On Thu, 2004-05-20 at 22:23, Lanman wrote: > Asa Rossoff wrote: > > > The log activity you posted doesn't indicate it. Those are all network > > packets that Shorewall dropped -- that didn't get in.. it's normal to have > > this activity, generated either by hackers checking for security holes or > > worms and whatnot. > > > > Asa > > On Mandrake 9.2, installed on a server which isn't running X, I'm > getting this exact type of data appearing on my display, even before > anyone logs onto the server - locally OR remotely! >
As a matter of fact, when I saw Aron's output on the screen, that's exactly what I thought was happening, because I have had the exact same experience as yourself. On a firewall (pre-update) running the secure kernel (the first release) I started seeing shorewall output on either the first or second consoles. Usually you are supposed to be able to do alt-F12 and get this information (F12 console is set aside for that purpose by default), but the information for some reason started being shunted to the first or second consoles on my firewall. This occurred after some heavy scanning of my box from the net, which led me to believe that someone was exploiting a buffer overflow vuln in the early 9.2 kernels. This was unlikely, given that I was using the secure kernel, but I had no other explanation. > Is there any way to stop this, or is this a warning that my system's > been hit? This is a fresh install which I finished this morning, so I'd > appreciate any thoughts before I start depending on it. My problem was corrected when I updated to the latest slew of updates and also replaced the secure kernel with the latest version. have not seen that problem since then. Aron should know though,that if he does see this kind of output on a console screen (usually one that's logged in) he should start to worry. > > Also, is there a "Bind" Guru here somewhere? I can't get "rndc" to > behave itself. It keeps giving me an error that states - > > "rndc: connect failed: connection refused" > > Even though Bind seems to start up without errors, and even though port > 53 is open on my firewall for DNS authentication, port scans keep > stating that the port is closed. You're running shorewall on the firewall, correct? ;) I've been encountering the same problems with both qmail and bind. > > This is the first time I've ever had these two problems, and I'm curious > to find out what's different between this 9.2 install, and the hundreds > I've done before! > > TIA > > Lanman > LX
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
