[Bug 1933396] [NEW] fwsnort rule blocks canonical ip

Wed, 23 Jun 2021 16:45:44 -0700 

Public bug reported:

 am trying to update and I get the following error from synaptic: W:
Failed to get http://archive.ubuntu.com/ubuntu/pool/main/l/linux-hwe-5.4
/linux-modules-extra-5.4.0-77-generic_5.4.0-77.86~18.04.1_amd64 .deb
Connection failed [IP: 2001: 67c: 1360: 8001 :: 23 80] checking mutt
mail I get psad crash alerts configured with fwsnort:

Danger level: [2] (out of 5)

Scanned TCP ports: [42400: 1 packets]
        TCP flags: [ACK: 1 packets]
   iptables chain: FWSNORT_INPUT_ESTAB (prefix "[401] REJ SID1797 ESTAB"), 1 
packets
     fwsnort rule: 401

           Source: 2001: 067c: 1360: 8001: 0000: 0000: 0000: 0023
              DNS: [No reverse dns info available]
[+] TCP scan signatures:

"PORN BDSM" dst port: 42400 (no server bound to local port) flags: ACK
content: "BDSM" sid: 1797 chain: FWSNORT_INPUT_ESTAB packets: 1
classtype: kickass-porn

and the same for ipv4

Danger level: [2] (out of 5)

Scanned TCP ports: [51378: 1 packets]
        TCP flags: [ACK: 1 packets]
   iptables chain: FWSNORT_INPUT_ESTAB (prefix "[515] REJ SID1797 ESTAB"), 1 
packets
     fwsnort rule: 515

           Source: 91.189.88.152
              DNS: [No reverse dns info available]
[+] TCP scan signatures:

"PORN BDSM" dst port: 51378 (no server bound to local port) flags: ACK
content: "BDSM" sid: 1797 chain: FWSNORT_INPUT_ESTAB packets: 1
classtype: kickass-porn

I am trying to download the file
http://archive.ubuntu.com/ubuntu/pool/main/l/linux-hwe-5.4/linux-
modules-extra-5.4.0-77-generic_5.4.0-77.86~18.04.1_amd64. deb from brave
browser manually and the malwarebyte extension blocks the download as a
suspicious site. Could I be facing a DNS hijacking? or consider this a
bug and disable psad-fwsnort and update without risk of infecting my
computer.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: ubuntu-release-upgrader-core 1:18.04.44
ProcVersionSignature: Ubuntu 5.4.0-74.83~18.04.1-generic 5.4.114
Uname: Linux 5.4.0-74-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.24
Architecture: amd64
CrashDB: ubuntu
CurrentDesktop: ubuntu:GNOME
Date: Wed Jun 23 20:33:55 2021
InstallationDate: Installed on 2020-04-16 (433 days ago)
InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 
(20200203.1)
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
Symptom: dist-upgrade
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: ubuntu-release-upgrader (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug bionic dist-upgrade

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1933396

Title:
  fwsnort rule blocks canonical ip

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1933396/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to