Just John Posted April 19, 2008 Report Share Posted April 19, 2008 pawel.t17.des.pwr.wroc.pl port scanned me 12 times over a period of 3 minutes according to "interactive firewall." Should I be worried about this? Would it alert me if he found any open ports? Quote Link to comment Share on other sites More sharing options...
supermario Posted April 19, 2008 Report Share Posted April 19, 2008 I wouldn't worry about it. Like you said you've got your firewall running. I don't think its possible to gain access to your box, and any secure site you're visiting should have 256 encryption, and I believe all browsers offer 128 bit encryption. I could be wrong though. Take what I say with a grain of salt, I'm no networking export and I'm far from being a Linux expert. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted April 19, 2008 Report Share Posted April 19, 2008 Port scanning unfortunately is common on the internet. My firewall picks up port scans all the time - but I know it's not configured for allow any incoming connections. My firewall also blocks their IP after three tries of scanning. I'd be more worried if you found them trying to get in on specific ports. Just make sure you've got nothing listening for incoming connections. Quote Link to comment Share on other sites More sharing options...
sjaglin Posted April 19, 2008 Report Share Posted April 19, 2008 Hi, Talking about the interactive firewall, is there an easy GUI to configure it, I am trying webmin but it's a bit avanced for me ... Stef Quote Link to comment Share on other sites More sharing options...
arctic Posted April 19, 2008 Report Share Posted April 19, 2008 You should be worried if someone is scanning certain ports repeatedly. Otherwise, you should just be cautious and check the log file now and then. If you are unsure if someone really hacked you, you should check for a root-kit. Quote Link to comment Share on other sites More sharing options...
coverup Posted April 19, 2008 Report Share Posted April 19, 2008 I doubt you have many ports open unless you run servers. To check what ports your computer is listening to, run netstat -tan. It is a good idea to edit hosts.deny and hosts.allow to deny remote access to all services/ports, except for those you explicitly want to be open, eg, port 22 for secure shell access. Even after that you can add an extra line of defense by limiting the number of unsuccessful (read unauthorized) login attempts from a particular host (read bot), say to 3. Take a look at denyhosts. When run as a daemon, it monitors the security logs. If an IP address attempts to gain an access to your computer for 3 or more times in a row, that address will be added to the hosts.deny file for good. It will never bother you again. Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted April 20, 2008 Report Share Posted April 20, 2008 netstat -tunlp will filter a bit further for the necessary processes that are listening. Quote Link to comment Share on other sites More sharing options...
iphitus Posted April 20, 2008 Report Share Posted April 20, 2008 and its probably not someone, rather 'something' -- a worm or a bot. Quote Link to comment Share on other sites More sharing options...
sjaglin Posted April 20, 2008 Report Share Posted April 20, 2008 Umm, interesting thread I find. Digging a bit I found the interactive firewall cong in drakconf. Using nmap is easy but apparently not that complete! I've read a bit in a magazine about Nessus and gave it a try, pretty powerful.It will scan an IP, then sum-up the dangers of opened ports on that specific machine as well as give advice on how to protect it. I had a machine lightly protected on my network and it said that despite being protected it managed to id the PC and scan the ports. I am quite impressed by that. To get the nessus GUi one has to install the gtk package. Also before fireing it up one needs to do nessus-adduser and give a password. GOOD LUCK! Stef Quote Link to comment Share on other sites More sharing options...
tyme Posted April 24, 2008 Report Share Posted April 24, 2008 eg, port 22 for secure shell access.If you are using ssh, it's probably a good idea to configure it to run on a port other than 22 (a non-reserved port, obviously) as this will cut down on brute force attacks - automated brute force scripts rarely do a scan before trying to connect to ssh, so they just hit the default port and if nothing is there move on. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.