Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Ilane, Check to see if you have either tcpdump or ethereal on your system. "rpm -q ethereal tcpdump" should give you the version installed. If you don't have either one, go get them from rpmfind or from redhat's site and install them. Run "tcpdump -i ppp0" to watch the packets flowing in and out over the dialup. ethereal is a graphic front end to tcpdump and if you're running X, it'll be a lot easier to use - just select Capture -> Start and select the ppp0 interface. You may find that it's rhnd checking in with redhat for updates, dns, ntpd checking the time, or some other task that may or may not be appropriate for a dial-up - then you can shut the daemons off if you want. You may also find that it's some morons doing portscans or web attacks on your address - it's amazing how many systems are out there trying to spread virii. I get a couple of thousand hits on my firewall each day with a fairly static IP address and I used to see quite a bit of incoming nonsense on my dialup before I got a cable modem. If you have a spare system, you might consider setting up a firewall system using ipcop, smoothwall or one of the other open source firewalls out there. A stand-alone dedicated firewall box is a lot easier to maintain than a workstation with some iptables rules added. my $.02 Dave On Fri, 29 Aug 2003 20:25:19 -0400 (EDT) "I.M.Walberg" <imw at tiac.net> wrote: > I had RedHat 7.3 installed about a year ago. I set up the firewall with > medium security. Recently, I've noticed that my rp3 shows send and > receive activity even when I'm not doing anything. I rebooted to check > this out and it shows activity even when the only programs I'm running are > xterms and rp3 (connected obviously). > > Naturally, this concerns me because I never noticed this before (too > obtuse maybe?) and know that it definitely didn't happen under my previous > RedHat installation (6.x). The rp3 display shows anywhere from 0 - 84 B, > with 38 B being common. The activity continues the entire time I'm > connected. Since I have a dialup connection, unfortunately, I didn't have > the foresight to set up tripwire. I do take standard precautions like > only downloading software from trusted sites and not opening email > attachments. > > Can anyone help me figure out what this activity is and what is generating > it? I've taken a quick look at netstat and it shows IP and Icmp activity, > but I am not really sure what to look for. Also, if anyone could send me > a list (or where I could find a list) of the standard set of processes > which run automatically on reboot (this is a RedHat 7.3 standard > workstation minimum install w/Gnome), I could check for suspicious > processes. > > I'm pretty computer savvy in general, but rather a novice at system > security. I've tried to RTFM but without a little direction I'm in over > my head. Any advice would be appreciated. > > Ilane > > > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://www.blu.org/mailman/listinfo/discuss -- Being shot out of a cannon will always be better than being squeezed out of a tube. That is why God made fast motorcycles, Bubba.... "Song of the Sausage Creature" Hunter S. Tompson
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |