Is this a network attack ?

Ciohap22 · Post by **Ciohap22** » Fri Feb 14, 2014 2:15 am

Hi. I am running Mint 16 and windows 7 on my machine. I am new to Linux and i am trying to understand some things that i see in the Log Viewer.
It`s been days now since i see this kind of things in log:

Code: Select all

Feb 14 07:18:57 zgobark-P31-S3G rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="829" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Feb 14 07:18:57 zgobark-P31-S3G kernel: [  323.573055] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=10927 DF PROTO=TCP SPT=35230 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:19:06 zgobark-P31-S3G anacron[1286]: Job `cron.daily' terminated
Feb 14 07:19:06 zgobark-P31-S3G kernel: [  332.582387] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=10937 DF PROTO=TCP SPT=35230 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:19:30 zgobark-P31-S3G kernel: [  356.751773] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=17.172.232.184 DST=79.116.228.199 LEN=89 TOS=0x00 PREC=0x00 TTL=42 ID=26023 DF PROTO=TCP SPT=443 DPT=63169 WINDOW=158 RES=0x00 ACK PSH URGP=0 
Feb 14 07:20:00 zgobark-P31-S3G kernel: [  386.253797] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=10957 DF PROTO=TCP SPT=37279 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:20:41 zgobark-P31-S3G kernel: [  427.710506] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=17.172.232.125 DST=79.116.228.199 LEN=169 TOS=0x00 PREC=0x00 TTL=42 ID=5614 DF PROTO=TCP SPT=443 DPT=62701 WINDOW=167 RES=0x00 ACK PSH URGP=0 
Feb 14 07:20:43 zgobark-P31-S3G kernel: [  429.226062] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=17.172.232.125 DST=79.116.228.199 LEN=169 TOS=0x00 PREC=0x00 TTL=42 ID=5615 DF PROTO=TCP SPT=443 DPT=62701 WINDOW=167 RES=0x00 ACK PSH URGP=0 
Feb 14 07:20:52 zgobark-P31-S3G kernel: [  438.322216] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=17.172.232.125 DST=79.116.228.199 LEN=169 TOS=0x00 PREC=0x00 TTL=42 ID=5617 DF PROTO=TCP SPT=443 DPT=62701 WINDOW=167 RES=0x00 ACK PSH URGP=0 
Feb 14 07:21:06 zgobark-P31-S3G kernel: [  452.963581] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11077 DF PROTO=TCP SPT=34650 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:21:18 zgobark-P31-S3G sudo: pam_ecryptfs: pam_sm_authenticate: /home/zgobark is already mounted
Feb 14 07:21:28 zgobark-P31-S3G kernel: [  474.706285] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=17.172.232.125 DST=79.116.228.199 LEN=169 TOS=0x00 PREC=0x00 TTL=42 ID=5620 DF PROTO=TCP SPT=443 DPT=62701 WINDOW=167 RES=0x00 ACK PSH URGP=0 
Feb 14 07:22:05 zgobark-P31-S3G kernel: [  511.374192] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11271 DF PROTO=TCP SPT=34204 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:22:08 zgobark-P31-S3G kernel: [  514.403390] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11277 DF PROTO=TCP SPT=34204 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:22:35 zgobark-P31-S3G kernel: [  542.161302] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=2005 DF PROTO=TCP SPT=56054 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:23:03 zgobark-P31-S3G kernel: [  569.213879] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11290 DF PROTO=TCP SPT=36498 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:23:09 zgobark-P31-S3G kernel: [  575.213578] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11294 DF PROTO=TCP SPT=36498 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:23:17 zgobark-P31-S3G kernel: [  583.194198] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=199.19.215.59 DST=79.116.228.199 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=TCP SPT=80 DPT=55049 WINDOW=0 RES=0x00 RST URGP=0 
Feb 14 07:23:35 zgobark-P31-S3G kernel: [  601.947361] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=199.19.215.59 DST=79.116.228.199 LEN=40 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=TCP SPT=80 DPT=55049 WINDOW=0 RES=0x00 RST URGP=0 
Feb 14 07:23:46 zgobark-P31-S3G kernel: [  613.008893] nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach helpers instead.
Feb 14 07:23:48 zgobark-P31-S3G anacron[1286]: Job `cron.weekly' started
Feb 14 07:23:48 zgobark-P31-S3G anacron[3350]: Updated timestamp for job `cron.weekly' to 2014-02-14
Feb 14 07:24:00 zgobark-P31-S3G kernel: [  626.774669] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11314 DF PROTO=TCP SPT=32470 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:24:03 zgobark-P31-S3G kernel: [  629.773786] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11315 DF PROTO=TCP SPT=32470 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:24:13 zgobark-P31-S3G kernel: [  640.043809] perf samples too long (2506 > 2500), lowering kernel.perf_event_max_sample_rate to 50000
Feb 14 07:24:59 zgobark-P31-S3G kernel: [  685.985047] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11347 DF PROTO=TCP SPT=33573 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:25:01 zgobark-P31-S3G anacron[1286]: Job `cron.weekly' terminated
Feb 14 07:25:01 zgobark-P31-S3G anacron[1286]: Normal exit (2 jobs run)
Feb 14 07:25:02 zgobark-P31-S3G kernel: [  688.198508] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=175.140.249.91 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=121 ID=41715 PROTO=UDP SPT=1027 DPT=16464 LEN=24 
Feb 14 07:25:08 zgobark-P31-S3G kernel: [  695.023863] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11354 DF PROTO=TCP SPT=33573 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:25:10 zgobark-P31-S3G kernel: [  696.741728] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=88.34.216.162 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=12776 PROTO=UDP SPT=55341 DPT=16464 LEN=24 
Feb 14 07:25:56 zgobark-P31-S3G kernel: [  742.274031] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=24.47.223.55 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=118 ID=41782 PROTO=UDP SPT=1149 DPT=16464 LEN=24 
Feb 14 07:26:01 zgobark-P31-S3G kernel: [  747.235163] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11390 DF PROTO=TCP SPT=58884 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:26:07 zgobark-P31-S3G kernel: [  753.193270] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=4863 DF PROTO=TCP SPT=57777 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:26:40 zgobark-P31-S3G kernel: [  786.694414] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=208.38.104.155 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=108 ID=11217 PROTO=UDP SPT=1025 DPT=16464 LEN=24 
Feb 14 07:27:10 zgobark-P31-S3G kernel: [  817.025586] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11408 DF PROTO=TCP SPT=56344 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:27:19 zgobark-P31-S3G kernel: [  826.044525] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11411 DF PROTO=TCP SPT=56344 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:27:27 zgobark-P31-S3G kernel: [  833.623763] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=83.47.6.136 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=115 ID=64004 PROTO=UDP SPT=1029 DPT=16464 LEN=24 
Feb 14 07:28:00 zgobark-P31-S3G kernel: [  866.175315] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=116.236.205.138 DST=79.116.228.199 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=20006 DF PROTO=TCP SPT=34050 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0 
Feb 14 07:28:07 zgobark-P31-S3G kernel: [  874.016010] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11419 DF PROTO=TCP SPT=36490 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:28:59 zgobark-P31-S3G kernel: [  925.646164] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11441 DF PROTO=TCP SPT=35952 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:29:02 zgobark-P31-S3G kernel: [  928.645288] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11442 DF PROTO=TCP SPT=35952 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:29:08 zgobark-P31-S3G kernel: [  934.675489] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11443 DF PROTO=TCP SPT=35952 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:29:31 zgobark-P31-S3G kernel: [  957.785046] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=13323 DF PROTO=TCP SPT=59491 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:29:47 zgobark-P31-S3G kernel: [  973.881954] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=52583 DF PROTO=TCP SPT=993 DPT=47137 WINDOW=16 RES=0x00 ACK PSH URGP=0 
