Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 9th September 2007, 03:34 PM
Wiles Offline
Registered User
 
Join Date: Aug 2006
Posts: 396
port being attacked? or spyware?

when i connect to some people via p2p chat, i get hit on two distinct ports which are not being used for the p2p chat connection. I get 3-6 packets every 1 second, rather annoying to know something is sending you unwanted packets. The source computers are the same, but the source ports differ, but their destination is always the same two ports on my computer. They are UDP packets, so while I can capture info with wireshark, i don't know how to read it meaningfully. If their computer has spyware or a trojan, could that be the culprit? their anti-virus/anti-spyware doesn't seem to be able to find something is wrong, and they don't know much about computers....

so, if my firewall is constantly blocking those ports, is there a chance that too many packets came at the same time, and something got past the firewall? how many packets per second can iptables filter before it lets unchecked packets thru? And how to read what the UDP packet actually contains?
Reply With Quote
  #2  
Old 12th September 2007, 05:48 AM
Jman Offline
Registered User
 
Join Date: Mar 2004
Location: Minnesota, USA
Age: 28
Posts: 7,909
Source ports don't really mean anything. Destination typically does. See some general info on TCP/UDP.

You might get some useful data out of wireshark, although constructing the conversation might be difficult. What client and protocol are you using?

If it makes you feel better install and run chkrootkit.

Last edited by Jman; 12th September 2007 at 05:54 AM.
Reply With Quote
  #3  
Old 23rd September 2007, 02:35 AM
Wiles Offline
Registered User
 
Join Date: Aug 2006
Posts: 396
is the port displayed in the firestarter events list the source or destination port?
Reply With Quote
  #4  
Old 23rd September 2007, 07:12 AM
Crito Offline
Registered User
 
Join Date: Aug 2007
Location: Knoxville, TN
Posts: 256
It's your port number. Whether that's the source or destination depends on whether the traffic is inbound or outbound. If you can't determine that easily finding your IP in the relevant column (i.e. if you're using DHCP without reservations and the IP changes frequently), just press ctrl+2 to add a direction column to the events view. That should make it crystal clear.
__________________
How to Block Google Spyware
"They're going to sell it to us as a security system -- they may even have convinced themselves it will improve security -- but it's fundamentally a control system." - Bruce Schneier
Reply With Quote
Reply

Tags
attacked, port, spyware

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Would it be the PC attacked ? satimis Security and Privacy 2 9th July 2008 08:11 AM
Help! my computer was attacked by hacker cyhsieh Security and Privacy 4 28th December 2005 06:09 PM
I think I was attacked, what to do?? odiseo77 Security and Privacy 9 24th April 2005 06:37 AM
Have I been attacked? byw Security and Privacy 5 26th February 2005 04:57 AM


Current GMT-time: 21:10 (Friday, 18-04-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat