Hi, On Wed, 9 Aug 2006 22:03:55 +0400 Boris Sobolev <[EMAIL PROTECTED]> wrote:
> I' m not sure if I need packet analyzer or another tool. A packet analyzer would be fine, I think. Although me as a CLI-junkie would have suggested tcpdump instead of wireshark :-) Emerge tcpdump, and as root do $ tcpdump -vvni ppp0 > I can see network activity on my dsl modem led. Oh, totally normal behaviour. There's a lot of noise on the 'net, you know ;-) my modem's led blinks continously due to a lot of incoming requests to ports like 135 (worms), 4xxx-6xxx (P2P)... > Right before I switched to Gentoo, my windows box has > died for a couple of days ( it had no firewall). > It was bunch of viruses, worms and god knows what > else. When I turned firewall, it blocked endless probes. > I suspect the same thing hapening now. Aside from > I need a firewall ( and I deliberatly do not install one,) > how can I track an activities that generate that traffic? Rule #1: Not reliably on the machine itself. But above mentioned 'tcpdump' is a start. But if there's a rootkit on the machine, it is free to censor its own traffic. (that's true for both Windows and Linux) But why do you think you need a firewall? If you're not running services with security holes, or use strange network protocols, you should be somewhat safe. (that's just Linux :-) ) Well, I highly suggest to setup iptables, but it is very unlikely that it caused harm to your system that you didn't set it up yet. -hwh -- [email protected] mailing list