Feb 14 07:30:01 zgobark-P31-S3G CRON[3441]: (root) CMD (start -q anacron || :)
Feb 14 07:30:01 zgobark-P31-S3G anacron[3444]: Anacron 2.3 started on 2014-02-14
Feb 14 07:30:01 zgobark-P31-S3G anacron[3444]: Normal exit (0 jobs run)
Feb 14 07:30:08 zgobark-P31-S3G kernel: [  995.049267] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=52590 DF PROTO=TCP SPT=993 DPT=47137 WINDOW=16 RES=0x00 ACK PSH URGP=0 
Feb 14 07:30:30 zgobark-P31-S3G kernel: [ 1016.553192] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=52591 DF PROTO=TCP SPT=993 DPT=47137 WINDOW=16 RES=0x00 ACK PSH URGP=0 
Feb 14 07:30:53 zgobark-P31-S3G kernel: [ 1039.166804] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11514 DF PROTO=TCP SPT=34174 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:31:13 zgobark-P31-S3G kernel: [ 1059.560597] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=52592 DF PROTO=TCP SPT=993 DPT=47137 WINDOW=16 RES=0x00 ACK PSH URGP=0 
Feb 14 07:31:32 zgobark-P31-S3G kernel: [ 1078.204508] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=22791 DF PROTO=TCP SPT=60427 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:31:50 zgobark-P31-S3G kernel: [ 1096.696832] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11591 DF PROTO=TCP SPT=37620 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:32:26 zgobark-P31-S3G kernel: [ 1132.996193] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=66.165.170.251 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=13995 PROTO=UDP SPT=1063 DPT=16464 LEN=24 
Feb 14 07:32:46 zgobark-P31-S3G kernel: [ 1153.037656] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11614 DF PROTO=TCP SPT=33435 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:32:49 zgobark-P31-S3G kernel: [ 1156.056834] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11615 DF PROTO=TCP SPT=33435 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:33:40 zgobark-P31-S3G kernel: [ 1206.977770] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11680 DF PROTO=TCP SPT=33197 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:33:43 zgobark-P31-S3G kernel: [ 1210.036934] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11681 DF PROTO=TCP SPT=33197 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:33:47 zgobark-P31-S3G kernel: [ 1213.980089] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=24631 DF PROTO=TCP SPT=61622 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:34:40 zgobark-P31-S3G kernel: [ 1266.818142] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11707 DF PROTO=TCP SPT=34784 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:34:43 zgobark-P31-S3G kernel: [ 1269.840879] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11708 DF PROTO=TCP SPT=34784 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:34:49 zgobark-P31-S3G kernel: [ 1275.847054] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11710 DF PROTO=TCP SPT=34784 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:34:57 zgobark-P31-S3G sudo: pam_ecryptfs: pam_sm_authenticate: /home/zgobark is already mounted
Feb 14 07:35:46 zgobark-P31-S3G kernel: [ 1332.218901] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11723 DF PROTO=TCP SPT=34985 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:35:49 zgobark-P31-S3G kernel: [ 1335.267671] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11725 DF PROTO=TCP SPT=34985 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:35:51 zgobark-P31-S3G kernel: [ 1338.057608] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=177.37.0.1 DST=79.116.228.199 LEN=72 TOS=0x00 PREC=0x00 TTL=43 ID=0 DF PROTO=UDP SPT=53 DPT=32690 LEN=52 
Feb 14 07:36:44 zgobark-P31-S3G cinnamon-session[1831]: CRITICAL: csm_manager_set_phase: assertion 'CSM_IS_MANAGER (manager)' failed
Feb 14 07:36:44 zgobark-P31-S3G cinnamon-session[1831]: Gtk-CRITICAL: gtk_main_quit: assertion 'main_loops != NULL' failed
Feb 14 07:36:44 zgobark-P31-S3G colord: device removed: xrandr-Goldstar Company Ltd-W1941-32133
Feb 14 07:36:44 zgobark-P31-S3G colord: Profile removed: icc-34aa5b6299ace27947b61d53b5930790
Feb 14 07:36:44 zgobark-P31-S3G NetworkManager[1026]: <warn> error requesting auth for org.freedesktop.NetworkManager.settings.modify.own: (3) GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Could not get UID of name ':1.30': no such name
Feb 14 07:36:44 zgobark-P31-S3G NetworkManager[1026]: <warn> error requesting auth for org.freedesktop.NetworkManager.settings.modify.hostname: (3) GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: GDBus.Error:org.freedesktop.DBus.Error.NameHasNoOwner: Could not get UID of name ':1.30': no such name
Feb 14 07:36:46 zgobark-P31-S3G acpid: client 1380[0:0] has disconnected
Feb 14 07:36:46 zgobark-P31-S3G acpid: client 1380[0:0] has disconnected
Feb 14 07:36:46 zgobark-P31-S3G acpid: client connected from 4106[0:0]
Feb 14 07:36:46 zgobark-P31-S3G acpid: 1 client rule loaded
Feb 14 07:36:46 zgobark-P31-S3G acpid: client connected from 4106[0:0]
Feb 14 07:36:46 zgobark-P31-S3G acpid: 1 client rule loaded
Feb 14 07:36:47 zgobark-P31-S3G mdm[4101]: WARNING: failed to get file info for accountService pic file: Error when getting information for file '/var/lib/AccountsService/icons/zgobark': No such file or directory
Feb 14 07:36:47 zgobark-P31-S3G mdm[4101]: WARNING: failed to get file info for accountService pic file: Error when getting information for file '/home/zgobark/.face': No such file or directory
Feb 14 07:36:47 zgobark-P31-S3G mdm[4101]: GLib-GIO-CRITICAL: g_file_info_get_attribute_uint64: assertion 'G_IS_FILE_INFO (info)' failed
Feb 14 07:36:47 zgobark-P31-S3G mdm[4101]: GLib-GIO-CRITICAL: g_file_info_get_attribute_uint64: assertion 'G_IS_FILE_INFO (info)' failed
Feb 14 07:36:48 zgobark-P31-S3G kernel: [ 1394.258868] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11746 DF PROTO=TCP SPT=37458 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:36:51 zgobark-P31-S3G kernel: [ 1397.238018] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11748 DF PROTO=TCP SPT=37458 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:37:10 zgobark-P31-S3G mdm[4134]: pam_ecryptfs: Passphrase file wrapped
Feb 14 07:37:11 zgobark-P31-S3G rtkit-daemon[1960]: Successfully made thread 4279 of process 4279 (n/a) owned by '1000' high priority at nice level -11.
Feb 14 07:37:11 zgobark-P31-S3G rtkit-daemon[1960]: Supervising 1 threads of 1 processes of 1 users.
Feb 14 07:37:11 zgobark-P31-S3G dbus[838]: [system] Activating service name='org.freedesktop.systemd1' (using servicehelper)
Feb 14 07:37:11 zgobark-P31-S3G rtkit-daemon[1960]: Successfully made thread 4294 of process 4279 (n/a) owned by '1000' RT at priority 5.
Feb 14 07:37:11 zgobark-P31-S3G rtkit-daemon[1960]: Supervising 2 threads of 1 processes of 1 users.
Feb 14 07:37:11 zgobark-P31-S3G dbus[838]: [system] Successfully activated service 'org.freedesktop.systemd1'
Feb 14 07:37:11 zgobark-P31-S3G rtkit-daemon[1960]: Successfully made thread 4296 of process 4279 (n/a) owned by '1000' RT at priority 5.
Feb 14 07:37:11 zgobark-P31-S3G rtkit-daemon[1960]: Supervising 3 threads of 1 processes of 1 users.
Feb 14 07:37:12 zgobark-P31-S3G colord: Device added: xrandr-Goldstar Company Ltd-W1941-32133
Feb 14 07:37:12 zgobark-P31-S3G colord: Profile added: icc-34aa5b6299ace27947b61d53b5930790
Feb 14 07:37:12 zgobark-P31-S3G NetworkManager[1026]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
Feb 14 07:37:17  NetworkManager[1026]: last message repeated 3 times
Feb 14 07:37:17 zgobark-P31-S3G kernel: [ 1423.651838] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=27438 DF PROTO=TCP SPT=63364 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:37:20 zgobark-P31-S3G kernel: [ 1426.641273] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=27482 DF PROTO=TCP SPT=63364 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:37:26 zgobark-P31-S3G kernel: [ 1432.648279] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=27575 DF PROTO=TCP SPT=63364 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:37:48 zgobark-P31-S3G kernel: [ 1454.839798] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11777 DF PROTO=TCP SPT=35890 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:38:42 zgobark-P31-S3G kernel: [ 1508.665404] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=67.192.215.51 DST=79.116.228.199 LEN=149 TOS=0x00 PREC=0x00 TTL=42 ID=50743 PROTO=UDP SPT=53 DPT=32690 LEN=129 
