1 |
Hi, |
2 |
|
3 |
On Wed, 9 Aug 2006 22:03:55 +0400 |
4 |
Boris Sobolev <immunogene@×××××.com> wrote: |
5 |
|
6 |
> I' m not sure if I need packet analyzer or another tool. |
7 |
|
8 |
A packet analyzer would be fine, I think. Although me as a CLI-junkie |
9 |
would have suggested tcpdump instead of wireshark :-) Emerge tcpdump, |
10 |
and as root do |
11 |
$ tcpdump -vvni ppp0 |
12 |
|
13 |
> I can see network activity on my dsl modem led. |
14 |
|
15 |
Oh, totally normal behaviour. There's a lot of noise on the 'net, you |
16 |
know ;-) my modem's led blinks continously due to a lot of incoming |
17 |
requests to ports like 135 (worms), 4xxx-6xxx (P2P)... |
18 |
|
19 |
> Right before I switched to Gentoo, my windows box has |
20 |
> died for a couple of days ( it had no firewall). |
21 |
> It was bunch of viruses, worms and god knows what |
22 |
> else. When I turned firewall, it blocked endless probes. |
23 |
> I suspect the same thing hapening now. Aside from |
24 |
> I need a firewall ( and I deliberatly do not install one,) |
25 |
> how can I track an activities that generate that traffic? |
26 |
|
27 |
Rule #1: Not reliably on the machine itself. But above mentioned |
28 |
'tcpdump' is a start. But if there's a rootkit on the machine, it is |
29 |
free to censor its own traffic. (that's true for both Windows and Linux) |
30 |
|
31 |
But why do you think you need a firewall? If you're not running |
32 |
services with security holes, or use strange network protocols, you |
33 |
should be somewhat safe. (that's just Linux :-) ) |
34 |
|
35 |
Well, I highly suggest to setup iptables, but it is very unlikely that |
36 |
it caused harm to your system that you didn't set it up yet. |
37 |
|
38 |
-hwh |
39 |
-- |
40 |
gentoo-user@g.o mailing list |