--- On Wed, 11/26/08, Rick Stevens <ricks@xxxxxxxx> wrote: > From: Rick Stevens <ricks@xxxxxxxx> > Subject: Re: F9 DOS attack > To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx> > Date: Wednesday, November 26, 2008, 6:18 PM > Dave Feustel wrote: > > On Wed, Nov 26, 2008 at 05:30:09AM -0800, bruce wrote: > >> hi dave... > >> > >> just saw this thread. are you running a static ip > on your external internet > >> connection. if you aren't, you could simply > force the cable modem to reset > >> to another ip address.. > > > > I tried reseting the cable modem but I'm not sure > it changes my ip > > address. > > > >> you might have to work with comcast tech support > to accomplish this. (get a > >> 2nd/3rd level guy who actually knows/wants to help > you out) > > > > I'm going to try to talk with them about this > tomorrow. > > > >> if you've already done this, has it managed to > slow the offender down? > > > > No. But the attack had ceased when I got up this > morning. > > > >> do you have a router connected to the cable modem? > does it log the ip > >> addresses of the offending client? > > > > I use pf with a block all incoming rule. I don't > see any traffic with > > pftop, but I saw a lot of incoming packets by > observing the leds on my > > cable modem. It's pretty clear to me that both F9 > and Suse11 are > > vulnerable to attack from the internet. I'm > starting to get very > > interested in linux security and preventing dos > attacks. > > ANYTHING connected to the internet is vulnerable to attack, > be it SYN > floods, brute force SSH attempts, any number of others. > Wait till you > get a DC++ attack! The only way to block that sucker is to > do a deep > packet inspection of the payload and drop the connections > or find the > hub that has you listed and kill it somehow. > > It's totally irrelevant what OS you run, it's an > attack against the > interface. Different OSes handle it differently. It's > best to have a > hardware firewall out front, but then internal software > firewalls like > iptables are your second level of defense. Next is making > sure only > the network "listeners" you NEED are enabled. I > manage a network > that seems to have a big, red target painted on it. I deal > with this > all the time. Thank goodness for our Cisco, Foundry and > Radware gear > out front! They block most of it, the rest we deal with > via iptables > and we monitor EVERYTHING (my cell phone has almost melted > on occasion > from the SMS text alerts when a DOS is attempted). > > As to your problem, Comcast's first level techs (and > I'm being generous > using that term) are notoriously crappy as far as solving > problems. > They're not much more than telemarketers and work off a > script. Ask them > something off script and they're at sea. Can't say > Time Warner is much > better. One problem I had with them: > > Me: "I'm not getting a DHCP address from you, your > DHCP servers are down." > Them: "Which OS?" > Me: "Linux." > Them: "Oh, we don't support Linux." > Me: "DHCP is DHCP you twit. The OS has nothing to do > with it! Let me > talk to a level 3 tech." > (this went on for about five minutes, I threatened dire > vengeance, > then I got a level 3 guy [skipped level 2, they're > idiots, too]) > Level3Guy: "What's the problem?" > Me: "You're not giving out DHCP addresses. Your > servers are down." > L3G: "I don't think so." > Me: "Dude, I'm watching a tcpdump of it. I'm > sending requests and > you're not answering. No denials, no responses, > nada." > L3G: "Let me check." > (long pause) > L3G: "Yeah, six of them crashed." > Me: "You don't monitor that sort of thing?" > L3G: "Uh, guess not." > Me: "ARRRRRRGGGGGHHHHHHH!" > > ---------------------------------------------------------------------- > - Rick Stevens, Systems Engineer > ricks@xxxxxxxx - > - AIM/Skype: therps2 ICQ: 22643734 Yahoo: > origrps2 - > - > - > - If the enemy's in range...so are you! > - > ---------------------------------------------------------------------- > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list > Guidelines: > http://fedoraproject.org/wiki/Communicate/MailingListGuidelines refreshing news on the internet a few weeks ago: a big load of spammers and internet attackers headed to prison Have some compassion now! The problem started with their childhood pottytraining! Ref: the basement guy in the Deniro/Norton move "The Score" -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
