PDA

View Full Version : Linux doing suspicious things



01-03-2002, 12:23 AM
I came across problems with my firewall a couple of days ago. I did a GRC test and the ports returned closed when they use to report stealth and I did a hackyourself test and all low UDP ports were vulnerable from 1 to 11 I think. Some of these ports being unknown to hackyourself.

I fixed the firewall back up and did another GRC and hackyourself test and it was all stealth.

Another day after this I tried connecting to the internet and my browser wouldn't work again so I thought I may have set the firewall up incorrect or something but it didn't explain why it worked before. I haven't fixed that problem yet.

Now when I just booted up my computer now dials a connection during the startup (starting ppp0 interface) as soon as that happen I restarted my computer and came here. Can I stop it from dialing? I have no idea what I can do and I am concerned that my computer is not secure anymore.

I did a few updates before this happened using Red Hat's up2date.

I am thinking of backing up everything I need onto my Windows/Linux shared folder and reinstall Red Hat.

Is there a place they store these up2date updates? It took me hours to get them and I don't like the idea of doing them again. If not I can live with another long download.

Hope someone can help me.

01-03-2002, 11:01 AM
Don't go re-installing ...

Sounds to me like you have 2 wee problems. I'm not a Red Hat man, but ...

1) unless you have dial-on-demand, you will find a startup script is bringing up your internet connection. It is probably in /etc/rc.d/init.d/ and could be called ip-up, ppp-up or something along those lines.

If you do have dial-on-demand set up, stopping the initial dialup is trickier. DNS look-ups are the normal cause ... PDNSD can make fixing this easier.

2) firewall ... are you using ipchains or iptables? Presumably RedHat gives you some nice tools to set up some basic rules. Can you re-run this?
ipchains -L or iptables -L will list all your rules. Check these for anything that may be causing your problem. Also check /var/log/messages (& syslog?) for any helpful messages.

01-03-2002, 11:35 AM
I don't have dial on demand well I don't think I do but I'll check that out. I think it'll be more of that startup script then.

I am using ipchains. I think DNS is missing in the rules. I am not sure what the settings were in it before but they don't show the DNS anymore.

Yes Red Hat did give me a tool to set up the firewall which is what I used and it worked fine. It made the rules for the ipchains but I do remember looking in the ipchains file one time and seeing DNS IP addresses in there. They aren't there anymore.