Ubuntu
fwsnort package

fwsnort rule blocks canonical ip

Bug #1933396 reported by claudio javier fernandez on 2021-06-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	fwsnort (Ubuntu)	New	Undecided	Unassigned

Bug Description

am trying to update and I get the following error from synaptic: W: Failed to get http://archive.ubuntu.com/ubuntu/pool/main/l/linux-hwe-5.4/linux-modules-extra-5.4.0-77-generic_5.4.0-77.86~18.04.1_amd64 .deb Connection failed [IP: 2001: 67c: 1360: 8001 :: 23 80] checking mutt mail I get psad crash alerts configured with fwsnort:

Danger level: [2] (out of 5)

Scanned TCP ports: [42400: 1 packets]
        TCP flags: [ACK: 1 packets]
   iptables chain: FWSNORT_INPUT_ESTAB (prefix "[401] REJ SID1797 ESTAB"), 1 packets
     fwsnort rule: 401

Source: 2001: 067c: 1360: 8001: 0000: 0000: 0000: 0023
DNS: [No reverse dns info available]
[+] TCP scan signatures:

"PORN BDSM" dst port: 42400 (no server bound to local port) flags: ACK content: "BDSM" sid: 1797 chain: FWSNORT_INPUT_ESTAB packets: 1 classtype: kickass-porn

and the same for ipv4

Danger level: [2] (out of 5)

Scanned TCP ports: [51378: 1 packets]
        TCP flags: [ACK: 1 packets]
   iptables chain: FWSNORT_INPUT_ESTAB (prefix "[515] REJ SID1797 ESTAB"), 1 packets
     fwsnort rule: 515

Source: 91.189.88.152
DNS: [No reverse dns info available]
[+] TCP scan signatures:

"PORN BDSM" dst port: 51378 (no server bound to local port) flags: ACK content: "BDSM" sid: 1797 chain: FWSNORT_INPUT_ESTAB packets: 1 classtype: kickass-porn

I am trying to download the file http://archive.ubuntu.com/ubuntu/pool/main/l/linux-hwe-5.4/linux-modules-extra-5.4.0-77-generic_5.4.0-77.86~18.04.1_amd64. deb from brave browser manually and the malwarebyte extension blocks the download as a suspicious site. Could I be facing a DNS hijacking? or consider this a bug and disable psad-fwsnort and update without risk of infecting my computer.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: ubuntu-release-upgrader-core 1:18.04.44
ProcVersionSignature: Ubuntu 5.4.0-74.83~18.04.1-generic 5.4.114
Uname: Linux 5.4.0-74-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.24
Architecture: amd64
CrashDB: ubuntu
CurrentDesktop: ubuntu:GNOME
Date: Wed Jun 23 20:33:55 2021
InstallationDate: Installed on 2020-04-16 (433 days ago)
InstallationMedia: Ubuntu 18.04.4 LTS "Bionic Beaver" - Release amd64 (20200203.1)
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
Symptom: dist-upgrade
UpgradeStatus: No upgrade log present (probably fresh install)

Tags:

Revision history for this message

claudio javier fernandez (cjfjavier) wrote on 2021-06-23:

Dependencies.txt Edit (2.4 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.1 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (305 bytes, text/plain; charset="utf-8")

Brian Murray (brian-murray) on 2021-07-12

affects:

ubuntu-release-upgrader (Ubuntu) → fwsnort (Ubuntu)

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufwsnort package