I just browsed through ipchains.rules and found a bunch of ACCEPT rules for
206.10.253.6, 206.10.253.47, 206.10.252.17, 206.etc.etc.etc. None of these
are my ip address nor my DNS servers or anything else I configured into the
linux system.
Each entries says ACCEPT for: -A input, -A dns_fw, -A ident_fw, -A ssh_fw,
-A mail_fw, -A ftp_fw, -A ping_fw, -A misc_fw using one of the above or a
dozen other ipaddresses.
My question is this, should those entries be cause for concern (like
someone screwing with my linux box from the outside) or is it standard to
find ipaddresses like the above when setting up ipchains.rules manually for
the first time? The entries look more than suspicious to me because i
don't want to accept some unknown ipaddress, but I don't understand all
these rules yet either.
The only weird activity that I've ever discovered is that when running my
windows pc instead of the linux box I once logged an incoming http request
from 202.98.129.57 when I wasn't even surfing the net. I was just doing
some word processing after having the pc idle for about 12 hours when the
http request came in (I have dsl). I immediately tracerouted the ip
address and came up with no useful info.
Anyhow, could all of those 206.etc.etc. entries in my ipchains.rules come
from the half dozen firewall configurators I ran during the week or is
there something else I need to watch for that may have added all of these
entries? Or maybe these don't mean anything?
Thanks
Andre
p.s. Hope this is more clear than looking through a glass of mud...
p.p.s. Is there a real-time tool for linux that will inform me if I have a
trojan is trying to communicate out? thanks
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
