DoS attacks on the rise?

[srwatters]

Over the last week or so, my router has seen far too many DoS (Denial of Service) attacks and port scans. Last night it was so bad that I was getting only 60% of my packets to the next hop over the FIOS, basically unusable. I ended up releasing my PPoE connection and rebooted the router after leaving it off for 5 minutes. I've turned on the DoS log and have only seen two attacks since last night (both simple port scans). This all started after last weekend when I let a visitor connect to my wireless network with their Dell notebook (Windows). I wonder if they had some bot running that tagged my IP address?

Anyone else having this much trouble?

[Daniel Bates]

I'm not sure what's causing it but my Internet has been extraordinarily slow over the last few days (rumours are a packet server went down).

[engstrom]

Scott, I also have FIOS but have not seen even a port scan for the last couple days which is kind of weird. Anyway, you might be onto something with your guest having a bot that tagged your IP.

[engstrom]

Oh, and as a public service announcement to anyone out there - be sure and test your network with an online safe port scan and make sure that your ports are secure. There's one at http://www.hackerwatch.org/probe/ that I haven't had any problems with but as always YMMV.

[mobilezen]

DoS attacks are so old school but then again when I see someone trying to tap my router or even my computer(s), I attack back. :)

[Murph]

Try this site, I swear by Steve Gibson: https://www.grc.com/x/ne.dll?bh0bkyd2

[rages4calm]

Yea, DDoS attacks all over the US here lately not just routers and war driving but alot of websites as well.

It's actually quite funny in a way.. DDoS was suppose to be the past and taken care of back when they started knocking software such as telnet off the market. Hackers however always find a way around things.

In answer to your attacks you should probably try Masking your ip address or mac address and changing your encryption on your router from WEP to WPA or if you don't have one at all then WEP will still do just as good.

Quote:

Originally Posted by mobilezen

DoS attacks are so old school but then again when I see someone trying to tap my router or even my computer(s), I attack back. :)

I second that lol

[AndrewCCM]

Quote:

Originally Posted by mobilezen

DoS attacks are so old school but then again when I see someone trying to tap my router or even my computer(s), I attack back. :)

One thing to consider... Many of the attacks are initiated by systems that are not the source (ie, compromised systems that the user doesn't know about). I realize you probably already know this... but attacking back sometimes just exacerbates the issue. But fun I agree... Another useful resource that I use daily in my "real job" - http://isc.sans.org/

I only wish I could get FIOS here. I know there was a time a few years ago where we were doing some penetration testing on our office machines from our home machines and was actually contacted with a threat to disconnect our service from our home ISP. Hehe. We now use Qualys for all of our scheduled penetration testing. Very nice tool. But expensive.

[rages4calm]

I personally enjoy being attacked rather its a hacker or a cracker or someone just trying to phish out info, because when they are done trying to do whatever, it gives me the right and opportunity to do to them as they tried to do to me.

[AndrewCCM]

Quote:

Originally Posted by rages4calm

I personally enjoy being attacked rather its a hacker or a cracker or someone just trying to phish out info, because when they are done trying to do whatever, it gives me the right and opportunity to do to them as they tried to do to me.

Legally, it doesn't. But.. I know what you mean...

My day job is a Manager of Information Security/Infrastructure. It's amazing how much crap is going on these days... Funny though.. I spend more time these days dealing with compliance with government regulations than anything.

[Tapper]

In my "real job" I'm a network engineer, and operate a large metropolitan area network, numerous routers, and a ton of switches. I have various measure in place to monitor activity on these nets, including IDS sensors, TAPs, distributed sniffers, etc etc.

Y'all should keep a few things in mind here.

First, real DoS attacks are pretty rare these days, at least in terms of home computers. More often, computers become infested with a worm, and the source of any packet storms are local to you. Real DoS attacks do happen, but these days they tend to be directed at businesses as a means of extortion - i.e. we'll stop holding down your link if you pay us money. The typical agent in these attacks, are botnets composed of hundreds or thousands of home computers infected with worms, and running some variant of a Trinoo agent.

98% of the crap you see spewed at your connection, comes from other computers infested with a worm and trying to assimilate you into a botnet. The process of scanning IP ranges for a vulnerability is nearly always wholly automated, and originating from your Grandmas computer - or someone similar who lacks the requisite computer knowledge to perform simple windows updates, run a virus scanner, or even a firewall of some sort.

Responding (attacking back) to these probes or exploit attempts accomplishes two things.

1. You commit a rather serious felony. Note that word felony. If you download some stupid script kiddie utility off the net, and aim it at some poor ignorant souls compromised computer, you're liable to have someone like me track you down. If that happens, don't look for mercy. You won't get any. These days, running stuff like that is good for a trip to a nice PMITA federal pen.

2. Rather than some supar s3cr4t l33t h4x0r, you'll actually be attacking some poor fool who's only crime was being to lazy to learn how to operate their computer. And that makes you the bad guy.

It's nearly *always* a good idea to run a little Linksys or DLink router between your computers and your DSL/Cable modem. Run NAT, and turn on port blocking. That will prevent nearly 100% of the random nasty stuff from reaching you. You'll still be able to accidentally download activeX controls, or java bombs from websites, but that's why you're running a virus scanner and keeping it, and windows currently updated, right?

[Tapper]

Quote:

Originally Posted by AndrewCCM

Funny though.. I spend more time these days dealing with compliance with government regulations than anything.

I don't get so much of that yet in my sector, but SOx 404, the new rules of Civil Procedure, and all these new proposed data retention initiatives are really busting my stones. That, and the recently rise in popularity with LEOs - suddenly I have new buddies

[srwatters]

I do have a wireless router with NAT turned on. It was that public IP that was being stormed. I watched the packets bombarding the interface and until I released my public IP and waited long enough to get a different one, it would continue. My guess was most likely correct in that the guest was infected and passed my public IP on to more of the botnet.

With a new public IP on my router, I'm a happy camper (for now).

[AndrewCCM]

Quote:

Originally Posted by Tapper

I don't get so much of that yet in my sector, but SOx 404, the new rules of Civil Procedure, and all these new proposed data retention initiatives are really busting my stones. That, and the recently rise in popularity with LEOs - suddenly I have new buddies

Yep.. Gotta love it.. My new one is the dang changes in PCI compliance.. The Payment Card Industry is harder than the dang government with their infrastructure rules in 2007.

Blah.. Keeps me employed though.

Good message above btw...

[Tapper]

Quote:

Originally Posted by AndrewCCM

Yep.. Gotta love it.. My new one is the dang changes in PCI compliance.. The Payment Card Industry is harder than the dang government with their infrastructure rules in 2007.

Changes? We did all the testing and so forth in 06 - did they change it?