Talkback for article: 282, March2003

External attacks

Back to: http://cgi.linuxfocus.org/English/March2003/article282.shtml

From: jtk [ date: 2003-04-06 ]
Other types of attacks include taking advantage of ICMP services (e.g. redirects and source quench), using invalid TCP parameters to slow or clog hosts (e.g. use minimal window sizes) and perform multicast pull attacks (spoof IGMP joins on behalf of the victim). Overall a good article, but the list of possible attacks really is endless.
From: Frank dijkstra <fdijkstra(at)hotmail.com> [ date: 2003-07-20 ]
the past few weeks i'm getting these kind of warnings in my routerlog:

2003/07/19 10:32:15 ** IP Spoofing ** <IP/IGMP> 192.168.2.100 ->> 224.0.0.2
2003/07/19 10:33:11 ** IP Spoofing ** <IP/IGMP> 192.168.2.100 ->> 224.0.0.2

and also a lot of TCP IP flooding which disconnects me from internet for about 30 minutes:

2003/06/27 16:29:05 ** TCP SYN Flooding ** <IP/TCP> 213.51.232.149:2782 ->> 68.114.212.2:445
2003/06/27 16:29:06 ** TCP SYN Flooding ** <IP/TCP> 213.51.232.149:2782 ->> 68.114.212.2:445
2003/06/27 16:29:07 ** TCP SYN Flooding ** <IP/TCP> 213.51.232.149:2782 ->> 68.114.212.2:445


how can i solve this? i'm a complete newbie when it comes to ip's and stuff, so please explain in easy terms, rather in dutch than in english.....
From: a proctor <karma(at)velocitus.net> [ date: 2003-08-30 ]
I am a home pc user. Running win98se. Lots of security problems. Currently using Sygate Firewall. Whenever I connect to the internet using my dial up
connection 216.222.65.13 sygate requests permission for 224.0.0.2 to connect using ICMP protocol. I now have multiples of 67.8.247.74 (aol) in my traffic log. This is before I even open IE. I am absolutely not supposed to be part of a "network". Nor do I ever use aol services or browse w/aol.
Antivirus programs show nothing. Security scans show nothing. But, you should see my firewall logs! Any info is better than no info. THis is a daily thing. And, yes I have fdisked, formatted & reloaded. THREE TIMES.
From: Valon <sex_not_valid(at)hotmail.com> [ date: 2003-12-29 ]
How to send syn pack
can you learning me for send syn packet
I like to kill ircd ip 202.148.130.35
Pleas tell me
Bay
thanks

4 talkbacks




Due to the increased amount of web spam we have deciced to removed the talkback posting possibility. You can read old talkbacks but you can no longer post new ones.

Back to http://cgi.linuxfocus.org/English/March2003/article282.shtml

Please contact webmaster(at)linuxfocus.org if you have any questions with regards to this talkback

lftalkback version 3.10