pawel.t17.des.pwr.wroc.pl port scanned me 12 times over a period of 3 minutes according to "interactive firewall." Should I be worried about this? Would it alert me if he found any open ports?

I wouldn't worry about it. Like you said you've got your firewall running. I don't think its possible to gain access to your box, and any secure site you're visiting should have 256 encryption, and I believe all browsers offer 128 bit encryption. I could be wrong though. Take what I say with a grain of salt, I'm no networking export and I'm far from being a Linux expert.

Port scanning unfortunately is common on the internet. My firewall picks up port scans all the time - but I know it's not configured for allow any incoming connections. My firewall also blocks their IP after three tries of scanning.

I'd be more worried if you found them trying to get in on specific ports. Just make sure you've got nothing listening for incoming connections.

Hi,

Talking about the interactive firewall, is there an easy GUI to configure it, I am trying webmin but it's a bit avanced for me ...

Stef

You should be worried if someone is scanning certain ports repeatedly. Otherwise, you should just be cautious and check the log file now and then. If you are unsure if someone really hacked you, you should check for a root-kit.

I doubt you have many ports open unless you run servers. To check what ports your computer is listening to, run netstat -tan.

It is a good idea to edit hosts.deny and hosts.allow to deny remote access to all services/ports, except for those you explicitly want to be open, eg, port 22 for secure shell access. Even after that you can add an extra line of defense by limiting the number of unsuccessful (read unauthorized) login attempts from a particular host (read bot), say to 3. Take a look at denyhosts. When run as a daemon, it monitors the security logs. If an IP address attempts to gain an access to your computer for 3 or more times in a row, that address will be added to the hosts.deny file for good. It will never bother you again.

netstat -tunlp will filter a bit further for the necessary processes that are listening.

and its probably not someone, rather 'something' -- a worm or a bot.

Umm, interesting thread I find. Digging a bit I found the interactive firewall cong in drakconf. Using nmap is easy but apparently not that complete!

I've read a bit in a magazine about Nessus and gave it a try, pretty powerful.It will scan an IP, then sum-up the dangers of opened ports on that specific machine as well as give advice on how to protect it.

I had a machine lightly protected on my network and it said that despite being protected it managed to id the PC and scan the ports. I am quite impressed by that.

To get the nessus GUi one has to install the gtk package. Also before fireing it up one needs to do nessus-adduser and give a password.

GOOD LUCK!

Stef

If you are using ssh, it's probably a good idea to configure it to run on a port other than 22 (a non-reserved port, obviously) as this will cut down on brute force attacks - automated brute force scripts rarely do a scan before trying to connect to ssh, so they just hit the default port and if nothing is there move on.