Mailinglist Archive: opensuse (4053 mails)

< Previous Next >
Ksnuffle's and my account+proxy1+Queries?
Ok, I have a few questions. But let's set the context.
A) Cable modem (from @home) and Intel hub lights going crazy since Sunday
B) Known cause is CodeRed/2 and SirCam
C) httpd running on sys for susehelp
D) Apache running to learn about setting up server
E) Roxen running for same purpose
F) Ipforwarding disable due to virus activety globally on the net
G) various services up and running

Now, upon running various sniffer programs, etc... It has come to my
attention that my machince my be used by the aforementioned virii (please -
no debate on verbage/grammer related to the word virii). Admittedly, part of
me wants to let my sys be used to make life hard for anything M$. However,
ethically I do not want to participate in cause damage to any legitamate
business by tacitally helping the current malicious viral activity.

When running the "ksnuffle" program and looking at the DNS tab I see the
following types of entries:

Requester: cb9525blah,blah (in other words me)
Server: proxy1 and a the address 15.6.204.17
Query: a slew of internet addresses (e.g. 156.158.89.10, etc,...)
Answer: Either it's blank or reads "Unkown type 0"
Query Time: a time stamp (e.g. 15:33:52.73...)
Answer Time: Similar to the above

I admittedly am a newbie of just over a year with no programming experience.
I have not set up a firewall because I don't understand how to list the
services and ports to allow/not allow. I have used the personal-firewall
before but on-line gaming and other programs could not access the net.
I do believe it's time for me to stop straddling the fence and go for setting
up a firewall/ipchains/tables. I also admit to being a gui slut (sorry -
iconical interface along with lexiconal serve me better then pure
lexiconal/command line alone). Can the SuSE list give me feed back and
comments on how to:
A) Ensure that my sys is not being used for malicious purposes
B) Any resource for securing net access such as Readme's, HowTo's, Programs,
etc....

Please bear in mind throwing a comment at me that state "Use ipchains" will
be absolutely no use to me (the same goes for read man ipchains) because I
have looked at these and am not fully understanding them because Linux is the
only experience I have with Unix style systems and that's very limited at
best.

TIA, Curtis

< Previous Next >
Follow Ups