Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
04-04-2006, 10:58 PM
|
#1
|
Member
Registered: Oct 2005
Posts: 45
Rep:
|
Port Scan
Ubuntu 5.10
Firestarter log
I am guessing this is a portscan...
Code:
Time:Apr 5 04:28:35 Direction: Unknown In:eth0 Out: Port:44470 Source:213.206.131.45 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:36 Direction: Unknown In:eth0 Out: Port:44471 Source:217.149.32.34 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:37 Direction: Unknown In:eth0 Out: Port:44472 Source:217.149.32.34 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:38 Direction: Unknown In:eth0 Out: Port:44473 Source:217.149.32.34 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:39 Direction: Unknown In:eth0 Out: Port:44474 Source:213.206.129.143 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:40 Direction: Unknown In:eth0 Out: Port:44475 Source:213.206.129.143 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:41 Direction: Unknown In:eth0 Out: Port:44476 Source:213.206.129.143 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:42 Direction: Unknown In:eth0 Out: Port:44477 Source:213.206.128.55 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:43 Direction: Unknown In:eth0 Out: Port:44478 Source:213.206.128.55 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:44 Direction: Unknown In:eth0 Out: Port:44479 Source:213.206.128.55 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:45 Direction: Unknown In:eth0 Out: Port:44480 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:46 Direction: Unknown In:eth0 Out: Port:44481 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:47 Direction: Unknown In:eth0 Out: Port:44482 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:48 Direction: Unknown In:eth0 Out: Port:44483 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:49 Direction: Unknown In:eth0 Out: Port:44484 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:50 Direction: Unknown In:eth0 Out: Port:44485 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:51 Direction: Unknown In:eth0 Out: Port:44486 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:28:52 Direction: Unknown In:eth0 Out: Port:44487 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:30:43 Direction: Unknown In:eth0 Out: Port:68 Source:82.211.234.2 Destination:82.211.234.11 Length:328 TOS:0x00 Protocol:UDP Service:DHCP
Time:Apr 5 04:30:44 Direction: Unknown In:eth0 Out: Port:1434 Source:60.190.0.173 Destination:82.211.234.11 Length:404 TOS:0x00 Protocol:UDP Service:Ms-sql-m
Time:Apr 5 04:31:12 Direction: Unknown In:eth0 Out: Port:44444 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:13 Direction: Unknown In:eth0 Out: Port:44445 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:14 Direction: Unknown In:eth0 Out: Port:44446 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:15 Direction: Unknown In:eth0 Out: Port:44447 Source:82.211.224.161 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:16 Direction: Unknown In:eth0 Out: Port:44448 Source:82.211.224.161 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:17 Direction: Unknown In:eth0 Out: Port:44449 Source:82.211.224.161 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:18 Direction: Unknown In:eth0 Out: Port:44450 Source:87.72.98.82 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:19 Direction: Unknown In:eth0 Out: Port:44451 Source:87.72.98.82 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:20 Direction: Unknown In:eth0 Out: Port:44452 Source:87.72.98.82 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:21 Direction: Unknown In:eth0 Out: Port:44453 Source:87.72.98.97 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:22 Direction: Unknown In:eth0 Out: Port:44454 Source:87.72.98.97 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:23 Direction: Unknown In:eth0 Out: Port:44455 Source:87.72.98.97 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:24 Direction: Unknown In:eth0 Out: Port:44456 Source:213.242.108.149 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:25 Direction: Unknown In:eth0 Out: Port:44457 Source:213.242.108.149 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:26 Direction: Unknown In:eth0 Out: Port:44458 Source:213.242.108.149 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:27 Direction: Unknown In:eth0 Out: Port:44459 Source:213.242.107.18 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:28 Direction: Unknown In:eth0 Out: Port:44460 Source:213.242.107.18 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:29 Direction: Unknown In:eth0 Out: Port:44461 Source:213.242.107.18 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:30 Direction: Unknown In:eth0 Out: Port:44462 Source:4.68.128.213 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:31 Direction: Unknown In:eth0 Out: Port:44463 Source:4.68.128.213 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:32 Direction: Unknown In:eth0 Out: Port:44464 Source:4.68.128.213 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:33 Direction: Unknown In:eth0 Out: Port:44465 Source:4.68.116.172 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:34 Direction: Unknown In:eth0 Out: Port:44466 Source:4.68.116.108 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:35 Direction: Unknown In:eth0 Out: Port:44467 Source:4.68.116.44 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:36 Direction: Unknown In:eth0 Out: Port:44468 Source:213.206.131.21 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:37 Direction: Unknown In:eth0 Out: Port:44469 Source:213.206.131.21 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:38 Direction: Unknown In:eth0 Out: Port:44470 Source:213.206.131.21 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:39 Direction: Unknown In:eth0 Out: Port:44471 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:40 Direction: Unknown In:eth0 Out: Port:44472 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:41 Direction: Unknown In:eth0 Out: Port:44473 Source:144.232.19.69 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:42 Direction: Unknown In:eth0 Out: Port:44474 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:43 Direction: Unknown In:eth0 Out: Port:44475 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:44 Direction: Unknown In:eth0 Out: Port:44476 Source:144.232.20.132 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:45 Direction: Unknown In:eth0 Out: Port:44477 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:46 Direction: Unknown In:eth0 Out: Port:44478 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:47 Direction: Unknown In:eth0 Out: Port:44479 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:48 Direction: Unknown In:eth0 Out: Port:44480 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:49 Direction: Unknown In:eth0 Out: Port:44481 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:50 Direction: Unknown In:eth0 Out: Port:44482 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:51 Direction: Unknown In:eth0 Out: Port:44483 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:52 Direction: Unknown In:eth0 Out: Port:44484 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:53 Direction: Unknown In:eth0 Out: Port:44485 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:54 Direction: Unknown In:eth0 Out: Port:44486 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:55 Direction: Unknown In:eth0 Out: Port:44487 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:56 Direction: Unknown In:eth0 Out: Port:44488 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:57 Direction: Unknown In:eth0 Out: Port:44489 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:58 Direction: Unknown In:eth0 Out: Port:44490 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:31:59 Direction: Unknown In:eth0 Out: Port:44491 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:32:00 Direction: Unknown In:eth0 Out: Port:44492 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:32:01 Direction: Unknown In:eth0 Out: Port:44493 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:32:02 Direction: Unknown In:eth0 Out: Port:44494 Source:144.232.20.136 Destination:82.211.234.11 Length:56 TOS:0x00 Protocol:ICMP Service:Unknown
Time:Apr 5 04:32:03 Direction: Unknown In:eth0 Out: Port:44495 Source:144.232.20.136
and it just keeps going.
Should the firewall even allow a response? and are there any way to find the source?
|
|
|
04-04-2006, 11:47 PM
|
#2
|
Senior Member
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020
Rep:
|
Hi,
ya it seems like port scanning. But the log is showing only the ICMP...means the attacker machine was pinging the target machine to know whether its up or not.
Firewall may or may not stop this. It depends on its settings that whether ping (ICMP) is blocked or not.
regards
|
|
|
04-05-2006, 01:47 AM
|
#3
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
I'm not convinced that it's a simple port or ping scan. Granted, I'm not that familiar with firestarters log format, but it's listing port numbers while showing the protocol as ICMP, which I believe means they are incoming ICMP port-unreachable packets. The other odd thing is that the source IP changes even though the port number still appears to be steadily incrementing (IPs actually belong to completely different ISPs too).
If I had to guess I'd say it's either some form of spoofed scan (remote attacker scans remote target but forges your source IP) or possibly a distributed scan. Both of those possibilities would be pretty strange. If you run tcpdump on your system (or ideally on another system on your network) do you see any outgoing traffic that looks like a scan?
|
|
|
04-05-2006, 09:11 AM
|
#4
|
Member
Registered: Oct 2005
Posts: 45
Original Poster
Rep:
|
This is the first hit shown in the firestarter log.
Code:
Time:Apr 5 04:28:09 Direction: Unknown In:eth0 Out: Port:44444 Source:82.211.234.2 Destination:82.211.234.11 Length:576 TOS:0x00 Protocol:ICMP Service:Unknown
TCPDUMP
Code:
14:54:45.506591 arp who-has 82.211.235.117 tell 82.211.234.2
14:54:45.671897 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:45.760516 arp who-has 82.211.234.232 tell 82.211.234.2
14:54:45.767448 IP 82.211.235.20.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST
14:54:45.767562 arp who-has 82.211.235.20 tell 82.211.234.181
14:54:45.767856 arp who-has 82.211.235.20 tell 82.211.234.250
14:54:45.767893 IP 82.211.235.20.netbios-dgm > 82.211.235.255.netbios-dgm: NBT UDP PACKET(138)
14:54:45.925342 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:46.198878 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:46.318610 arp who-has 82.211.235.198 tell 82.211.234.2
14:54:46.326299 IP 192.168.0.1.3960 > 255.255.255.255.61112: UDP, length 92
14:54:46.496647 IP 82.211.234.181.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): REGISTRATION; REQUEST; BROADCAST
14:54:46.506585 arp who-has 82.211.235.117 tell 82.211.234.2
14:54:46.671550 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:46.760179 arp who-has 82.211.234.232 tell 82.211.234.2
14:54:47.198002 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:47.317987 arp who-has 82.211.235.198 tell 82.211.234.2
14:54:47.728583 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:47.806089 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:48.197861 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:48.318452 arp who-has 82.211.235.198 tell 82.211.234.2
14:54:48.610728 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:48.728273 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:48.774525 arp who-has 82.211.234.224 tell 82.211.234.2
14:54:48.785561 arp who-has 82.211.234.164 tell 82.211.234.2
14:54:48.805780 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:49.181038 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:03:93:20:52:65 (oui Unknown), length: 548
14:54:49.183600 arp who-has 172.30.0.250 tell 0.0.0.0
14:54:49.611192 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:49.728664 arp who-has 82.211.234.134 tell 82.211.234.2
14:54:49.774118 arp who-has 82.211.234.224 tell 82.211.234.2
14:54:49.785156 arp who-has 82.211.234.164 tell 82.211.234.2
14:54:49.806318 arp who-has 82.211.234.81 tell 82.211.234.2
14:54:50.611007 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:50.773929 arp who-has 82.211.234.224 tell 82.211.234.2
14:54:50.785030 arp who-has 82.211.234.164 tell 82.211.234.2
14:54:51.147632 IP 82.211.234.15.netbios-dgm > 82.211.235.255.netbios-dgm: NBT UDP PACKET(138)
14:54:51.161668 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240628 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240734 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240790 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240848 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:51.240900 IP 82.211.234.15.netbios-ns > 82.211.235.255.netbios-ns: NBT UDP PACKET(137): RELEASE; REQUEST; BROADCAST
14:54:52.237649 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:52.325300 IP 192.168.0.1.3961 > 255.255.255.255.61112: UDP, length 92
14:54:52.417632 IP 0.0.0.0.bootpc > 255.255.255.255.bootps: BOOTP/DHCP, Request from 00:03:47:8d:ca:11 (oui Unknown), length: 320
14:54:52.812951 arp who-has 82.211.235.14 tell 82.211.234.2
14:54:53.237176 arp who-has 82.211.234.107 tell 82.211.234.2
14:54:53.328680 arp who-has 82.211.234.19 tell 82.211.234.19
If it is a spoofed attack theres basically no way too know the source, right?
Found that firestater was configured to receive ICMP requests, hopefully that's fixed now.
Thanks
Last edited by atlaika; 04-05-2006 at 02:11 PM.
|
|
|
04-05-2006, 08:12 PM
|
#5
|
Senior Member
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658
Rep:
|
I don't see anything in the tcpdump output that really looks malicious. If you see any further warnings from firestarter, try using tcpdump again but limit the capture to only icmp, grab the packet header/payload (tcpdump -veX icmp) and let it run longer.
It's also probably a good idea to either perform a remote scan of you firewall using another remote system or using one of the free online scans (like grc or sygate SOS) in order to verify that your firewall is functioning properly.
If it is a spoofed attack theres basically no way too know the source, right?
Depends on the situation, but in most circumstances you can't tell the true source by simply looking at a packet.
|
|
|
04-06-2006, 10:13 AM
|
#6
|
Member
Registered: Oct 2005
Posts: 45
Original Poster
Rep:
|
Quote:
I don't see anything in the tcpdump output that really looks malicious. If you see any further warnings from firestarter, try using tcpdump again but limit the capture to only icmp, grab the packet header/payload (tcpdump -veX icmp) and let it run longer.
|
Thanks, will do that.
Quote:
It's also probably a good idea to either perform a remote scan of you firewall using another remote system or using one of the free online scans (like grc or sygate SOS) in order to verify that your firewall is functioning properly.
|
I had done one on grc, but only for common ports, which didn’t tell me anything about ICMP, so I missed it, until I tried Sygate SOS.
http://scan.sygate.com/
Quote:
If it is a spoofed attack theres basically no way too know the source, right?
Depends on the situation, but in most circumstances you can't tell the true source by simply looking at a packet.
|
Any where I could read a bit more about that?
|
|
|
All times are GMT -5. The time now is 07:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|