[ubuntu] Firestarter detected hit [Archive]

View Full Version : [ubuntu] Firestarter detected hit

ratmandall

September 7th, 2008, 08:50 AM

Time: Sep 7 21:58:17 Source: 208.69.148.102 Destination: 192.168.0.101 In IF: wlan0 Out IF: Port: 80 Length: 68 ToS: 0x00 Protocol: ICMP Service: HTTP
http://whois.domaintools.com/208.69.148.102

Should I be worried?

rogeriopvl

September 7th, 2008, 11:22 AM

Well, a hit is just a blocked attempt to something. You should not worry about it, only if you see several attempts from one IP address, and even in that case, if you have no services listening for outside connections you have no reason to worry.

kevdog

September 7th, 2008, 11:23 AM

Looks like an ping request -- I wouldn't be worried.

hyper_ch

September 7th, 2008, 11:37 AM

are you sure that you actually need to alter the default firewall rules?

ratmandall

September 8th, 2008, 01:36 AM

are you sure that you actually need to alter the default firewall rules?

Are you saying I did?

hyper_ch

September 8th, 2008, 02:12 AM

yes did by insatlling firestarter.

1Michael1

July 14th, 2010, 05:20 AM

I've the same issue, it pops up a detected hit quite often since I've started the firestarter.

This is how it looks like, should I be worried? Look at the time stamps, it's coming quite frequently.

http://a.imageshack.us/img248/4608/60407432.png (http://img248.imageshack.us/i/60407432.png/)

1Michael1

July 14th, 2010, 02:11 PM

Sorry for the double post but it keeps coming every second now.

I ain't running any programs.

http://img215.imageshack.us/img215/7317/40872745.png (http://img215.imageshack.us/i/40872745.png/)

bodhi.zazen

July 14th, 2010, 02:16 PM

Are you running a torrent ?

1Michael1

July 14th, 2010, 02:20 PM

No, I don't run anything besides Pidgin and Chrome.

bodhi.zazen

July 14th, 2010, 02:30 PM

Post the output of

sudo lsof -i -n -PThat should give us insight.

If you really want to know, install wireshark (do not run wireshark as root) and capture a few packets.

If you are causally asking, IMO Dropped packets are almost always meaningless.

xpod

July 14th, 2010, 03:31 PM

Post the output of

sudo losf -i -n -P

That should give us insight.

If you really want to know, isntall wireshard (do not run wireshark as root) and capture a few packtes.

If you are causally asking, IMO Dropped packets are almost always meaningless.

Bit of a typo in that command bodhi.
I think you actually mean "lsof" and not "losf". :)

As far as Firestarter itself is concerned that events tab seems to cause more problems than it solves. People see all the blocked connections in that events tab and dont seem to realize it`s actually just doing it`s job....hopefully anyway.