F9 DOS attack

Dave Feustel dfeustel at mindspring.com
Wed Nov 26 14:17:08 UTC 2008 

On Wed, Nov 26, 2008 at 05:30:09AM -0800, bruce wrote:
> hi dave...
> 
> just saw this thread. are you running a static ip on your external internet
> connection. if you aren't, you could simply force the cable modem to reset
> to another ip address..

I tried reseting the cable modem but I'm not sure it changes my ip
address.
 
> you might have to work with comcast tech support to accomplish this. (get a
> 2nd/3rd level guy who actually knows/wants to help you out)

I'm going to try to talk with them about this tomorrow.
 
> if you've already done this, has it managed to slow the offender down?

No. But the attack had ceased when I got up this morning.
 
> do you have a router connected to the cable modem? does it log the ip
> addresses of the offending client?

I use pf with a block all incoming rule. I don't see any traffic with
pftop, but I saw a lot of incoming packets by observing the leds on my
cable modem. It's pretty clear to me that both F9 and Suse11 are
vulnerable to attack from the internet. I'm starting to get very
interested in linux security and preventing dos attacks.
 
 
> -----Original Message-----
> From: fedora-list-bounces at redhat.com
> [mailto:fedora-list-bounces at redhat.com]On Behalf Of Dave Feustel
> Sent: Wednesday, November 26, 2008 3:54 AM
> To: Alan Cox
> Cc: Community assistance, encouragement,and advice for using Fedora.
> Subject: Re: F9 DOS attack
> 
> 
> On Tue, Nov 25, 2008 at 08:01:08PM +0000, Alan Cox wrote:
> > On Tue, 25 Nov 2008 14:58:27 -0500 (GMT-05:00)
> > Dave Feustel <dfeustel at mindspring.com> wrote:
> >
> > > Well, my cable modem once again getting a LOT of unsolicited traffic
> > > from the internet - so much so that nothing I attempt to send gets
> > > out. My poor ole Dell doesn't even have enough oomph to process keyboard
> > > commands. Does this qualify as a DOS attack?
> > >
> > > Is there any way to get around this?
> >
> > Assuming you have firewalling configured to drop all the crud then no -
> > contact your ISP and law enforcement as appropriate.
> 
> I spoke with a Comcast technician yesterday. He said there was nothing
> Comcast could do and that the problem was that the 'bomber' was able to
> get my ip address by scanning my system. That seems inconsistent to me.
> 
> --
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
> 
> -- 
> fedora-list mailing list
> fedora-list at redhat.com
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

More information about the fedora-list mailing list