Feb 14 07:39:01 zgobark-P31-S3G CRON[4502]: (root) CMD (  [ -x /usr/lib/php5/maxlifetime ] && [ -x /usr/lib/php5/sessionclean ] && [ -d /var/lib/php5 ] && /usr/lib/php5/sessionclean /var/lib/php5 $(/usr/lib/php5/maxlifetime))
Feb 14 07:39:35 zgobark-P31-S3G kernel: [ 1561.443558] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=12.47.20.170 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=107 ID=25480 DF PROTO=UDP SPT=54185 DPT=16464 LEN=24 
Feb 14 07:39:55 zgobark-P31-S3G kernel: [ 1581.429653] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11813 DF PROTO=TCP SPT=35499 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:40:29 zgobark-P31-S3G kernel: [ 1615.360635] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=79.148.235.6 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=18537 PROTO=UDP SPT=38068 DPT=16464 LEN=24 
Feb 14 07:40:58 zgobark-P31-S3G kernel: [ 1644.613464] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11842 DF PROTO=TCP SPT=37432 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:41:07 zgobark-P31-S3G NetworkManager[1026]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
Feb 14 07:41:07 zgobark-P31-S3G NetworkManager[1026]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
Feb 14 07:41:17 zgobark-P31-S3G kernel: [ 1663.566529] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=31245 DF PROTO=TCP SPT=65334 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:41:20 zgobark-P31-S3G kernel: [ 1666.569267] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=31280 DF PROTO=TCP SPT=65334 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:41:26 zgobark-P31-S3G kernel: [ 1672.572963] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=31367 DF PROTO=TCP SPT=65334 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:42:03 zgobark-P31-S3G kernel: [ 1709.860304] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11875 DF PROTO=TCP SPT=34802 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:42:09 zgobark-P31-S3G kernel: [ 1715.880005] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11878 DF PROTO=TCP SPT=34802 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:42:33 zgobark-P31-S3G dbus[838]: [system] Activating service name='org.freedesktop.timedate1' (using servicehelper)
Feb 14 07:42:33 zgobark-P31-S3G dbus[838]: [system] Successfully activated service 'org.freedesktop.timedate1'
Feb 14 07:42:33 zgobark-P31-S3G dbus[838]: [system] Activating service name='org.freedesktop.systemd1' (using servicehelper)
Feb 14 07:42:33 zgobark-P31-S3G dbus[838]: [system] Successfully activated service 'org.freedesktop.systemd1'
Feb 14 07:42:50 zgobark-P31-S3G kernel: [ 1756.973807] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=190.29.18.33 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=47802 PROTO=UDP SPT=17253 DPT=16464 LEN=24 
Feb 14 07:43:00 zgobark-P31-S3G kernel: [ 1767.010887] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11902 DF PROTO=TCP SPT=39939 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:43:09 zgobark-P31-S3G kernel: [ 1776.080271] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11905 DF PROTO=TCP SPT=39939 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:43:48 zgobark-P31-S3G kernel: [ 1814.710794] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=76.164.35.26 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=117 ID=18484 PROTO=UDP SPT=58000 DPT=16464 LEN=24 
Feb 14 07:44:00 zgobark-P31-S3G kernel: [ 1826.401297] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11938 DF PROTO=TCP SPT=34437 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:44:03 zgobark-P31-S3G kernel: [ 1829.410453] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11940 DF PROTO=TCP SPT=34437 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:44:09 zgobark-P31-S3G kernel: [ 1835.410231] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11941 DF PROTO=TCP SPT=34437 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:44:45 zgobark-P31-S3G kernel: [ 1871.375694] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=1288 DF PROTO=TCP SPT=50685 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:44:48 zgobark-P31-S3G kernel: [ 1874.377452] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=1326 DF PROTO=TCP SPT=50685 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:44:54 zgobark-P31-S3G kernel: [ 1880.375469] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=119 ID=1411 DF PROTO=TCP SPT=50685 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:45:12 zgobark-P31-S3G kernel: [ 1898.241234] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11957 DF PROTO=TCP SPT=33944 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:45:51 zgobark-P31-S3G kernel: [ 1937.865717] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=93.174.93.51 DST=79.116.228.199 LEN=40 TOS=0x00 PREC=0x00 TTL=251 ID=54321 PROTO=TCP SPT=39016 DPT=6588 WINDOW=65535 RES=0x00 SYN URGP=0 
Feb 14 07:46:02 zgobark-P31-S3G kernel: [ 1948.811813] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11982 DF PROTO=TCP SPT=37574 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:46:05 zgobark-P31-S3G kernel: [ 1951.810977] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=11983 DF PROTO=TCP SPT=37574 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:46:11 zgobark-P31-S3G kernel: [ 1957.811158] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=11988 DF PROTO=TCP SPT=37574 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:47:04 zgobark-P31-S3G kernel: [ 2010.632297] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12008 DF PROTO=TCP SPT=37789 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:47:06 zgobark-P31-S3G kernel: [ 2013.087340] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=175.143.111.242 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=59538 PROTO=UDP SPT=1027 DPT=16464 LEN=24 
Feb 14 07:47:07 zgobark-P31-S3G kernel: [ 2013.611473] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12010 DF PROTO=TCP SPT=37789 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:47:40 zgobark-P31-S3G kernel: [ 2046.650126] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=120 ID=3677 DF PROTO=TCP SPT=52130 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:47:49 zgobark-P31-S3G kernel: [ 2055.652122] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=3808 DF PROTO=TCP SPT=52130 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:48:07 zgobark-P31-S3G kernel: [ 2074.092822] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12050 DF PROTO=TCP SPT=36518 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:48:28 zgobark-P31-S3G kernel: [ 2094.232917] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=79.119.162.43 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=123 ID=27219 DF PROTO=TCP SPT=52438 DPT=49871 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:49:00 zgobark-P31-S3G kernel: [ 2126.443154] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12067 DF PROTO=TCP SPT=38943 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:49:08 zgobark-P31-S3G kernel: [ 2135.011080] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=54836 DF PROTO=TCP SPT=993 DPT=47126 WINDOW=18 RES=0x00 ACK PSH URGP=0 
Feb 14 07:49:47 zgobark-P31-S3G kernel: [ 2173.313945] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=54839 DF PROTO=TCP SPT=993 DPT=47126 WINDOW=18 RES=0x00 ACK PSH URGP=0 
Feb 14 07:49:59 zgobark-P31-S3G kernel: [ 2185.403148] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12093 DF PROTO=TCP SPT=35650 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:50:08 zgobark-P31-S3G kernel: [ 2194.402461] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=12097 DF PROTO=TCP SPT=35650 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:50:30 zgobark-P31-S3G kernel: [ 2217.089795] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=64.12.88.161 DST=79.116.228.199 LEN=121 TOS=0x00 PREC=0x00 TTL=50 ID=54840 DF PROTO=TCP SPT=993 DPT=47126 WINDOW=18 RES=0x00 ACK PSH URGP=0 
