IP-Tables and Security in General
Aruna Hewapathirane
aruna.hewapathirane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Mon Sep 23 13:37:02 UTC 2013
Thank you everyone for the suggestions and my apologies for cross posting,
I simply wanted to access as large a knowledge base as I possibly could out
there.
Am not running a network ( yet ) all I have is a single ancient PC (
Intel(R) Pentium(R) 4 CPU 3.06GHz with 2GB RAM ) running Ubuntu 10.04
LTS mostly used to develop.
My ISP is Bell so I have their router and when I had a look it says:
- Connection type: Ethernet
- IP address: 192.168.2.26
- IP address allocation: DHCP
- *IP address type: Private (NAT)*
So am guessing it implements Network Address Translation. I tried netstat
-tanp and netstat -aute and top to try and isolate but this is easier said
than done so I used Lightweight Portable Security Live CD for the time
being and it stopped the unwanted traffic but now I can't mount my drive.
fdisk-l shows zilch ? Is there a work around for this ?
netstat -tanp gives me this, and what are all those connections and are
they all legit or ?? Thank you everyone for all the ideas and help.
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:*
LISTEN 1191/cupsd
tcp 0 0 127.0.0.1:46270 0.0.0.0:*
LISTEN 2331/GoogleTalkPlug
tcp 0 0 127.0.0.1:49991 0.0.0.0:*
LISTEN 2331/GoogleTalkPlug
tcp 0 0 192.168.2.26:54472 74.125.225.116:80
TIME_WAIT -
tcp 0 0 192.168.2.26:52803 165.254.94.104:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44169 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:41957 23.61.97.224:80
TIME_WAIT -
tcp 0 0 192.168.2.26:37141 74.125.225.121:80
TIME_WAIT -
tcp 0 0 192.168.2.26:41993 23.61.97.224:80
TIME_WAIT -
tcp 0 0 192.168.2.26:36685 23.61.95.139:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44099 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:57406 207.152.124.122:80
TIME_WAIT -
tcp 0 0 192.168.2.26:41984 23.61.97.224:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44098 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:41983 23.61.97.224:80
TIME_WAIT -
tcp 0 0 192.168.2.26:43909 74.125.225.41:80
TIME_WAIT -
tcp 1 0 192.168.2.26:58247 165.254.94.114:80
CLOSE_WAIT 1905/clock-applet
tcp 0 0 192.168.2.26:39746 199.38.165.155:80
TIME_WAIT -
tcp 0 0 192.168.2.26:46506 74.125.225.127:80
TIME_WAIT -
tcp 0 0 192.168.2.26:53263 173.194.46.57:80
ESTABLISHED 2227/firefox
tcp 0 0 192.168.2.26:40756 173.194.46.45:80
TIME_WAIT -
tcp 0 0 192.168.2.26:54106 74.125.225.91:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44102 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:59210 199.7.51.72:80
TIME_WAIT -
tcp 0 0 192.168.2.26:55576 31.13.71.49:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44838 165.254.94.154:80
TIME_WAIT -
tcp 0 0 192.168.2.26:57073 74.125.225.89:80
TIME_WAIT -
tcp 0 0 192.168.2.26:60427 74.125.225.127:443
ESTABLISHED 2227/firefox
tcp 0 0 192.168.2.26:41370 165.254.94.113:80
TIME_WAIT -
tcp 0 0 192.168.2.26:52091 165.254.94.131:80
TIME_WAIT -
tcp 0 0 192.168.2.26:50579 216.239.120.40:80
ESTABLISHED 2227/firefox
tcp 0 0 192.168.2.26:53334 173.194.46.57:80
TIME_WAIT -
tcp 0 0 192.168.2.26:55095 165.254.94.130:80
TIME_WAIT -
tcp 0 0 192.168.2.26:33246 207.152.125.97:80
TIME_WAIT -
tcp 0 0 192.168.2.26:35851 74.125.225.154:80
TIME_WAIT -
tcp 0 0 192.168.2.26:60024 23.61.112.74:80
TIME_WAIT -
tcp 0 0 192.168.2.26:47021 173.194.46.85:443
ESTABLISHED 2227/firefox
tcp 0 0 192.168.2.26:37800 165.254.94.129:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44103 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44839 165.254.94.154:80
TIME_WAIT -
tcp 0 0 192.168.2.26:40799 74.125.142.95:80
TIME_WAIT -
tcp 0 0 192.168.2.26:35582 198.252.206.25:80
ESTABLISHED 2227/firefox
tcp 0 0 192.168.2.26:44100 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:46961 165.254.94.139:80
TIME_WAIT -
tcp 0 0 192.168.2.26:35943 31.13.71.49:443
ESTABLISHED 2227/firefox
tcp 1 0 192.168.2.26:58246 165.254.94.114:80
CLOSE_WAIT 1905/clock-applet
tcp 0 0 127.0.0.1:42513 127.0.0.1:49991
ESTABLISHED 2328/plugin-contain
tcp 0 0 192.168.2.26:41982 23.61.97.224:80
TIME_WAIT -
tcp 0 0 192.168.2.26:59619 173.194.46.66:443
ESTABLISHED 2227/firefox
tcp 0 0 192.168.2.26:40798 74.125.142.95:80
TIME_WAIT -
tcp 0 0 192.168.2.26:47682 131.253.40.48:80
TIME_WAIT -
tcp 0 0 192.168.2.26:40833 74.125.142.95:80
TIME_WAIT -
tcp 0 0 192.168.2.26:37145 74.125.225.121:80
TIME_WAIT -
tcp 0 0 192.168.2.26:43287 23.61.81.169:80
TIME_WAIT -
tcp 0 0 192.168.2.26:52804 165.254.94.104:80
TIME_WAIT -
tcp 0 0 192.168.2.26:44101 165.254.94.168:80
TIME_WAIT -
tcp 0 0 192.168.2.26:45436 207.152.124.89:80
TIME_WAIT -
tcp 0 0 192.168.2.26:52800 165.254.94.104:80
TIME_WAIT -
tcp 0 0 192.168.2.26:49379 74.125.225.124:80
TIME_WAIT -
tcp 0 0 192.168.2.26:52802 165.254.94.104:80
TIME_WAIT -
tcp 0 0 192.168.2.26:59186 199.7.51.72:80
TIME_WAIT -
tcp 0 0 127.0.0.1:49991 127.0.0.1:42513
ESTABLISHED 2331/GoogleTalkPlug
tcp 0 0 192.168.2.26:52801 165.254.94.104:80
TIME_WAIT -
tcp 0 0 192.168.2.26:54619 74.125.225.123:80
TIME_WAIT -
tcp 0 0 192.168.2.26:55570 31.13.71.49:80
TIME_WAIT -
tcp 0 0 192.168.2.26:57492 165.254.94.145:80
TIME_WAIT -
tcp 0 0 192.168.2.26:52805 165.254.94.104:80
TIME_WAIT -
tcp6 0 0 ::1:631 :::*
LISTEN 1191/cupsd
On Sun, Sep 22, 2013 at 1:09 PM, D. Hugh Redelmeier <hugh-pmF8o41NoarQT0dZR+AlfA at public.gmane.org> wrote:
> | From: Aruna Hewapathirane <aruna.hewapathirane-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
>
> | To: The Canadian Ubuntu Users Community <ubuntu-ca-nLRlyDuq1AZFpShjVBNYrg at public.gmane.org>,
> Toronto Linux User's Group <tlug-lxSQFCZeNF4 at public.gmane.org>
>
> Cross-posting to lists like these is probably a bad idea. So I've
> only replied to the TLUG list.
>
> | I recently noticed lots of incoming connections on my fire-starter ( its
> | the firewall I use ) and my load average kicked up considerably but I am
> | unable to identify what is specifically causing all this sudden unwanted
> | incoming traffic as am no network specialist :-)
>
> You have told us way too little about your network for us to give
> specific advice.
>
> - are you running multiple machines? I will assume so.
>
> - what is your gateway system? For example, a cable or DSL
> modem/router from your ISP. Does it implement NAT?
>
> - what are your machines trying to do? Are they just "clients" or are
> they intended to be servers to the internet. (I quote the word
> "client" because this is a distorted way of viewing the internet
> forced on us.
>
> - what is the unwanted traffic? (Ususally tcdump or wireshark or
> logging can tell you.)
>
> | Does anyone have any information on how to secure Ubuntu with iptables
> for
> | newbies to system administration and security in general ?
>
> Sadly, this is too big and general a question.
>
> | Do we have a best practices model for preventing intrusions and securing
> | one's system ?
>
> That's kind of jargon, but I know what you mean.
>
> You can do security from first principles (had work, and error prone),
> or you can copy something else that has consensus support.
>
> Every mainstream general distro tries to give you a good basis for a secure
> system (in my opinion, Ubuntu isn't the best but is OK). But from
> there, you customize for different purposes and need to adjust security
> appropriately.
>
> Summary: you need to specify what your systems are intended to do and
> how. Security has to reflect and be reflected in those designs.
> Security should not be an afterthought.
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
--
*Aruna Hewapathirane*
Consultant/Trainer
Phone : 647-709-9269
Website: <http://goog_1768911931>Open Source
Solutions<http://sahanaya.net/aruna/>
<https://sites.google.com/site/arunahewapathirane/home/business-card/buisness-card.png?attredirects=0>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20130923/32d704a0/attachment.html>
More information about the Legacy
mailing list