About a week ago while using windows, I got a call from my isp stating that my email account and internet access had been suspended pending investigation. Apparently I ended up with a backdoor installed on my windows box, and someone (perhaps several people) where sending out pron emails to various people. They had over 100 complaints filed against me. I did a virus scan, found and removed the backdoor. I then installed a firewall. In just over 5 days I had 246972 attempts blocked and 215 high risk attempts blocked. Now that I'm back in Linux I'm concerned. Mostly because I can't see my firewall working and know for sure that it's doing what it's supposed to be doing. I don't know how long that backdoor was installed, could have been weeks. So who knows how many people know about it and are trying to get in.

My question(s) is this. How do I see my firewall activity under Suse 9.0 Pro? When I installed I saw there was some intrusion monitors, how do I run these or if already running how do I use them?

And if anyone has some suggestions feel free.

The last thing I need is for this to happen again. I'm rather paranoid about this whole thing.

There is a gui firewall called firestarter you can get and install. It shows you when you get a hit, where its from, protocol, port, etc.

You could also check your firewall logs.

http://firestarter.sourceforge.net/

Your firewall will log to a file somewhere - check under /var/log - mine is/was in /var/log/messages.

Then get in the habit of watching that file -

tail -f /var/log/messages

o man, I never knew about the tail command. That helps soo much. thanks

This thread is what I was looking for. I have a home system with cable internet. There are 2 computers connected to a router with NAT. Do I still need a firewall? I use Mandrake9.0.

TIA

I have a router with a firewall, but I still use a firewall in linux.

OK, thanks. I may look into Firestarter...

Well my /var/log/messages is emtpy. Either way, I'm going to give firestarter a try.

Thanks for all the help.

I've been using Firestarter for awhile and there couldn't be an easier one to setup and run. I have checked it against several sites and no problems yet. I would recommend it.

I used to use firestarter for a while, but then I wanted to try guarddog. I tried guarddog and configured my firewall, but I tested it against several sites and I wasn't getting good results. I came back to firestarter and am now using it with very good results.

Gets 2 thumbs up