Feb 14 07:50:55 zgobark-P31-S3G kernel: [ 2241.253480] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12122 DF PROTO=TCP SPT=34225 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:51:08 zgobark-P31-S3G kernel: [ 2254.593173] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=208.108.115.47 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=113 ID=33094 PROTO=UDP SPT=21872 DPT=16464 LEN=24 
Feb 14 07:51:49 zgobark-P31-S3G kernel: [ 2295.784140] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12166 DF PROTO=TCP SPT=38191 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:51:52 zgobark-P31-S3G kernel: [ 2298.823401] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12169 DF PROTO=TCP SPT=38191 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:52:12 zgobark-P31-S3G kernel: [ 2318.915081] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=222.186.25.44 DST=79.116.228.199 LEN=40 TOS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=8888 WINDOW=16384 RES=0x00 SYN URGP=0 
Feb 14 07:52:45 zgobark-P31-S3G kernel: [ 2351.474448] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12184 DF PROTO=TCP SPT=34290 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:53:33 zgobark-P31-S3G kernel: [ 2399.745396] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.211.107.241 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=117 ID=6542 PROTO=UDP SPT=54287 DPT=16464 LEN=24 
Feb 14 07:53:44 zgobark-P31-S3G kernel: [ 2410.904923] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12206 DF PROTO=TCP SPT=39010 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:53:47 zgobark-P31-S3G kernel: [ 2413.864094] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12207 DF PROTO=TCP SPT=39010 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:53:53 zgobark-P31-S3G kernel: [ 2419.863845] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=12209 DF PROTO=TCP SPT=39010 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:54:10 zgobark-P31-S3G kernel: [ 2436.991308] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=8989 DF PROTO=TCP SPT=55288 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:54:55 zgobark-P31-S3G kernel: [ 2481.714727] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=12235 DF PROTO=TCP SPT=34923 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:55:23 zgobark-P31-S3G kernel: [ 2509.994599] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=9984 DF PROTO=TCP SPT=55974 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:55:26 zgobark-P31-S3G kernel: [ 2512.996598] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=10018 DF PROTO=TCP SPT=55974 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:55:32 zgobark-P31-S3G kernel: [ 2518.395007] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=2.230.71.229 DST=79.116.228.199 LEN=71 TOS=0x00 PREC=0x00 TTL=48 ID=0 DF PROTO=UDP SPT=53 DPT=32690 LEN=51 
Feb 14 07:55:51 zgobark-P31-S3G kernel: [ 2537.694674] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=12373 DF PROTO=TCP SPT=38857 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:56:35 zgobark-P31-S3G kernel: [ 2581.391088] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=50.202.192.250 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=7114 DF PROTO=UDP SPT=15998 DPT=16464 LEN=24 
Feb 14 07:56:41 zgobark-P31-S3G NetworkManager[1026]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
Feb 14 07:56:41 zgobark-P31-S3G NetworkManager[1026]: <info> Unmanaged Device found; state CONNECTED forced. (see http://bugs.launchpad.net/bugs/191889)
Feb 14 07:56:44 zgobark-P31-S3G kernel: [ 2590.185346] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12433 DF PROTO=TCP SPT=32864 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:57:44 zgobark-P31-S3G kernel: [ 2650.626145] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12465 DF PROTO=TCP SPT=35781 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:57:45 zgobark-P31-S3G kernel: [ 2651.166789] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=86.110.157.226 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=105 ID=1483 PROTO=UDP SPT=1059 DPT=16464 LEN=24 
Feb 14 07:57:53 zgobark-P31-S3G kernel: [ 2659.655098] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=12487 DF PROTO=TCP SPT=35781 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:58:05 zgobark-P31-S3G kernel: [ 2672.013655] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=86.209.96.62 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=114 ID=53052 PROTO=UDP SPT=10584 DPT=16464 LEN=24 
Feb 14 07:58:24 zgobark-P31-S3G kernel: [ 2690.439523] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=94.99.90.252 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=111 ID=1920 PROTO=UDP SPT=59845 DPT=16464 LEN=24 
Feb 14 07:58:46 zgobark-P31-S3G kernel: [ 2712.906550] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12497 DF PROTO=TCP SPT=35033 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:58:52 zgobark-P31-S3G kernel: [ 2718.900938] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=14467 DF PROTO=TCP SPT=57684 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:59:43 zgobark-P31-S3G kernel: [ 2769.406584] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12512 DF PROTO=TCP SPT=32956 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:59:46 zgobark-P31-S3G kernel: [ 2772.405747] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12514 DF PROTO=TCP SPT=32956 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 07:59:46 zgobark-P31-S3G kernel: [ 2773.088623] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=98.89.105.70 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=110 ID=6961 PROTO=UDP SPT=52922 DPT=16464 LEN=24 
Feb 14 08:00:35 zgobark-P31-S3G kernel: [ 2821.797242] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12527 DF PROTO=TCP SPT=38965 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:00:38 zgobark-P31-S3G kernel: [ 2824.796416] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12528 DF PROTO=TCP SPT=38965 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:00:47 zgobark-P31-S3G kernel: [ 2833.945372] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=119 ID=27511 DF PROTO=TCP SPT=58612 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:01:36 zgobark-P31-S3G kernel: [ 2882.837308] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12553 DF PROTO=TCP SPT=36787 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:01:39 zgobark-P31-S3G kernel: [ 2885.826494] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12554 DF PROTO=TCP SPT=36787 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:02:06 zgobark-P31-S3G kernel: [ 2912.460663] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=219.97.239.66 DST=79.116.228.199 LEN=149 TOS=0x00 PREC=0x00 TTL=115 ID=23115 PROTO=UDP SPT=53 DPT=32690 LEN=129 
Feb 14 08:02:41 zgobark-P31-S3G kernel: [ 2947.427502] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12589 DF PROTO=TCP SPT=34365 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:02:45 zgobark-P31-S3G kernel: [ 2951.503806] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=12.37.7.20 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=106 ID=25363 PROTO=UDP SPT=1354 DPT=16464 LEN=24 
Feb 14 08:02:47 zgobark-P31-S3G kernel: [ 2953.447124] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=118 ID=12622 DF PROTO=TCP SPT=34365 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:03:12 zgobark-P31-S3G kernel: [ 2978.496029] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=175.128.219.66 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=104 ID=7813 PROTO=UDP SPT=1025 DPT=16464 LEN=24 
Feb 14 08:03:35 zgobark-P31-S3G kernel: [ 3001.457758] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=89.204.135.67 DST=79.116.228.199 LEN=52 TOS=0x00 PREC=0x00 TTL=118 ID=12652 DF PROTO=TCP SPT=39605 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:03:51 zgobark-P31-S3G kernel: [ 3017.727168] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=84.13.153.13 DST=79.116.228.199 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=31531 DF PROTO=TCP SPT=60070 DPT=61268 WINDOW=8192 RES=0x00 SYN URGP=0 
Feb 14 08:05:19 zgobark-P31-S3G kernel: [ 3105.327020] [UFW BLOCK] IN=ppp0 OUT= MAC= SRC=67.78.121.218 DST=79.116.228.199 LEN=44 TOS=0x00 PREC=0x00 TTL=112 ID=35520 PROTO=UDP SPT=3270 DPT=16464 LEN=24

