Should I be worried?

Discussion in 'Macintosh Computers' started by MrMacMan, Sep 8, 2003.

  1. macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #1
    [There is more... Just can't post, too long]
     
  2. thread starter macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #2
    Contiuned

    Um... What is with all that flooding!

    :eek:

    And of coarse my router doesn't tell me when this is being done... erg.

    What is happening and is this normal or bad?

    [Mod, if you think this is software you can move it, It was when I accessed the router that I got this... so I posted under Hardware]

    edit: Damn I forgot my IP was in all of those... damn.

    Well know that you know my IP please don't flood me... :p

    But I need to know what this means!
     
  3. macrumors 6502a

    Rezet

    Joined:
    Apr 21, 2003
    Location:
    Connecticut, United States of America
    #3
    Seems to me someone it nuking and pinging you.
    I'd suggest getting Norton Internet security if your router doesn't have a built in firewall... and even if it does, i'd still get it.
     
  4. macrumors 6502a

    Rezet

    Joined:
    Apr 21, 2003
    Location:
    Connecticut, United States of America
    #4
    You don't have static ip, do you?
     
  5. thread starter macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #5

    I think dynamic... not 100%

    Why?


    The router has a firewall which is I guess why I didn't have a problem until I looked at it.


    But who/what is doing this?

    5-20 Pings is find, flooding... is alot worse...

    But Nuking me?

    :confused:


    Anyone else what is happening?
     
  6. macrumors member

    Joined:
    Aug 29, 2003
    #6
    My guess is that you have a broadband internet account...probably cable.

    Since the cable provider's infrastructure is a wide area network, annoying people like to port scan and/or "attack" all the IP addresses that are in their subnet.

    You said you have a router, which is probably acting as a firewall between your computer(s) and the WAN. From the look of your log file, it is doing it's job. This is enough for most people. Most broadband routers come configured to close all ports. There is also usually an option to "Block WAN Request" (checked) or "Respond to ping" (unchecked) in your router security configuration. This will make you appear as a less fruitful target for attack, and most simple DoS attacks will ignore you.

    In summary, it is unlikely that anyone is targeting you specifically; your router is blocking the (m)asses.
     
  7. macrumors 68040

    tazo

    Joined:
    Apr 6, 2003
    Location:
    Pacific Northwest, Seattle, WA actually
    #7
    Well all it takes is to call one conservative hacker a nazi... ;)
     
  8. Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #8
    Just that the port on your machine is always 2017 says a lot. What machine software needs that port? If it were a random attack, they would be using various ports on your machine instead of just one.
     
  9. macrumors 6502a

    Rezet

    Joined:
    Apr 21, 2003
    Location:
    Connecticut, United States of America
    #9
    What I don't like is that at the end it said:
    "2003/09/08 19:21:34 192.168.2.29 login successful"

    Do you know who uses that ip?
     
  10. TEG
    macrumors 604

    TEG

    Joined:
    Jan 21, 2002
    Location:
    Langley, Washington
    #10
    Well at least you have a firewall in the router.

    My Freshman year at College, I had to live in the dorms. Its an Engineering school, so 85%+ of the students had a Computer (95% PC [65% Dell, 20% Compaq, 15% home built], 4% Mac, 1% Sun [Only knew of 3 out of 290]. Well, my friend, with a homebuilt PC, actually had to go out and buy BlackICE network protection, because he would be nuked daily, causing his PC to crash. We went to the IT department, and they said they couldn't do anything about it, they would not allow us to install a firewall though. Its just a sad state of affairs when you can't even use your computer beause of being Packet Bombed.
    Thankfully, I never had the problem (even with viewing unrequested packets) some people just target an IP address, because the numbers are easy to remember.

    TEG
     
  11. macrumors 6502a

    Rezet

    Joined:
    Apr 21, 2003
    Location:
    Connecticut, United States of America
    #11
    Well, internet is a "free for all" at this time.

    Now, Don't want to make this is a political issue, but do you think we should attain the rights of free internet and be subjected to anything that others want to do to us - "anarchy state". Or do we want government to police internet denying us some of our speech rights but securing us from annoying idiots and hackers - "oppression state". ???
     
