 
Old 02-22-2005, 12:35 PM   #10
hongman
Member
 
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285

Original Poster
Rep: Reputation: 35
Hi all, in from work now.

Ok, so I am going to try and create this script called fire-script.sh...but where do I create it? Do i just paste that into Kedit and save as firewall-script.sh?

Thanks

Hong
 
Old 02-22-2005, 12:36 PM   #11
hongman
Member
 
Registered: Feb 2005
Location: UK
Distribution: Knoppix 3.7
Posts: 285

Original Poster
Rep: Reputation: 35
Oh, and yes this is a full HDD install, NOT a LiveCD install.
 
Old 02-22-2005, 03:49 PM   #12
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
You need to do the following;

Copy the above to an editor and save it in /etc/init.d as rc.firewall. To make it executable cd to /etc/init.d and do as root in a console chmod +x rc.firewall. Now you need to get it to start automatically at boot time so do the following;
ln -s rc.firewall /etc/rc2.d/S89firewall
ln -s rc.firewall /etc/rc3.d/S89firewall
ln -s rc.firewall /etc/rc4.d/S89firewall
ln -s rc.firewall /etc/rc5.d/S89firewall

A tip here to make this quicker than typing the whole thing each time; when you have done the first one, up-arrow and the line will appear again so just use the left arrow to go back to rc2.d and change it to 3 then go to the end of the line and press return and so on.
 
Old 09-17-2005, 03:29 PM   #13
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495

Rep: Reputation: 85
I had the same pop up in Ubuntu 5.04 about could not grab mouse and eavesdropping. I did not see any problems. Nothing locked up. I was trying to open Synaptic. Synaptic still works. Untill recently I could not login anymore. I used Knoppix as a recovery disk to get all my impoortant files backed up and installed FreeBSD.
 
Old 09-18-2005, 12:29 AM   #14
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,524

Rep: Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015Reputation: 1015
Get a cheap machine, like a Celeron 650 MHz. Put in two network cards. Make sure it has a CD drive. Go online and download the .iso for Smoothwall. Burn it to a CD. Hook up a monitor and keyboard to the Celeron. Boot from the Smoothwall CD you made. Install Smoothwall. After you get done, shut down Smoothwall. Hook up internet to the red interface, and your PC to the green interface. Then, boot Smoothwall. Boot your PC. Now you have a packet dropping firewall with a network address translator. This is not to be confused with a packet filtering firewall, which comes with most linux distros. A port scan can learn a lot about a machine with a packet filtering firewall. A packet dropping firewall looks like an unused IP to a port scanner. Unless someone knows your IP, and knows you have Smoothwall, it is impenetrable. it works flawlessly for years on end. I have never had it fail, or need rebooting. It makes you completely invisible. I tried the famous network security hacker, Saint, on it. I tried every test to hack that firewall. Everything timed out, with no result. Saint thought it was a dead connection. Saint is the most sophisticated network penetration tool available. It comes with SuSE linux. It is great for testing security. Don't use it for anything illegal. Saint is like jail bait. You can really, seriously get into trouble for scanning other people's systems. Scan your own, though.
 
Old 09-18-2005, 03:34 PM   #15
fakie_flip
Senior Member
 
Registered: Feb 2005
Location: San Antonio, Texas
Distribution: Gentoo Hardened using OpenRC not Systemd
Posts: 1,495

Rep: Reputation: 85
Quote:
Originally posted by TigerOC
You need to do the following;

Copy the above to an editor and save it in /etc/init.d as rc.firewall. To make it executable cd to /etc/init.d and do as root in a console chmod +x rc.firewall. Now you need to get it to start automatically at boot time so do the following;
ln -s rc.firewall /etc/rc2.d/S89firewall
ln -s rc.firewall /etc/rc3.d/S89firewall
ln -s rc.firewall /etc/rc4.d/S89firewall
ln -s rc.firewall /etc/rc5.d/S89firewall

A tip here to make this quicker than typing the whole thing each time; when you have done the first one, up-arrow and the line will appear again so just use the left arrow to go back to rc2.d and change it to 3 then go to the end of the line and press return and so on.
A better way to do that is to program a for loop, while loop, or do while loop.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
eavesdropping fakie_flip Ubuntu 8 09-17-2005 05:38 AM
network sniffing / eavesdropping facefullofsnow Linux - Security 1 12-16-2003 05:14 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:18 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration