On 8/6/2014 9:58 AM, merc1...@f-m.fm wrote: > > Ok I've now studied the new ways of Shorewall and have my systems > updated to the ?SECTIONs. > > But now firewall hits to 25 and 110 have stopped, maybe because there's > a keylogger and they know I'm on to them.
Did you specify logging on your ACCEPT rule -- I'm guessing not. For 'info' level logging: ACCEPT:info net fw ... > Now I'm getting firewall > blocks on 843 and 8080, with my own user ID. > [ 6114.140836] Shorewall:fw-net:REJECT:IN= OUT=wlan0 SRC=192.168.1.1 > DST=119.81.13.84 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=17453 DF PROTO=TCP > SPT=50892 DPT=843 WINDOW=29200 RES=0x00 SYN URGP=0 UID=1000 GID=1000 > [ 6114.143375] Shorewall:fw-net:REJECT:IN= OUT=wlan0 SRC=192.168.1.1 > DST=119.81.13.84 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=9972 DF PROTO=TCP > SPT=42038 DPT=8080 WINDOW=29200 RES=0x00 SYN URGP=0 UID=1000 GID=1000 It is interesting that the SOURCE IP address is an RFC-1918 address; is that the IP address of a local interface? If so, what is that interface used for? How is it defined to Shorewall? > > And eth0 is frantically going in and out of promiscuous, even though I'm > not using it. I think I would be considering re-imaging this box at the earliest opportunity. > > I don't understand what fw-net is. It's not a user or anything in > processes. It is the iptables chain that handles packets in NEW state from the firewall to the net. > > I guess there's no way to troubleshoot this other than to open 8080 new, > close it established and > # netstat -tnap | fgrep :8080 > > Surprising that this sort of thing has never been a problem before. I > guess most ppl's firewalls are open so they never notice. Most people's firewalls are nailed down to the point that a acquiring a Trojan is extremely improbable. They run the minimum set of services necessary with SSH being the only service open to the net. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Infragistics Professional Build stunning WinForms apps today! Reboot your WinForms applications with our WinForms controls. Build a bridge from your legacy apps to the future. http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
