Some ahole at 146.82.201.101 keeps pinging me about 30times a minute, and it is crashing my router. What can I do to report him, and where can I find out more info. McAfee's tracker has it located in NYC. I have already contacted GlobalCrossing abuse line. What else can I do to get back at this ahole? -The Starkdog

Just block the IP in your router's setup program, that should prevent the router from crashing and the info from reaching your machine. You can also resolve their IP to the hosting company level (provider), then contact their abuse department. Internet providers don't want a-holes using their services to DoS anyone, all that bandwidth wasted pisses them off.

Do a WHOIS on the IP to get the Hosting Company information and call their abuse desk.

another thing you can do with most models of routers (be careful with this), is to set security so that the MAC address (a long series of numbers and letters unique to each card, such as 00801a23bcb3..that sort of thing), are the only ones that can access the router.
In other words, you find the MAC address of each network card in the house, etc., and add those to a list. Just make sure you get them right, or you'll lock yourself out, and have to start over.
But the beauty of this is that (well, nothings' perfect) it should lock out almost everything. It's considered fairly high security. I'm sure there's something out on the web to allow you to find out the MAC address (they're printed on the card, usually, but I wouldn't want you to have to wield a screwdriver (I have a specialized program that does it for printers, but there's utilities for almost everything. Hope this doesn't scare anyone away..

Cool, Luckily McAfee traced the IP addy to GlobalCrossings ISP. I contacted their emergency hotline, and I guess they fixed the problem. i also got rid of McAfee security center, and installed Zone Alarm Pro5, and i hhaven't been hit since. I'll check that info regarding MAC adressing. -Starkdog

Starkdog, in Windows 2000 and XP, open a dos box and run "ipconfig /all" at the c: prompt. It will give you the MAC address and IP address for all NIC cards in your computer. Mac folks will have to help you out if your on a Mac.

Mike K

Message edited on: 09/04/2005 00:49

MacOSX is easy. :) * Run "System Preferences" * Select "Network" * Select "Configure" for each network device * For instance, for AirPort: - AirPort tab to get "AirPort ID" = MAC address - TCP/IP tab to get "IP Address" There are also ways to do something similar to MSDOS "ipconfig" using Terminal (Applications:Utilities), but my BSD/*nix is very rusty. :)

boy, do I have egg on my face..;) I use ipconfig all the time, but I'm usually looking for the subnet..;)

If somebody didn't already say this, go into your router admin security page and turn off response to Pings (discard Pings) from outside (WAN).

I had something like this for some time a while back. Not knowing any better, I did nothing about it (nothing was affecting my PC, so it didn't seem to matter. Just the data-lights flashing almost continuously on the broad-band modem and the router in-LED). This situation continued for over a year. Performance didn't appear to be affected in any major way, just a lot of flashing LEDs. A couple of weeks ago, I got a new PC. In the process of setting it up, I disconnected the broad-band modem from the net for an hour or so. After getting up and running, I reconnected, and no continuous flashing.. All back to peace and calm.. Cheers, Diolma

I think most of the posters here are confusing a router being compromised with a denial of service (DOS) attack. A DOS attack floods internet connected equipment with garbage. It's not intended to compromise anything, just keep it so busy that it can't handle anything else. Sort of like ringing a victim's fax machine every few seconds. Regarding a DOS attack, I'm afraid you're probably out of luck. The best I can suggest is update the firmware on your router, and hope it handles DOS attacks better, by throwing away the garbage quicker. Most modern and fully patched routers handle DOS attacks gracefully. For instance, Microsoft and on-line retailers are frequent DOS victims. It's likely an attack from a "zombie." Most zombies are compromised Windows PC's, taken over by a hacker for nefarious deeds. The poor sap at 146.82.201.101 probably doesn't realize their PC's been compromised. You should count your blessings that it's not a coordinated attack, from hundreds or thousands of PC. Typically after some time passes, a hacker will look interest and shift focus onto a different target.

A friend of mine made a program about 4 years ago that reached out and grabbed the culprits machine. I have no idea how he did it, but he called it "The Bear", LOL

Hackers rarely attack using their own equipment directly anymore. The culprit launching the DOS attack is likely an unwitting victim themselves. I'd guess it's probably one of the countless Windows PC's who've not kept their PC's properly patched / protected, so-called "Zombies". Here's the part where I insert a standard warning here about EVER running a Windows PC without some form of firewall, even for a few seconds. I know this is tough if you're building a home PC from scratch, without a hardware based firewall, to protect you while you're feverishly downloading Microsoft's patches. By the way, contary to other posts I've seen, I've never had a problem when I block Poser's access to the Internet.

P.S. I was a long-time victim of relay attacks on my mail server from a compromised U.S. Navy machine. How scary is that?