I know these are firewall blocks. But they are so many and this thing is happening for weeks.
Is this an ip scan ? And if it is, what should i do ?
I`ve also seen this in log:

Code: Select all

Feb 13 17:08:40 zgobark-P31-S3G pppd[929]: Connect: ppp0 <--> eth1
Feb 13 17:08:40 zgobark-P31-S3G NetworkManager[1022]:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/ppp0, iface: ppp0)
Feb 13 17:08:40 zgobark-P31-S3G NetworkManager[1022]:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/ppp0, iface: ppp0): no ifupdown configuration found.
Feb 13 17:08:40 zgobark-P31-S3G NetworkManager[1022]: <warn> /sys/devices/virtual/net/ppp0: couldn't determine device driver; ignoring...
Feb 13 17:08:43 zgobark-P31-S3G pppd[929]: PAP authentication succeeded
Feb 13 17:08:43 zgobark-P31-S3G pppd[929]: peer from calling number 00:25:90:E0:7E:7B authorized
Feb 13 17:08:43 zgobark-P31-S3G pppd[929]: local  IP address 188.27.55.224
Feb 13 17:08:43 zgobark-P31-S3G pppd[929]: remote IP address 10.0.0.1
Feb 13 17:08:43 zgobark-P31-S3G pppd[929]: primary   DNS address 193.231.252.1
Feb 13 17:08:43 zgobark-P31-S3G pppd[929]: secondary DNS address 213.154.124.1

Peer ? Do i have a virtual server installed ? Or it`s just the network manager doing it`s stuff ?
I connect to internet usinf DSL cable. I have made the connection with pppoeconf and set it to connect at startup.
I have unistalled Samba, wich comes by default i guess... I don`t want no file sharing with anyone, or any other computer.
I think one of my neighbors is tryng to hack me... i know who he is. Or am I just paranoic ?

kukamuumuka · Post by **kukamuumuka** » Fri Feb 14, 2014 3:42 am

Install EtherApe and look the connections

Code: Select all

sudo apt-get install etherape

http://www.techrepublic.com/article/spy ... -etherape/

Ciohap22 · Post by **Ciohap22** » Fri Feb 14, 2014 5:01 am

I did... so now what ?
Which interface shoud i capture ? ppp0, eth1, any ?
I see lots of strange ip-s there : Finland, GB, Hungary ...
Protocols: most of the trafic is HTTP which is understandable because i constantly "google" every thing in my logs but i also see SMB. Is this Samba ? because i thought i`ve uninstalled it. Does this program listen to all the trafic on my network not just the trafic that involves my pc ?

Post by **xenopeek** » Fri Feb 14, 2014 5:22 am

While you might see some such things happening when you browse video streaming sites, like from Youtube or Apple, where there is some low-level protocol initiated by the server you are streaming from, this looks like indeed you are being attacked. Or do you also have Apple hardware in your home? You can look up the IP addresses of the attackers and that might hold a clue (some of the below where from Apple, and I doubt they'll be hacking you

) or you can look up the port they are trying to connect to, figuring out what service they are hoping to find.

I've formatted your UFW BLOCK messages to capture the important information and sorted below on IP address.

Code: Select all

SRC             PROTO SPT    DPT
116.236.205.138  TCP  34050     80  SYN
12.37.7.20       UDP   1354  16464
12.47.20.170     UDP  54185  16464
17.172.232.125   TCP    443  62701  ACK
17.172.232.125   TCP    443  62701  ACK
17.172.232.125   TCP    443  62701  ACK
17.172.232.125   TCP    443  62701  ACK
17.172.232.184   TCP    443  63169  ACK
175.128.219.66   UDP   1025  16464
175.140.249.91   UDP   1027  16464
175.143.111.242  UDP   1027  16464
177.37.0.1       UDP     53  32690
190.29.18.33     UDP  17253  16464
199.19.215.59    TCP     80  55049  RST
199.19.215.59    TCP     80  55049  RST
2.230.71.229     UDP     53  32690
208.108.115.47   UDP  21872  16464
208.38.104.155   UDP   1025  16464
219.97.239.66    UDP     53  32690
222.186.25.44    TCP   6000   8888  SYN
24.47.223.55     UDP   1149  16464
50.202.192.250   UDP  15998  16464
64.12.88.161     TCP    993  47137  ACK
64.12.88.161     TCP    993  47137  ACK
64.12.88.161     TCP    993  47137  ACK
64.12.88.161     TCP    993  47137  ACK
64.12.88.161     TCP    993  47126  ACK
64.12.88.161     TCP    993  47126  ACK
64.12.88.161     TCP    993  47126  ACK
66.165.170.251   UDP   1063  16464
67.192.215.51    UDP     53  32690
67.78.121.218    UDP   3270  16464
76.164.35.26     UDP  58000  16464
79.119.162.43    TCP  52438  49871  SYN
79.148.235.6     UDP  38068  16464
83.47.6.136      UDP   1029  16464
84.13.153.13     TCP  56054  61268  SYN
84.13.153.13     TCP  57777  61268  SYN
84.13.153.13     TCP  59491  61268  SYN
84.13.153.13     TCP  60427  61268  SYN
84.13.153.13     TCP  61622  61268  SYN
84.13.153.13     TCP  63364  61268  SYN
84.13.153.13     TCP  63364  61268  SYN
84.13.153.13     TCP  63364  61268  SYN
84.13.153.13     TCP  65334  61268  SYN
84.13.153.13     TCP  65334  61268  SYN
84.13.153.13     TCP  65334  61268  SYN
84.13.153.13     TCP  50685  61268  SYN
84.13.153.13     TCP  50685  61268  SYN
84.13.153.13     TCP  50685  61268  SYN
84.13.153.13     TCP  52130  61268  SYN
84.13.153.13     TCP  52130  61268  SYN
84.13.153.13     TCP  55288  61268  SYN
84.13.153.13     TCP  55974  61268  SYN
84.13.153.13     TCP  55974  61268  SYN
84.13.153.13     TCP  57684  61268  SYN
84.13.153.13     TCP  58612  61268  SYN
84.13.153.13     TCP  60070  61268  SYN
86.110.157.226   UDP   1059  16464
86.209.96.62     UDP  10584  16464
88.34.216.162    UDP  55341  16464
89.204.135.67    TCP  35230  61268  SYN
89.204.135.67    TCP  35230  61268  SYN
89.204.135.67    TCP  37279  61268  SYN
89.204.135.67    TCP  34650  61268  SYN
89.204.135.67    TCP  34204  61268  SYN
89.204.135.67    TCP  34204  61268  SYN
89.204.135.67    TCP  36498  61268  SYN
89.204.135.67    TCP  36498  61268  SYN
89.204.135.67    TCP  32470  61268  SYN
89.204.135.67    TCP  32470  61268  SYN
89.204.135.67    TCP  33573  61268  SYN
89.204.135.67    TCP  33573  61268  SYN
89.204.135.67    TCP  58884  61268  SYN
89.204.135.67    TCP  56344  61268  SYN
89.204.135.67    TCP  56344  61268  SYN
89.204.135.67    TCP  36490  61268  SYN
89.204.135.67    TCP  35952  61268  SYN
89.204.135.67    TCP  35952  61268  SYN
89.204.135.67    TCP  35952  61268  SYN
89.204.135.67    TCP  34174  61268  SYN
89.204.135.67    TCP  37620  61268  SYN
89.204.135.67    TCP  33435  61268  SYN
89.204.135.67    TCP  33435  61268  SYN
89.204.135.67    TCP  33197  61268  SYN
89.204.135.67    TCP  33197  61268  SYN
89.204.135.67    TCP  34784  61268  SYN
89.204.135.67    TCP  34784  61268  SYN
89.204.135.67    TCP  34784  61268  SYN
89.204.135.67    TCP  34985  61268  SYN
89.204.135.67    TCP  34985  61268  SYN
89.204.135.67    TCP  37458  61268  SYN
89.204.135.67    TCP  37458  61268  SYN
89.204.135.67    TCP  35890  61268  SYN
89.204.135.67    TCP  35499  61268  SYN
89.204.135.67    TCP  37432  61268  SYN
89.204.135.67    TCP  34802  61268  SYN
89.204.135.67    TCP  34802  61268  SYN
89.204.135.67    TCP  39939  61268  SYN
89.204.135.67    TCP  39939  61268  SYN
89.204.135.67    TCP  34437  61268  SYN
89.204.135.67    TCP  34437  61268  SYN
89.204.135.67    TCP  34437  61268  SYN
89.204.135.67    TCP  33944  61268  SYN
89.204.135.67    TCP  37574  61268  SYN
89.204.135.67    TCP  37574  61268  SYN
89.204.135.67    TCP  37574  61268  SYN
89.204.135.67    TCP  37789  61268  SYN
89.204.135.67    TCP  37789  61268  SYN
89.204.135.67    TCP  36518  61268  SYN
89.204.135.67    TCP  38943  61268  SYN
89.204.135.67    TCP  35650  61268  SYN
89.204.135.67    TCP  35650  61268  SYN
89.204.135.67    TCP  34225  61268  SYN
89.204.135.67    TCP  38191  61268  SYN
89.204.135.67    TCP  38191  61268  SYN
89.204.135.67    TCP  34290  61268  SYN
89.204.135.67    TCP  39010  61268  SYN
89.204.135.67    TCP  39010  61268  SYN
89.204.135.67    TCP  39010  61268  SYN
89.204.135.67    TCP  34923  61268  SYN
89.204.135.67    TCP  38857  61268  SYN
89.204.135.67    TCP  32864  61268  SYN
89.204.135.67    TCP  35781  61268  SYN
89.204.135.67    TCP  35781  61268  SYN
89.204.135.67    TCP  35033  61268  SYN
89.204.135.67    TCP  32956  61268  SYN
89.204.135.67    TCP  32956  61268  SYN
89.204.135.67    TCP  38965  61268  SYN
89.204.135.67    TCP  38965  61268  SYN
89.204.135.67    TCP  36787  61268  SYN
89.204.135.67    TCP  36787  61268  SYN
89.204.135.67    TCP  34365  61268  SYN
89.204.135.67    TCP  34365  61268  SYN
89.204.135.67    TCP  39605  61268  SYN
89.211.107.241   UDP  54287  16464
93.174.93.51     TCP  39016   6588  SYN
94.99.90.252     UDP  59845  16464
98.89.105.70     UDP  52922  16464

