Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm running a firewall software on my redhat 9 machine (Firestarter) and I've noticed that i have about 4 requests per second on port 4662 from internet. That should not be a problem, but this causes a consuption of about 10% of CPU and more. Any any to prevent this?
I would just use Firestarter to add a firewall rule to block that traffic. Port 4662 is eDonkey traffic, so you can safely DROP all the packets destined for port 4662 without being too worried about losing legitimate traffic. Blocking ~4requests/s shouldn't really consume alot of resources.
Hmmmmm. Are they all from the same ip address(es)? It could be that you have some P2P software somewhere on your network. Alot of the newer ones can be nasty in that if the default ports are blocked they will scan all your ports looking for an open alternative. Check and see if you have any users behind the firewall that have installed any P2P clients. If the requests come from a few unique ip addresses then you can specifically DROP traffic from those ip addresses.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.