Starkdog opened this issue on Sep 03, 2005 ยท 14 posts
Starkdog posted Sat, 03 September 2005 at 10:34 PM
Some ahole at 146.82.201.101 keeps pinging me about 30times a minute, and it is crashing my router. What can I do to report him, and where can I find out more info. McAfee's tracker has it located in NYC. I have already contacted GlobalCrossing abuse line. What else can I do to get back at this ahole? -The Starkdog
Ben_Dover posted Sat, 03 September 2005 at 11:31 PM
Just block the IP in your router's setup program, that should prevent the router from crashing and the info from reaching your machine. You can also resolve their IP to the hosting company level (provider), then contact their abuse department. Internet providers don't want a-holes using their services to DoS anyone, all that bandwidth wasted pisses them off.
SteveJax posted Sat, 03 September 2005 at 11:38 PM
Do a WHOIS on the IP to get the Hosting Company information and call their abuse desk.
pakled posted Sat, 03 September 2005 at 11:43 PM
another thing you can do with most models of routers (be careful with this), is to set security so that the MAC address (a long series of numbers and letters unique to each card, such as 00801a23bcb3..that sort of thing), are the only ones that can access the router.
In other words, you find the MAC address of each network card in the house, etc., and add those to a list. Just make sure you get them right, or you'll lock yourself out, and have to start over.
But the beauty of this is that (well, nothings' perfect) it should lock out almost everything. It's considered fairly high security. I'm sure there's something out on the web to allow you to find out the MAC address (they're printed on the card, usually, but I wouldn't want you to have to wield a screwdriver (I have a specialized program that does it for printers, but there's utilities for almost everything. Hope this doesn't scare anyone away..
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
Starkdog posted Sun, 04 September 2005 at 12:28 AM
Cool, Luckily McAfee traced the IP addy to GlobalCrossings ISP. I contacted their emergency hotline, and I guess they fixed the problem. i also got rid of McAfee security center, and installed Zone Alarm Pro5, and i hhaven't been hit since. I'll check that info regarding MAC adressing. -Starkdog
Mike K posted Sun, 04 September 2005 at 12:48 AM
Starkdog, in Windows 2000 and XP, open a dos box and run "ipconfig /all" at the c: prompt. It will give you the MAC address and IP address for all NIC cards in your computer. Mac folks will have to help you out if your on a Mac.
Mike K
Message edited on: 09/04/2005 00:49
kuroyume0161 posted Sun, 04 September 2005 at 5:14 AM
MacOSX is easy. :) * Run "System Preferences" * Select "Network" * Select "Configure" for each network device * For instance, for AirPort: - AirPort tab to get "AirPort ID" = MAC address - TCP/IP tab to get "IP Address" There are also ways to do something similar to MSDOS "ipconfig" using Terminal (Applications:Utilities), but my BSD/*nix is very rusty. :)
C makes it easy to shoot yourself in the
foot. C++ makes it harder, but when you do, you blow your whole leg
off.
-- Bjarne
Stroustrup
Contact Me | Kuroyume's DevelopmentZone
pakled posted Sun, 04 September 2005 at 10:21 AM
boy, do I have egg on my face..;) I use ipconfig all the time, but I'm usually looking for the subnet..;)
I wish I'd said that.. The Staircase Wit
anahl nathrak uth vas betude doth yel dyenvey..;)
mateo_sancarlos posted Sun, 04 September 2005 at 2:12 PM
If somebody didn't already say this, go into your router admin security page and turn off response to Pings (discard Pings) from outside (WAN).
diolma posted Sun, 04 September 2005 at 3:58 PM
I had something like this for some time a while back. Not knowing any better, I did nothing about it (nothing was affecting my PC, so it didn't seem to matter. Just the data-lights flashing almost continuously on the broad-band modem and the router in-LED). This situation continued for over a year. Performance didn't appear to be affected in any major way, just a lot of flashing LEDs. A couple of weeks ago, I got a new PC. In the process of setting it up, I disconnected the broad-band modem from the net for an hour or so. After getting up and running, I reconnected, and no continuous flashing.. All back to peace and calm.. Cheers, Diolma
kenyarb posted Sun, 04 September 2005 at 4:40 PM
I think most of the posters here are confusing a router being compromised with a denial of service (DOS) attack. A DOS attack floods internet connected equipment with garbage. It's not intended to compromise anything, just keep it so busy that it can't handle anything else. Sort of like ringing a victim's fax machine every few seconds. Regarding a DOS attack, I'm afraid you're probably out of luck. The best I can suggest is update the firmware on your router, and hope it handles DOS attacks better, by throwing away the garbage quicker. Most modern and fully patched routers handle DOS attacks gracefully. For instance, Microsoft and on-line retailers are frequent DOS victims. It's likely an attack from a "zombie." Most zombies are compromised Windows PC's, taken over by a hacker for nefarious deeds. The poor sap at 146.82.201.101 probably doesn't realize their PC's been compromised. You should count your blessings that it's not a coordinated attack, from hundreds or thousands of PC. Typically after some time passes, a hacker will look interest and shift focus onto a different target.
Acadia posted Sun, 04 September 2005 at 7:50 PM
A friend of mine made a program about 4 years ago that reached out and grabbed the culprits machine. I have no idea how he did it, but he called it "The Bear", LOL
"It is good to see ourselves as
others see us. Try as we may, we are never
able to know ourselves fully as we
are, especially the evil side of us.
This we can do only if we are not
angry with our critics but will take in good
heart whatever they might have to
say." - Ghandi
kenyarb posted Sun, 04 September 2005 at 11:03 PM
Hackers rarely attack using their own equipment directly anymore. The culprit launching the DOS attack is likely an unwitting victim themselves. I'd guess it's probably one of the countless Windows PC's who've not kept their PC's properly patched / protected, so-called "Zombies". Here's the part where I insert a standard warning here about EVER running a Windows PC without some form of firewall, even for a few seconds. I know this is tough if you're building a home PC from scratch, without a hardware based firewall, to protect you while you're feverishly downloading Microsoft's patches. By the way, contary to other posts I've seen, I've never had a problem when I block Poser's access to the Internet.
kenyarb posted Sun, 04 September 2005 at 11:06 PM
P.S. I was a long-time victim of relay attacks on my mail server from a compromised U.S. Navy machine. How scary is that?