Separate names with a comma.
Discussion in 'Macintosh Computers' started by MrMacMan, Sep 8, 2003.
[There is more... Just can't post, too long]
Um... What is with all that flooding!
And of coarse my router doesn't tell me when this is being done... erg.
What is happening and is this normal or bad?
[Mod, if you think this is software you can move it, It was when I accessed the router that I got this... so I posted under Hardware]
edit: Damn I forgot my IP was in all of those... damn.
Well know that you know my IP please don't flood me...
But I need to know what this means!
Seems to me someone it nuking and pinging you.
I'd suggest getting Norton Internet security if your router doesn't have a built in firewall... and even if it does, i'd still get it.
You don't have static ip, do you?
I think dynamic... not 100%
The router has a firewall which is I guess why I didn't have a problem until I looked at it.
But who/what is doing this?
5-20 Pings is find, flooding... is alot worse...
But Nuking me?
Anyone else what is happening?
My guess is that you have a broadband internet account...probably cable.
Since the cable provider's infrastructure is a wide area network, annoying people like to port scan and/or "attack" all the IP addresses that are in their subnet.
You said you have a router, which is probably acting as a firewall between your computer(s) and the WAN. From the look of your log file, it is doing it's job. This is enough for most people. Most broadband routers come configured to close all ports. There is also usually an option to "Block WAN Request" (checked) or "Respond to ping" (unchecked) in your router security configuration. This will make you appear as a less fruitful target for attack, and most simple DoS attacks will ignore you.
In summary, it is unlikely that anyone is targeting you specifically; your router is blocking the (m)asses.
Well all it takes is to call one conservative hacker a nazi...
Just that the port on your machine is always 2017 says a lot. What machine software needs that port? If it were a random attack, they would be using various ports on your machine instead of just one.
What I don't like is that at the end it said:
"2003/09/08 19:21:34 192.168.2.29 login successful"
Do you know who uses that ip?
Well at least you have a firewall in the router.
My Freshman year at College, I had to live in the dorms. Its an Engineering school, so 85%+ of the students had a Computer (95% PC [65% Dell, 20% Compaq, 15% home built], 4% Mac, 1% Sun [Only knew of 3 out of 290]. Well, my friend, with a homebuilt PC, actually had to go out and buy BlackICE network protection, because he would be nuked daily, causing his PC to crash. We went to the IT department, and they said they couldn't do anything about it, they would not allow us to install a firewall though. Its just a sad state of affairs when you can't even use your computer beause of being Packet Bombed.
Thankfully, I never had the problem (even with viewing unrequested packets) some people just target an IP address, because the numbers are easy to remember.
Well, internet is a "free for all" at this time.
Now, Don't want to make this is a political issue, but do you think we should attain the rights of free internet and be subjected to anything that others want to do to us - "anarchy state". Or do we want government to police internet denying us some of our speech rights but securing us from annoying idiots and hackers - "oppression state". ???
What were you using to see all that info? I'd be curious to see what I'm getting at home as well...
Usually I get attacked too, so it's normal. I get about 50 attacks in a bout 5 days of uptime. But i don't use a firewall router yet.
I do however recommend getting Norton Interner security 3.0 for you though... It's a bit pricey (85 bucks) but i think is well worth it.
You are funny! That is your own IP address of your computer in your LAN. The log file just did what it was supposed to do, filing that you logged into the router from your machine, that's all!
192.168.x.x class c IP adresses (there are also two other address ranges for class a and b networks) are private adresses that are used in LANs behind a router. They ARE NOT valid IP addresses to be routed in a WAN (Internet) and won't be routed by any router to another router outside that LAN. What your router is doing is NAT (native address translation). It takes the packets and pretends to be the origin of them with the IP address it got from your provider (no matter if dynamic or static) and the other way around. So for somebody from outside it looks as if your computer has the IP address of the router, even though it is not. That's why a router is a good firewall. You can decide yourself which ports should be directed to a specific machine for calls from outside. With all ports closed nobody can get into your LAN from outside and it is absolutely safe.
Even though ports cna be used freely, here is an interesting list of services that are "officially" used on specific ports:
So to me it occurs that somebody tried to boot your machine or to get a telnet connection to your computer.
Ok. I'm quite ignorant on this whole network security thing. I need to read more books
Just so you know what SYN Flooding is...
When two devices communicate over TCP, like web browsing for example, there is a handshake, similar to a telephone call, prior to the full conversation.
The requesting computer sends a SYN packet, the destination computer (your router in this case) sends a SYN-ACK, then the requesting computer responds with an ACK. Similar to phone conversation:
1. Person dials telephone number. (SYN)
2. Person picks up ringing phone and says "Hello." (SYN-ACK)
3. Dialer says "Hello.... <on with the conversation>" (ACK)
During a SYN Flood, the requesting computer sends so many SYN packets and the destination opens up so many connections waiting for a response that it slows down or even hangs. This is because the destination computer will wait for a period of time before closing down sockets that have been opened with a SYN packet.
More than likely, it is not someone targeting you specifically (as the IP's are pretty random and not on your subnet), but is just a worm or virus on people's computers that they do not know about.
har har har.
What are you saying Conservatives have a mass of zombie computers to attack people they don't like?
Ah, that was me, and then about 5 minutes later I see this log, I copyied and pasted.
Sorry that was good, but yeah.
I visit my router to change some preferences from time to time, also see if unkown hackage... blah blah but this was massive so...
Most routers respond to the IP of
192.168.2.1 Or 192.168.1.1
Type that in... in a browser and you can see what stuff your router is doing.
tomf87 -- So basically people are spamming me with phone calls...
A more complete list can be found at IANA:
yep... and hanging up when you answer....
Hehe, well put.
so I guess I will keep the router on and check on some Firewall Software...