Hi Everyone!

As a newbie to security issues, I have a basic/first question:

My Firestarter (firestarter-1.0.2-1) shows blocked connections for inbound, ICMP, traceroute for port 33438. But I have allowed these connection for "everyone". (I assume these are skype VoIP connections.)

Why would they be showing up as BLOCKED in the EVENTs history? :confused:

Can you help? Like a few ideas?

Look forward to your replies

When you were setting the firewall up to allow connections--did you also allow the "service"?
Hope you have read a lot on security setup for this.

When you were setting the firewall up to allow connections--did you also allow the "service"?
Hope you have read a lot on security setup for this.

Hi w5set

Yes, I did allow the service. That's why I am puzzled! I allowed it, but it kept being shown up as "blocked". Crazy.

The other point: "Hope you have read a lot on security setup ...." made my heart sink. :eek: No, I haven't. Go on, advise me what is best to read, links, books, or whatever. :D

Best regards

You said---I assume these are skype VoIP connections.)---yeah--ok--but I would assume the upper ports for the newer services are routinely scanned by various "very willing to help ya admin your server". People.
Firewall the thing as tight as you can--do regular rkhunter scans--every day.
Google rkhunter--download it--run rkhunter --update first thing and then use heck out of it.
Upper ports are as easy to block as the more common lower ones-usually the default setting with iptables! Do an intenal nmap scan to see the open ports ya have, compare these to the command "netstat -Nel" do external nmap scans periodically--comparing these to the "netstat -Nel" stuff reported to see if maybe netstat has been played with. there's a bunch of different netstat commands--get to know and use them frequently.
netstat -help gives you short info on using
info netstat gives you more info
man netstat is bewildering with info
netstat command is your friend and a very useful tool
rkhunter is a useful tool
The internet is a wide diverse highway of information--google it for info
also the internet highway has a few potholes in it too--watch carefully for those.

good tip with rkhunter...

Hi W5set and Tiberiu!

Your advice:
- Firewall the thing as tight as you can
- Google rkhunter--download it
- do regular rkhunter scans--every day.
- Do an intenal nmap scan to see the open ports ya have, compare these to the command "netstat -Nel"
- do external nmap scans periodically--comparing these to the "netstat -Nel" stuff reported to see if maybe netstat has been played with.
- netstat commands--get to know and use them frequently.
- warnings: the internet highway has a few potholes in it - watch carefully for those.

OK. Will do!
Thanks to you and everyone else.