  12. Moderator emeritus

    Mr. Anderson

    Joined:
    Nov 1, 2001
    Location:
    VA
    #12
    What were you using to see all that info? I'd be curious to see what I'm getting at home as well...

    D
     
  13. macrumors 6502a

    Rezet

    Joined:
    Apr 21, 2003
    Location:
    Connecticut, United States of America
    #13
    Usually I get attacked too, so it's normal. I get about 50 attacks in a bout 5 days of uptime. But i don't use a firewall router yet.
    I do however recommend getting Norton Interner security 3.0 for you though... It's a bit pricey (85 bucks) but i think is well worth it.
     
  14. macrumors 65816

    groovebuster

    Joined:
    Jan 22, 2002
    Location:
    3rd rock from the sun...
    #14
    You are funny! :D That is your own IP address of your computer in your LAN. The log file just did what it was supposed to do, filing that you logged into the router from your machine, that's all!

    192.168.x.x class c IP adresses (there are also two other address ranges for class a and b networks) are private adresses that are used in LANs behind a router. They ARE NOT valid IP addresses to be routed in a WAN (Internet) and won't be routed by any router to another router outside that LAN. What your router is doing is NAT (native address translation). It takes the packets and pretends to be the origin of them with the IP address it got from your provider (no matter if dynamic or static) and the other way around. So for somebody from outside it looks as if your computer has the IP address of the router, even though it is not. That's why a router is a good firewall. You can decide yourself which ports should be directed to a specific machine for calls from outside. With all ports closed nobody can get into your LAN from outside and it is absolutely safe.

    groovebuster
     
  15. macrumors 65816

    groovebuster

    Joined:
    Jan 22, 2002
    Location:
    3rd rock from the sun...
    #15
    Even though ports cna be used freely, here is an interesting list of services that are "officially" used on specific ports:

    port list

    So to me it occurs that somebody tried to boot your machine or to get a telnet connection to your computer.

    groovebuster
     
  16. macrumors 6502a

    Rezet

    Joined:
    Apr 21, 2003
    Location:
    Connecticut, United States of America
    #16
    :D

    Ok. I'm quite ignorant on this whole network security thing. I need to read more books :D
     
  17. macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #17
    Just so you know what SYN Flooding is...

    When two devices communicate over TCP, like web browsing for example, there is a handshake, similar to a telephone call, prior to the full conversation.

    The requesting computer sends a SYN packet, the destination computer (your router in this case) sends a SYN-ACK, then the requesting computer responds with an ACK. Similar to phone conversation:

    1. Person dials telephone number. (SYN)
    2. Person picks up ringing phone and says "Hello." (SYN-ACK)
    3. Dialer says "Hello.... <on with the conversation>" (ACK)

    During a SYN Flood, the requesting computer sends so many SYN packets and the destination opens up so many connections waiting for a response that it slows down or even hangs. This is because the destination computer will wait for a period of time before closing down sockets that have been opened with a SYN packet.

    More than likely, it is not someone targeting you specifically (as the IP's are pretty random and not on your subnet), but is just a worm or virus on people's computers that they do not know about.
     
  18. thread starter macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #18
    har har har.

    What are you saying Conservatives have a mass of zombie computers to attack people they don't like?

    :eek:

    Ah, that was me, and then about 5 minutes later I see this log, I copyied and pasted.

    Sorry that was good, but yeah.

    I visit my router to change some preferences from time to time, also see if unkown hackage... blah blah but this was massive so...

    Most routers respond to the IP of
    192.168.2.1 Or 192.168.1.1

    Type that in... in a browser and you can see what stuff your router is doing.


    tomf87 -- So basically people are spamming me with phone calls...

    :p


    damn people...
     
  19. macrumors regular

    ChronoIMG

    Joined:
    Sep 11, 2003
    Location:
    San Francisco, CA
    #19
    A more complete list can be found at IANA:

    http://www.iana.org/assignments/port-numbers
     
  20. macrumors 65816

    tomf87

    Joined:
    Sep 10, 2003
    #20
    yep... and hanging up when you answer.... :)
     
  21. thread starter macrumors 604

    MrMacMan

    Joined:
    Jul 4, 2001
    Location:
    1 Block away from NYC.
    #21
    Hehe, well put.


    so I guess I will keep the router on and check on some Firewall Software...
     

Share This Page