[Wolves] smoothwall advice please

[kev adams]

On Tuesday 07 Jun 2005 21:08, Ron Wellsted wrote:
> kev adams wrote:
> > 10.0.0.2 is the address of my router & 10.0.0.5 the address of my
> > smoothwall box.    Have I read it correctly - has my smoothwall box been
> > compromised & used for an "OVERSIZE REQUEST-URI DIRECTORY" attack on IP
> > 67.15.2.10:80 Or did I read it wrong?
> >
> > I've noticed over the last few days that there's been a worryingly
> > regular flash of activity from the ADSL router RXD light but it wasn't
> > until yesterday that smoothwall logs showed this sort of activity.
>
> Sorry, no quick answers, just a load of questions.

I appreciate you taking the time - cheers.

>
> Is the smoothie setup as a transparent proxy?
No
>
> What other systems are on the inside of the smoothie? Any Windows boxes?

Ocassional windows dual boot systems but not for a few days & I put an up to 
date copy of zonealarm on them as a matter of course.  I'd like to find a way 
to prevent windows boxes accessing the outside world via smoothwall but 
haven't come across anything - it's really useful to have them access the LAN 
but an unecessary risk having them access the outside world.  One mandrake 
system, kubuntu & a knoppmyth system are on the LAN at different times.

>
> Was anyone accessing ebay, ebuyer or Hosting Unlimited at about 16:30?

Not ebuyer but very likely ebay & hosting unlimited.  It's possible I was 
linked to ebuyer from another site but didn't finish viewing the site - I 
certainly didn't visit there in ages & no one else connects to the LAN - not 
that I know of anyway!

>
> Do you use any of those web sites?
yes

>
> Have you opened any ports on the smoothie to allow external access to or
> through the firewall?
No.

I have a fixed IP & am paranoid enough to think I'm being targetted by some 
arse who thinks my network might be far more interesting than it really 
is ;~)

From what you've said already though it could be just me being paranoid again.

cheers
kev