TCP port 61268 for example is for Apple's Xsan. Unless you have Apple hardware, not much to worry about. In any case, the good news is that UFW is blocking it all. Normally your broadband modem would have a firewall and be blocking all of this already, but I take it you're not connected through normal means that I know (ethernet/wifi to broadband modem to DSL).

Two things you should probably do:
1> Check which services you have running that are listening. Run this command and share output here:

Code: Select all

sudo ufw show listening

2> Do a remote ports probe to see which ports are remotely reachable. You can do that with GRC's ShieldsUP! at https://www.grc.com/x/ne.dll?bh0bkyd2

Ciohap22 · Post by **Ciohap22** » Fri Feb 14, 2014 5:51 am

This is the output:

Code: Select all

zgobark@zgobark-P31-S3G ~ $ sudo ufw show listening
tcp:

...nothing.

I did the GRC test and i got this:

THE EQUIPMENT AT THE TARGET IP ADDRESS
ACTIVELY REJECTED OUR UPnP PROBES!

Firewall was ON. Then i stopped it and i got the same response. I don`t know if the firewall was really OFF . I stopped it using the GUI interface.

I don`t have any Apple hardware.

So if the firewall is blocking all the incoming trafic, should i ignore the messages that i see in the log ?
There are a lot of ports that was attacked .. so if GRC test sais the ports are safe ?

but I take it you're not connected through normal means that I know (ethernet/wifi to broadband modem to DSL)

I`m not really sure what you mean. I have a broadband connection using a cable. I also have a router which i don`t use any more. I thought connecting directly through the cable is safer... is it?
Sorry, i am a noob in this ... i don`t know how to be more explicit.
And thank you for your help.

Post by **xenopeek** » Fri Feb 14, 2014 6:11 am

Did you let the sudo ufw show listening command finish? So, did it return you to the prompt? With nothing listening, it should report:

Code: Select all

tcp:
tcp6:
udp:
udp6:

I have at least dhclient running on UDP. Else please also share output of:

Code: Select all

sudo netstat -lptu

I think you clicked on the "GRC's Instant UPnP Exposure Test". That's for testing your router. For me it reports:

THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
(That's good news!)

See the description on your results to what it all means. However, I meant for your the click the "All Service Ports" link beneath the "GRC's Instant UPnP Exposure Test" button (this button is new, so I omitted mentioning what to click to you as there wasn't a big shiny button last time I checked

). The All Service Ports test should report all your ports as green, as being stealth ports.

You may also run the File Sharing test.

Ciohap22 wrote:So if the firewall is blocking all the incoming trafic, should i ignore the messages that i see in the log ?

I recommend ensuring you are indeed safe with the above steps, but yeah as long as you won't be running any services the firewall will just drop all incoming unsolicited traffic and keep you safe. Without services running on the ports they are trying to connect to, you're safe even without a firewall...

Ciohap22 wrote:I thought connecting directly through the cable is safer... is it?

That depends, routers add a layer of protection and defense in depth is generally preferred (multiple layers of defense). But, routers can be a weak link also as they can have exploitable bugs also.

