Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 05-10-2013, 11:10 AM   #1
LQ Newbie
Registered: Jan 2013
Distribution: Mint 12 (Lisa)
Posts: 2

Rep: Reputation: Disabled
Exclamation Firestarter Events

Sat down to find Firestarter's tray icon red. I'm a Linux newbie and by no means a security expert. I lean towards slightly paranoid when it comes to my system. I know Linux is a far superior OS for security, but I'm concerned about the Source being

Time:May 10 09:15:11 Direction: Unknown In:eth0 Out: Port:36608 Source: Destination: Length:1500 TOS:0x00 Protocol:TCP Service:Unknown
Time:May 10 11:41:36 Direction: Unknown In:eth0 Out: Port:34961 Source: Destination: Length:485 TOS:0x00 Protocol:TCP Service:Unknown

Thank you in advance for any help and guidance.

Old 05-11-2013, 09:32 PM   #2
LQ Guru
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Debian, Mageia, and whatever VMs I happen to be playing with
Posts: 12,632
Blog Entries: 16

Rep: Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246Reputation: 3246 appears to be a legitimate ClamAV mirror.

Is Port 36608 open for incoming traffic in your Firestarter policies? If not, this would likely be a routine port scan.

Port scans happen all the time. Getting upset by random port scans is like getting upset by rain hitting your roof: as long as the rain doesn't get in, your roof is working.

What matters is what gets in the ports.

Here's the dig and whois on the clamav domain. Note that dig, whois, and other internet tools are generally included in Linux so you can use them yourself.

~$ dig

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>>
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9589
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;		IN	A


;; AUTHORITY SECTION:			2043	IN	NS			2043	IN	NS			2043	IN	NS

;; ADDITIONAL SECTION:		131148	IN	A		44749	IN	A		44749	IN	A

;; Query time: 293 msec
;; WHEN: Fri May 10 21:41:33 2013
;; MSG SIZE  rcvd: 163

~$ whois
% This is the RIPE Database query service.
% The objects are in RPSL format.
% The RIPE Database is subject to Terms and Conditions.
% See

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to ' -'

% Abuse contact for ' -' is ''

inetnum: -
netname:        GLDN-IT-hosts
descr:          Golden telecom IT hosting
descr:          Moscow, Russia
country:        RU
admin-c:        TELE1-RIPE
tech-c:         TELE1-RIPE
status:         ASSIGNED PA
mnt-by:         AS3216-MNT
source:         RIPE # Filtered

role:           Teleross NOC
address:        Krasnokazarmennaja, 12
address:        Moscow, Russia
phone:          +7 495 7871001
fax-no:         +7 495 7871010
org:            ORG-ES15-RIPE
admin-c:        IS13
tech-c:         DBF3-RIPE
tech-c:         MAK18-RIPE
tech-c:         is13
tech-c:         rj631-ripe
nic-hdl:        TELE1-RIPE
mnt-by:         AS3216-MNT
remarks:        formely Sovam Teleport NOC
source:         RIPE # Filtered

% Information related to ''

descr:          SOVAM DELEGATED BLOCK-2
origin:         AS3216
mnt-by:         AS3216-MNT
source:         RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.60.2 (WHOIS1)
A dig and whois on, though, was less informative, but it does not seem to have a very good reputation:


I just saw this in Synaptic on Debian 7:

Firestarter is no longer developed and is missing some critical features such as IPv6 support, so users may be advised to look into more modern alternatives such as gufw.
I removed FS (I've used it for years) and installed gufw. It's as easy to configure as FS, if not easier.

Last edited by frankbell; 05-11-2013 at 10:03 PM.
Old 05-12-2013, 07:41 PM   #3
Registered: Jun 2007
Posts: 164

Rep: Reputation: 18
I used Firestarter for awhile. I found it impossible to tightly align open ports with my various applications and services. Things were red or notifying me of problems all the time. So I ultimately just ignored them.

I've since switched to Firewall Builder...but that is a problem too. It puts warnings in /var/log/syslog really often. All these systems cry wolf all the time. You really need to fully understand a multitude of different net protocol issues (UDP vs TCP, stateful packet filtering and ...) to create good firewalls that stay silent until something really "interesting" happens. Half the time they just keep innocent services from working. And if you want to understand things, start with M.Sci courses in network protocols and security and how to break into systems (so you know the bad guys' toolboxes.)

Oh, one more thing. The guys writing Firewall Builder are moving on to sunnier skies (see their website) so support there is not good either. (It DOES handle ipv6.) I had to build Firewall from source for my new Debian Squeeze system. Couldn't just d/l it.

BEST ADVICE: Read some simple books, like O'Reilly's "LINUX Security Cookbook" for starters. That seemed like "security for dummies" to me (I mean no offense. I learned a lot! I still use it! that reminds me: I gotta look up some stuff)


firestarter, firewall, linux, mint, security

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Finding and editing Firestarter events log noranthon Linux - Security 4 08-19-2010 02:32 AM
Firestarter monitoring firewall events w/o interfering with rules? JackieJ Linux - Software 0 05-17-2009 06:53 AM
Keyboard events interrupting mouse events. miner49er Linux - Hardware 3 11-04-2008 04:16 AM
Hang on triggering udev events- is there a buildup of events? sonichedgehog Slackware 20 07-11-2008 02:49 AM
Capturing X Events phrontist Linux - Software 1 10-28-2004 08:56 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:55 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration