Re: what basic security for Mdva 2006 - Mandrake

This is a discussion on Re: what basic security for Mdva 2006 - Mandrake ; Here are a couple, from netstat -anotu, which looked interesting, and seem a little out of place. Any comments welcome. A. tcp 0 0 203.173.200.111:2510 72.21.63.182:80 ESTABLISHED 3135/freshclam tcp 0 0 203.173.200.111:4487 203.109.252.42:110 ESTABLISHED 4310/kontactCuljza....

+ Reply to Thread
Results 1 to 4 of 4

Thread: Re: what basic security for Mdva 2006

  1. Re: what basic security for Mdva 2006


    Here are a couple, from netstat -anotu, which looked interesting, and seem
    a little out of place. Any comments welcome. A.

    tcp 0 0 203.173.200.111:2510 72.21.63.182:80
    ESTABLISHED 3135/freshclam

    tcp 0 0 203.173.200.111:4487 203.109.252.42:110
    ESTABLISHED 4310/kontactCuljza.


  2. Re: what basic security for Mdva 2006

    On Mon, 16 Oct 2006 13:12:27 +1300, Adam wrote:
    >
    > Here are a couple, from netstat -anotu, which looked interesting, and seem
    > a little out of place. Any comments welcome. A.
    >

    203.173.200.111:2510 72.21.63.182:80 ESTABLISHED 3135/freshclam

    I would assume freshclam virus deamon/service calling home for a database
    update. How would I guess that, placed 72.21.63.182 in my browser window.

    203.173.200.111:4487 203.109.252.42:110 ESTABLISHED 4310/kontactCuljza.

    Guessing 203.109.252.42 is a pop connection created by your email
    client making a check to see if there is any email to download.
    (port 110 used as clue)

    If you have enabled your firewall, click up a terminal
    su - root
    grep -i shorewall /var/log/messages
    to see attempts into your system that were blocked/dropped.


  3. Re: what basic security for Mdva 2006

    Bit Twister wrote:

    ....
    > 203.173.200.111:2510 72.21.63.182:80 ESTABLISHED 3135/freshclam
    >
    > I would assume freshclam virus deamon/service calling home for a database
    > update. How would I guess that, placed 72.21.63.182 in my browser
    > window.
    >
    > 203.173.200.111:4487 203.109.252.42:110 ESTABLISHED 4310/kontactCuljza.


    OK. So kontact deals with Freshclam ? I don't expect you to do the work
    for me, I can look into this, but .. how would I know (perhaps its in
    Kontact-config-email-security, .. no mention of Freshclam there.).

    So there may be an active antivirus service running, with this workstation
    install more-or-less straight outa the box.

    This may explain irregular unexplained medium bandwidth comms., as they're
    not mail or news, and I doubt time-correction.

    > Guessing 203.109.252.42 is a pop connection created by your email
    > client making a check to see if there is any email to download.
    > (port 110 used as clue)
    >
    > If you have enabled your firewall, click up a terminal
    > su - root
    > grep -i shorewall /var/log/messages
    > to see attempts into your system that were blocked/dropped.



    No firewall yet. But thanks again, Bit Twister. I can see the Firewall is
    a must from here on in. A.





  4. Re: what basic security for Mdva 2006

    On Mon, 16 Oct 2006 16:59:08 +1300, Adam wrote:

    > OK. So kontact deals with Freshclam ? I don't expect you to do the work
    > for me, I can look into this,


    Ok, starter hint, man -k clam
    and http://www.clamav.net/

    > So there may be an active antivirus service running, with this workstation
    > install more-or-less straight outa the box.


    more or less. to see your service list
    su - root
    chkconfig --list

    > No firewall yet. But thanks again, Bit Twister. I can see the Firewall is
    > a must from here on in. A.


    The first screen gives you a list of ports to allow entry into your
    system, do not check any unless you want the outside world to have
    uninvited access to that port.

    The next screen has two selections at the bottom,
    Use interactive Firewall and Port scan detection,
    I would uncheck, Port scan dect and Use interactive firewal.

    Now after you pick which interface to protect PPP0 and click ok, you
    will have a firewall blocking/dropping inbound connections and still
    have normal operation of internet access that you have now.


+ Reply to Thread