Quantcast

Maximum PC

It is currently Thu Aug 28, 2014 8:50 am

All times are UTC - 8 hours




Post new topic Reply to topic  [ 13 posts ] 
Author Message
 Post subject: DoS attacks
PostPosted: Tue Aug 03, 2004 3:54 pm 
Northwood
Northwood
User avatar

Joined: Sun Jul 11, 2004 12:35 pm
Posts: 2039
Location: Houston, TX
using Sygate Personal Firewall on my Windows 2003 Server, the Security Log is constantly picking up a Denial of Service attack from the same Mac address (IP varies).

the IP is very close to my own, so i'm assuming it's someone close to me, seeing that i'm using cable broadband.

is there something i can do about this? report to abuse@earthlink.net with the IPs and Mac?


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 6:09 pm 
Northwood
Northwood
User avatar

Joined: Sat Jun 26, 2004 2:44 am
Posts: 2496
Location: Wizzing into the abyss
are you sure it's a dos attack and not some goof(s) trying to crack your server?

what are the IP #'s?


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 6:15 pm 
Northwood
Northwood
User avatar

Joined: Sun Jul 11, 2004 12:35 pm
Posts: 2039
Location: Houston, TX
JAFAH5150 wrote:
are you sure it's a dos attack and not some goof(s) trying to crack your server?

what are the IP #'s?


no, i'm not sure what they are, and i don't really know what exactly is a DoS attack either.

the IPs vary, but all start with 24.x.x.x and most of them are 24.233.x.x.


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 6:36 pm 
Northwood
Northwood
User avatar

Joined: Sat Jun 26, 2004 2:44 am
Posts: 2496
Location: Wizzing into the abyss
a dos attack is a bunch of computers flooding your server at the same time with repeated garbage requests just to tie all your bandwidth so nothing else can get in


have you had alot of port scans lately?


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 7:43 pm 
Northwood
Northwood
User avatar

Joined: Sun Jul 11, 2004 12:35 pm
Posts: 2039
Location: Houston, TX
JAFAH5150 wrote:
have you had alot of port scans lately?


probably not. only thing showing up on the log is the DoS attacks.


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 8:08 pm 
Northwood
Northwood
User avatar

Joined: Sat Jun 26, 2004 2:44 am
Posts: 2496
Location: Wizzing into the abyss
is your server open to the public(file shareing, web pages, etc..)?


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 8:32 pm 
Northwood
Northwood
User avatar

Joined: Sun Jul 11, 2004 12:35 pm
Posts: 2039
Location: Houston, TX
JAFAH5150 wrote:
is your server open to the public(file shareing, web pages, etc..)?


web server is the only public one. FTP, mail, and file sharing, i'd consider private, since there's no anon login.


Top
  Profile  
 
 Post subject:
PostPosted: Tue Aug 03, 2004 11:55 pm 
Northwood
Northwood
User avatar

Joined: Sat Jun 26, 2004 2:44 am
Posts: 2496
Location: Wizzing into the abyss
you're probably just getting alot of pings from infected computers.

I'd only worry about it if your log shows alot of activity directed at one port over a very short period of time or if someone is scanning through a series of ports in a short period...when I say short period I mean less than a minute.

lately I've been getting pinged like crazy(about every 1-2min) and I'm not running any services...every time a new batch of virii spreads it gets like this. My isp even sent out letters last year telling alot of them to clean up their computers(blaster iirc) :shock:


take a trip over to grc and run the sheilds up test


Top
  Profile  
 
 Post subject: Re: DoS attacks
PostPosted: Wed Aug 04, 2004 3:28 pm 
Thunderbird
Thunderbird
User avatar

Joined: Wed Jul 07, 2004 1:13 pm
Posts: 817
Location: Missouri
cigar3tte wrote:
using Sygate Personal Firewall on my Windows 2003 Server, the Security Log is constantly picking up a Denial of Service attack from the same Mac address (IP varies).

the IP is very close to my own, so i'm assuming it's someone close to me, seeing that i'm using cable broadband.

is there something i can do about this? report to abuse@earthlink.net with the IPs and Mac?


You can do a whois search on these IP address to see who owns or controls them. Are all these DoS attacks using the same ports to get to your pc?

Remember many times these IP address can be faked using software. It is called spoofing.


Top
  Profile  
 
 Post subject: Re: DoS attacks
PostPosted: Wed Aug 04, 2004 7:38 pm 
Northwood
Northwood
User avatar

Joined: Sun Jul 11, 2004 12:35 pm
Posts: 2039
Location: Houston, TX
baldeagle wrote:
You can do a whois search on these IP address to see who owns or controls them. Are all these DoS attacks using the same ports to get to your pc?

Remember many times these IP address can be faked using software. It is called spoofing.


the reverse lookup shows that they're on Earthlink or Road Runner, doesn't show what port it's going thru on the firewall, but they're all from the same mac address.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Aug 05, 2004 8:14 am 
Team Member
Team Member
User avatar

Joined: Tue Jul 06, 2004 7:33 pm
Posts: 568
Location: Oklahoma City, OK
If the "attacks" are coming from your ISP then it's harmless. ISPs routinely check on what's being used.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Aug 05, 2004 9:26 am 
Northwood
Northwood
User avatar

Joined: Sun Jul 11, 2004 12:35 pm
Posts: 2039
Location: Houston, TX
deject wrote:
If the "attacks" are coming from your ISP then it's harmless. ISPs routinely check on what's being used.


i don't know if it's from my ISP or not, all i know is that it's someone with the same ISP as me.


Top
  Profile  
 
 Post subject:
PostPosted: Thu Aug 05, 2004 8:21 pm 
Thunderbird
Thunderbird
User avatar

Joined: Wed Jul 07, 2004 1:13 pm
Posts: 817
Location: Missouri
cigar3tte wrote:
deject wrote:
If the "attacks" are coming from your ISP then it's harmless. ISPs routinely check on what's being used.


i don't know if it's from my ISP or not, all i know is that it's someone with the same ISP as me.


Try running a few different test at http://www.dnsstuff.com. It might provide some more information on the IP address you keep seeing in your logs.


Top
  Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 13 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: Stinky_Pete and 13 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group