Ciohap22 · Post by **Ciohap22** » Fri Feb 14, 2014 6:44 am

It returns this after a milisecond:

Code: Select all

zgobark@zgobark-P31-S3G ~ $ sudo ufw show listening
[sudo] password for zgobark: 
tcp:

zgobark@zgobark-P31-S3G ~ $

Then: sudo netstat -lptu

Code: Select all

zgobark@zgobark-P31-S3G ~ $ sudo netstat -lptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:mysql         *:*                     LISTEN      1370/mysqld     
zgobark@zgobark-P31-S3G ~ $

...i forgot to tell you that i have a webserver installed. Apache is stopped, but mysql is running. I`ll stop it too if it`s safer. I only use the server when i edit some web pages localy.

After i stopped mysql:

Code: Select all

zgobark@zgobark-P31-S3G ~ $ sudo netstat -lptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
zgobark@zgobark-P31-S3G ~ $

And the GRC test:

GRC Port Authority Report created on UTC: 2014-02-14 at 10:41:22

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: FAILED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- A PING REPLY (ICMP Echo) WAS RECEIVED.

..i think this is the one.

Post by **xenopeek** » Fri Feb 14, 2014 7:29 am

I think mysql is configured to listen to localhost only; so it doesn't accept connections from outside your computer. apache might be configured the same by default, though I should double check that if I were you and else configure apache also to only listen to localhost. The firewall should stop unsolicited traffic to both anyway, but again defense in depth is better...

Ciohap22 · Post by **Ciohap22** » Fri Feb 14, 2014 8:11 am

I think that apache is configured by default, as you said, to listen to localhost only. I tried connecting to it from another computer (another internet connection), using my external ip and it couldn`t find anything. And most of the time the service is off.
So the last thing i can do is break my neighbour`s legs hoping that he understands the message

...
I`ll reinstall Mint again (for the 50 th time) and see if the issue comes back.
Thanks for your help.

Post by **xenopeek** » Fri Feb 14, 2014 8:21 am

I doubt this is your neighbor. IP addresses are from all over the world; China, Germany, USA, and so on... You can look up the geographic location of an IP address.

kukamuumuka · Post by **kukamuumuka** » Fri Feb 14, 2014 8:25 am

xenopeek wrote:I doubt this is your neighbor. IP addresses are from all over the world; China, Germany, USA, and so on... You can look up the geographic location of an IP address.

IP Address lookup –> http://ip-address-lookup-v4.com/

Ciohap22 · Post by **Ciohap22** » Fri Feb 14, 2014 8:32 am

I did.. i looked at ripe.net
But even so ... he could use a proxy server or some ip changer program (if something like this even exists).

////////////////////////////////////////////EDIT////////////////////////////////////////////////////////////////////////////////////////////////////////

I reinstalled Mint and now i am using the router. The first thing i could see is that i can`t type my password on the main login screen when the cable is connected to the router. I have to plug that cable out, restart from the button and then i can type the password and get into Desktop.

I copied some of the logs.. there`s a lot of output so i`ll attach what i copied. UFW blocks are still there but now the source seems to be the router in some cases.

Code: Select all

Feb 14 16:12:26 kobazal-P31-S3G kernel: [  366.704043] [UFW BLOCK] IN=eth0 OUT= MAC=*************** SRC=192.168.0.1 DST=224.0.0.1 LEN=32

Another strange thing which i have noticed in my previous installations too, is that at first update it goes well until it reaches 70-80% then the update manager window just disapeares.

I didn`t disable yet smbd, nmbd, avahi and cups, so now i get this output:

Code: Select all

kobazal@kobazal-P31-S3G ~ $ sudo ufw show listening
[sudo] password for kobazal: 
tcp:
  139 * (smbd)
  445 * (smbd)
tcp6:
  139 * (smbd)
  445 * (smbd)
udp:
  137 192.168.0.255 (nmbd)
  137 192.168.0.100 (nmbd)
  137 * (nmbd)
  138 192.168.0.255 (nmbd)
  138 192.168.0.100 (nmbd)
  138 * (nmbd)
  35390 * (avahi-daemon)
  5353 * (avahi-daemon)
  54346 * (dhclient)
  631 * (cups-browsed)
  68 * (dhclient)
udp6:
  20019 * (dhclient)
  5353 * (avahi-daemon)
  53535 * (avahi-daemon)

kobazal@kobazal-P31-S3G ~ $ sudo netstat -lptu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:microsoft-ds          *:*                     LISTEN      645/smbd        
tcp        0      0 *:netbios-ssn           *:*                     LISTEN      645/smbd        
tcp        0      0 kobazal-P31-S3G:domain  *:*                     LISTEN      1194/dnsmasq    
tcp        0      0 localhost:ipp           *:*                     LISTEN      886/cupsd       
tcp6       0      0 [::]:microsoft-ds       [::]:*                  LISTEN      645/smbd        
tcp6       0      0 [::]:netbios-ssn        [::]:*                  LISTEN      645/smbd        
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN      886/cupsd       
udp        0      0 *:54346                 *:*                                 982/dhclient    
udp        0      0 *:mdns                  *:*                                 856/avahi-daemon: r
udp        0      0 kobazal-P31-S3G:domain  *:*                                 1194/dnsmasq    
udp        0      0 *:bootpc                *:*                                 982/dhclient    
udp        0      0 192-168-0-25:netbios-ns *:*                                 1453/nmbd       
udp        0      0 192-168-0-10:netbios-ns *:*                                 1453/nmbd       
udp        0      0 *:netbios-ns            *:*                                 1453/nmbd       
udp        0      0 192-168-0-2:netbios-dgm *:*                                 1453/nmbd       
udp        0      0 192-168-0-1:netbios-dgm *:*                                 1453/nmbd       
udp        0      0 *:netbios-dgm           *:*                                 1453/nmbd       
udp        0      0 *:35390                 *:*                                 856/avahi-daemon: r
udp        0      0 *:ipp                   *:*                                 920/cups-browsed
udp6       0      0 [::]:mdns               [::]:*                              856/avahi-daemon: r
udp6       0      0 [::]:20019              [::]:*                              982/dhclient    
udp6       0      0 [::]:53535              [::]:*                              856/avahi-daemon: r

Please reply .. i`m getting very frustrated with this. Thanks.

Linux Mint Forums

Is this a network attack ?

Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?

Re: Is this a network attack ?