why did and how come i got so many firewall hits within seconds of installing ubuntu?

[scrypt]

Hey all.

Ive just reinstalled Ubuntu 8.10 alongside Vista (Dual boot).

and something quite worrying happened.!!

the first thing i installed before even installing all the updates, was firestater firewall.

and literally within 3 seconds of installing firestarter and running it.

I got numerous firewall HIT alerts.

It looks as though i was hit by numerous ip addresses, but they where all hitting me on the same port.

Port number: 588116

It has been sometime since i have used ubuntu because my new laptop was shipped with vista, so i must admit i have been quitly impressed with Microsofts new outing.

But never the less, the alure to come back to Ubuntu has just been to strong, because i have got a little fed up with some of the niggly little security issues Microsofts OS have always been blighted with (Even Vista)

I am unsure wheather i should be concerned wit being hit so many times , or if indeed they pose a security threat.

But i had never had so many firewall hits within seconds of installing Ubuntu.

I'm hoping someone will be able to shed a little light onto my above issue and if possible tell me of a soluton, or a way to stop it ever happening again.

I look forward to once again conversing with all you helpfull souls.

I have copied a list of all the firewall hits I got below. so I hope it might be helpfull When/If anyone helps me out...
Kind Regards

Mark Hogan


Time:Jan 24 06:31:58 Direction: Unknown In:eth0 Out: Port:58116 Source:117.193.1.21 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:32:00 Direction: Unknown In:eth0 Out: Port:58116 Source:117.193.1.21 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:32:06 Direction: Unknown In:eth0 Out: Port:58116 Source:117.193.1.21 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:47 Direction: Unknown In:eth0 Out: Port:58116 Source:118.108.156.125 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:34:50 Direction: Unknown In:eth0 Out: Port:58116 Source:118.161.250.86 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:31:59 Direction: Unknown In:eth0 Out: Port:58116 Source:121.30.130.197 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:34:56 Direction: Unknown In:eth0 Out: Port:58116 Source:122.173.23.184 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:23 Direction: Unknown In:eth0 Out: Port:58116 Source:12.219.43.197 Destination:192.168.0.2 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:35:07 Direction: Unknown In:eth0 Out: Port:58116 Source:122.53.63.185 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:35:05 Direction: Unknown In:eth0 Out: Port:58116 Source:123.204.133.222 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:33:48 Direction: Unknown In:eth0 Out: Port:58116 Source:124.144.188.138 Destination:192.168.0.2 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:33:14 Direction: Unknown In:eth0 Out: Port:58116 Source:125.25.26.254 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:40 Direction: Unknown In:eth0 Out: Port:58116 Source:125.78.14.76 Destination:192.168.0.2 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:31:49 Direction: Unknown In:eth0 Out: Port:58116 Source:189.158.154.4 Destination:192.168.0.2 Length:95 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:48 Direction: Unknown In:eth0 Out: Port:58116 Source:190.246.206.82 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:46 Direction: Unknown In:eth0 Out: Port:58116 Source:201.9.234.200 Destination:192.168.0.2 Length:131 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:34:36 Direction: Unknown In:eth0 Out: Port:58116 Source:218.102.149.17 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:35:06 Direction: Unknown In:eth0 Out: Port:58116 Source:220.138.49.2 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:33:43 Direction: Unknown In:eth0 Out: Port:58116 Source:4.79.142.206 Destination:192.168.0.2 Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:45 Direction: Unknown In:eth0 Out: Port:58116 Source:4.79.142.206 Destination:192.168.0.2 Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:47 Direction: Unknown In:eth0 Out: Port:58116 Source:4.79.142.206 Destination:192.168.0.2 Length:44 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:34:33 Direction: Unknown In:eth0 Out: Port:58116 Source:60.185.152.244 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:37 Direction: Unknown In:eth0 Out: Port:58116 Source:62.226.66.138 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:34:55 Direction: Unknown In:eth0 Out: Port:58116 Source:71.100.136.224 Destination:192.168.0.2 Length:95 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:34 Direction: Unknown In:eth0 Out: Port:58116 Source:74.170.14.244 Destination:192.168.0.2 Length:131 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:35:50 Direction: Unknown In:eth0 Out: Port:58116 Source:76.117.126.108 Destination:192.168.0.2 Length:52 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:35:58 Direction: Unknown In:eth0 Out: Port:58116 Source:76.117.126.108 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:35:56 Direction: Unknown In:eth0 Out: Port:58116 Source:77.224.159.125 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:26 Direction: Unknown In:eth0 Out: Port:58116 Source:79.46.142.32 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:33:30 Direction: Unknown In:eth0 Out: Port:58116 Source:80.202.222.7 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:34:45 Direction: Unknown In:eth0 Out: Port:58116 Source:82.120.123.8 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:35:25 Direction: Unknown In:eth0 Out: Port:58116 Source:85.122.86.216 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:31:59 Direction: Unknown In:eth0 Out: Port:58116 Source:86.139.6.119 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:35:18 Direction: Unknown In:eth0 Out: Port:58116 Source:89.212.53.6 Destination:192.168.0.2 Length:60 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:35:43 Direction: Unknown In:eth0 Out: Port:58116 Source:89.215.88.199 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:33:36 Direction: Unknown In:eth0 Out: Port:58116 Source:89.243.158.124 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:39 Direction: Unknown In:eth0 Out: Port:58116 Source:89.243.158.124 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:45 Direction: Unknown In:eth0 Out: Port:58116 Source:89.243.158.124 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:35:00 Direction: Unknown In:eth0 Out: Port:58116 Source:89.25.56.66 Destination:192.168.0.2 Length:126 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:34:21 Direction: Unknown In:eth0 Out: Port:58116 Source:90.211.221.214 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:34:55 Direction: Unknown In:eth0 Out: Port:58116 Source:90.211.221.214 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:34:58 Direction: Unknown In:eth0 Out: Port:58116 Source:90.211.221.214 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:35:04 Direction: Unknown In:eth0 Out: Port:58116 Source:90.211.221.214 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:28 Direction: Unknown In:eth0 Out: Port:58116 Source:92.10.7.51 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:31 Direction: Unknown In:eth0 Out: Port:58116 Source:92.10.7.51 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:33:37 Direction: Unknown In:eth0 Out: Port:58116 Source:92.10.7.51 Destination:192.168.0.2 Length:48 TOS:0x00 Protocol:TCP Service:Unknown
Time:Jan 24 06:34:59 Direction: Unknown In:eth0 Out: Port:58116 Source:92.3.211.64 Destination:192.168.0.2 Length:129 TOS:0x00 Protocol:UDP Service:Unknown
Time:Jan 24 06:32:03 Direction: Unknown In:eth0 Out: Port:58116 Source:99.224.197.244 Destination:192.168.0.2 Length:95 TOS:0x00 Protocol:UDP Service:Unknown

[hyper_ch]

(1) firestarter is no firewall
(2) by installing firestarter you change the default rules in iptables
(3) if you don't have anything running on that port, don't be worried

[iponeverything]

Are you running transmission or some other bit torrent client?

Here's the deal. You box is on a private ip address that is NAT'ed to outside world.

What this means is that - These boxes that are going to port 58116 are not initiating connections in. They can't 192.168 is not route-able, they are instead responding to connections initiated by your machine.

run:

Code:

sudo lsof|grep 58116

to try to find out what on your box is so chatty.

[bgerlich]

You already have a firewall, it is called "iptables", firestarter is just a GUI for iptables, plus it adds some stuff like aggressive logging, you don't need to change the default settings or install firestarter if you haven't installed any services - fileserver, ssh server, apache, router.

If you have been running a torrent client in Vista and rebooted to ubuntu, those log prompts are bittorrent peers you were connected to in Vista still trying to connect with your machine.

[mikewhatever]

If you use p2p software on Windows, and the incoming port is 58116, even after the program is not running, you'll still get numerous requests on that port. I don't think there is much to worry about if that's the case.