| 1 |
Hi, |
| 2 |
|
| 3 |
On Wed, 9 Aug 2006 22:03:55 +0400 |
| 4 |
Boris Sobolev <immunogene@×××××.com> wrote: |
| 5 |
|
| 6 |
> I' m not sure if I need packet analyzer or another tool. |
| 7 |
|
| 8 |
A packet analyzer would be fine, I think. Although me as a CLI-junkie |
| 9 |
would have suggested tcpdump instead of wireshark :-) Emerge tcpdump, |
| 10 |
and as root do |
| 11 |
$ tcpdump -vvni ppp0 |
| 12 |
|
| 13 |
> I can see network activity on my dsl modem led. |
| 14 |
|
| 15 |
Oh, totally normal behaviour. There's a lot of noise on the 'net, you |
| 16 |
know ;-) my modem's led blinks continously due to a lot of incoming |
| 17 |
requests to ports like 135 (worms), 4xxx-6xxx (P2P)... |
| 18 |
|
| 19 |
> Right before I switched to Gentoo, my windows box has |
| 20 |
> died for a couple of days ( it had no firewall). |
| 21 |
> It was bunch of viruses, worms and god knows what |
| 22 |
> else. When I turned firewall, it blocked endless probes. |
| 23 |
> I suspect the same thing hapening now. Aside from |
| 24 |
> I need a firewall ( and I deliberatly do not install one,) |
| 25 |
> how can I track an activities that generate that traffic? |
| 26 |
|
| 27 |
Rule #1: Not reliably on the machine itself. But above mentioned |
| 28 |
'tcpdump' is a start. But if there's a rootkit on the machine, it is |
| 29 |
free to censor its own traffic. (that's true for both Windows and Linux) |
| 30 |
|
| 31 |
But why do you think you need a firewall? If you're not running |
| 32 |
services with security holes, or use strange network protocols, you |
| 33 |
should be somewhat safe. (that's just Linux :-) ) |
| 34 |
|
| 35 |
Well, I highly suggest to setup iptables, but it is very unlikely that |
| 36 |
it caused harm to your system that you didn't set it up yet. |
| 37 |
|
| 38 |
-hwh |
| 39 |
-- |
| 40 |
gentoo-user@g.o mailing list |
Archives