LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-24-2013, 04:52 PM   #16
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600

What research did you do to understand the alert and what is your question?
 
Old 12-08-2013, 08:13 AM   #17
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 332

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by unSpawn View Post
What research did you do to understand the alert and what is your question?
Sorry about the delay getting back. Had to finish up a research paper.

I did some Internet research. I could not find a manual that describes it but the impression I got from forums is that it relates to cloud based storage which I don't have. I simply have two servers on my network. Would it be irrelevant to my situation and should it be disabled? Thanks.
 
Old 12-08-2013, 03:19 PM   #18
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
If you don't use Dropbox and if the port isn't in use by a service then you could conclude it's a false positive, yes.
 
1 members found this post helpful.
Old 12-09-2013, 12:41 PM   #19
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 332

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by unSpawn View Post
A web server shouldn't run a Desktop Environment in the first place. If you want to stay with Ubuntu please check out the LTS release and do not install Xorg, Desktop Environment or any graphical tools that could draw in Xorg / DE as a depencency.
Thank for letting me know about Ubuntu LTS. I had not previously heard of it. My computer (c. 2001) was too old to handle any versions of Ubuntu later than 11.4 - possibly due to not being able to handle LightDM. So I would need to use 10.04 LTS which would have support for server until early 2015 and no longer has support for desktop. I am thinking of trying the latest stable release of Debian or CentOS instead if my computer can handle it. If it handle CentOS, I should have support until the PC is over 20 years old if it lasts that long.


Thanks,
OS.
 
Old 12-09-2013, 05:47 PM   #20
OtagoHarbour
Member
 
Registered: Oct 2011
Posts: 332

Original Poster
Rep: Reputation: 3
Quote:
Originally Posted by unSpawn View Post
If you don't use Dropbox and if the port isn't in use by a service then you could conclude it's a false positive, yes.
I do not use Dropbox but

Code:
/usr/share/nmap/scripts/broadcast-dropbox-listener.nse
comes with the latest stable version of Debian. The WireShark log did not show port 17500 being used and that port was not specifically mentioned in iptables. Should I specifically block that port before I disable that warning (or sinstead of disabling that warning)?

Thanks,
OH.
 
Old 12-10-2013, 12:45 PM   #21
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
No, the NSE file explicitly requires you to run it as 'nmap --script=broadcast-dropbox-listener' and then it's only a passive listener. The Snort sig is for clients broadcasting ("udp $HOME_NET 17500 -> any 17500"). So if no machines run a Dropbox client then the port shouldn't be in use and there's no need to block it. FWIW /etc/snort/threshold.conf (if still in use?) [c|sh]ould hold suppression rules.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Both chkrootkit and rkhunter find suspicious files, are they false positives? theif519 Linux - Newbie 2 06-28-2011 08:42 PM
Auto Unrar files and move whitelist to another directory johnychemist Linux - Newbie 13 05-14-2011 04:38 AM
Whitelist mahmoud Linux - General 2 06-27-2008 06:50 AM
Whitelist kool_kid Red Hat 6 07-05-2007 12:08 PM
chkrootkit - suspicious files and dirs Dave Lerner Linux - Security 2 07-09-2005 08:49 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration