SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Rep:
Attempts to conect to my box!
Every now and then i get warnings in /var/log/secure such as this:
Oct 23 16:23:22 SlackBox proftpd[251]: refused connect from root@217.166.249.162
Oct 23 16:29:47 SlackBox proftpd[259]: refused connect from root@217.166.249.162
And its usually from different IPs. My LAN is down, so it's no one from the LAN but from the net. Sometimes people try up to 50 times or so in a row. Fortunately i have set rules in /etc/hosts.allow/deny so the connection is refused, but is this something to worry about or is just some sysadmin or script kiddie scaning a range of IPs under which i fell?
And why is this guy surfing as root in the first place???
Thanks
-NSKL
If your internet connection is a dynamic IP address and not static, it could be someone attempting to download via ftp from the prior lease of the IP address.
As far as surfing as "root" I think there are quite a few of us that do it.
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Original Poster
Rep:
Yes its a dynamic IP.
Anyway i guess theres nothing to worry about as long as i keep everything safely confugured and up to date as Mara suggested.
Thanks
-NSKL
Location: Rome, Italy ; Novi Sad, Srbija; Brisbane, Australia
Distribution: Ubuntu / ITOS2008
Posts: 1,207
Original Poster
Rep:
Ugh, by the way... Does anybody know of a good tutorial how-to that will explain all the flags and setting up a firewall? The man page is damn complicated for me at this point..
Thanks
Actually LIDS configuration is the most difficult thing user can deal with... I haven't configured mine yet.
NSKL btw iplog is a good tool for logging all connection attempts to you box
Well since we're talking about security know so you might want to check this out: linsec
I know it's quite old but it has some interesting thoughts and I must agree with nautilus: iplog is a very great tool. You can get it here: iplog
Good luck NSKL!
Aussie, i found very interesting the accounting part of your rc.firewall. Some time ago, when i read the iptables-tutorial there was little to be found about the -c option so i didn't pay any attention to it when making my script (i think i will be yanking it out of yours , given that i am just recently starting with bash prog.. ).
Could you post the TRAFFIC file to see what the results look like??
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.