Sicurezza su IRC Net, Cerco Consigli e Info. [Archivio]

luxorl

22-06-2006, 09:42

Salve,
Ultimamente sul channel in cui sto su irc net è arrivato un lameruncolo molto presuntuoso e odioso. Questo individuo riesce a farmi cadare quando vuole..
Leggendo un po' in giro mi sono documentato sui famosissimi attacchi DDoS (Distributed Denial of Services)... anche se non sono sicuro che il metodo che usa sia proprio questo! Dato che la cosa è molto fastidiosa vorrei capire se davvero come ho letto in giro è impossibile protegersi da un buon attacco DDoS oppure c'è qualche possibilità... oltre a questo vorrei capire in che altro modo potrebbe farmi cadere se non con un attacco DDoS.
Io uso da poco Linux Ubuntu 6.06, e come irc client ho XChat.
In casa ho una piccola WLAN, implementata attraverso un router wireless della sitecom, sul quale ho impostato il firewall in modo che il traffico in uscita dal mio notebook sia tutto consentito mentre in ingresso ho aperto solo web, ftp e porte di Emule. (VIsto che emule o uso ogni morto di papa mi consigliate di tenere chiuse le sue porte quando non lo uso?)

Comunque pur non toccando niente dopo l'installazione di ubuntu per quanto riguarda la sicurezza in rete i test on-line (per esempio su http://scan.sygate.com/) mi danno tutti esito positivo, cioè che le mie porte sono bloccate.

Ora a voi la parola... come sempre grazie :mano:

W.S.

22-06-2006, 09:55

bhe, se il problema è un DOS (a maggior ragione se è un DDOS) non c'è molto da fare se non limitare il numero di connessioni da/verso un singolo host (nei DDOS manco questo fa ste gran chè) qualche tempo fa avevo letto qualcosa sulle "liste grigie" mi sembra su www.securityfocus.org. In pratica l'idea è di avere 3 liste una di host fidati, una di host sconosciuti (grigia) e una di host bloccati. Ogni host parte dalla grigia e se crea troppe connessioni viene messo in quella nera per un po di tempo...
Poi dipende da che cosa è generato il dos, se è per numero di connessioni/occupazione di risorse allora va bene, ma se sfrutta qualche bug che butta giu l'applicazione manco questo basta.
Xchat non lo conosco (solo di nome), potrebbe avere qualche baco che lo fa cadere (è aggiornato?).
Il tuo problema non credo sia nel firewall (inteso come blocco di porte) ma nella connessione irc o nelle altre che instauri tu, in particolare quelle verso (/da) l'attaccante.
Se ne hai la possibilità, sniffa tutto il traffico di irc al momento dell'attacco e vedi cosa succede.

luxorl

04-07-2006, 16:33

Oggi girando per i log del router ho trovato questi:

Sat, 2006-07-01 09:19:46 - TCP Packet - Source:200.208.107.100,4624 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:19:46 - TCP Packet - Source:82.52.37.74,29341 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:19:46 - TCP Packet - Source:151.56.85.213,3921 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:19:48 - TCP Packet - Source:201.11.231.109,61656 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:19:52 - TCP Packet - Source:82.52.37.74,29341 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:19:53 - TCP Packet - Source:201.11.231.109,61656 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:41 - TCP Packet - Source:82.57.41.8,4066 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:41 - TCP Packet - Source:85.48.107.191,4178 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:42 - TCP Packet - Source:84.77.201.167,3294 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:42 - TCP Packet - Source:87.11.109.75,1097 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:43 - TCP Packet - Source:83.9.41.223,4459 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:43 - TCP Packet - Source:201.29.138.131,1588 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:43 - TCP Packet - Source:201.34.172.71,61092 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:44 - TCP Packet - Source:82.57.41.8,4066 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:44 - TCP Packet - Source:85.48.107.191,4178 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:44 - TCP Packet - Source:87.2.207.243,4964 Destination:87.2.231.234,445 - [DOS]
Sat, 2006-07-01 09:20:45 - TCP Packet - Source:87.11.109.75,1097 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:46 - TCP Packet - Source:201.29.138.131,1588 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:46 - TCP Packet - Source:84.77.201.167,3294 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:46 - TCP Packet - Source:201.34.172.71,61092 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:47 - TCP Packet - Source:212.194.72.22,4664 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:47 - TCP Packet - Source:87.4.203.8,4486 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:48 - TCP Packet - Source:87.5.92.136,1156 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:50 - TCP Packet - Source:212.194.72.22,4664 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:51 - TCP Packet - Source:201.57.136.2,4233 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:52 - TCP Packet - Source:87.25.46.85,4201 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:52 - TCP Packet - Source:201.34.172.71,61092 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:53 - TCP Packet - Source:87.4.203.8,4486 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:20:54 - TCP Packet - Source:201.57.136.2,4233 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:05 - TCP Packet - Source:87.11.140.107,3009 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:05 - TCP Packet - Source:212.244.43.150,1906 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:05 - TCP Packet - Source:84.220.179.158,21636 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:06 - TCP Packet - Source:80.36.165.69,12656 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:08 - TCP Packet - Source:84.220.179.158,21636 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:08 - TCP Packet - Source:82.106.38.216,1514 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:08 - TCP Packet - Source:82.60.90.225,2187 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:11 - TCP Packet - Source:201.16.138.67,4066 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:11 - TCP Packet - Source:82.60.90.225,2187 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:14 - TCP Packet - Source:222.240.245.146,46849 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:15 - TCP Packet - Source:81.202.195.235,4440 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:17 - TCP Packet - Source:201.16.138.67,4066 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:17 - TCP Packet - Source:84.222.30.245,3075 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:20 - TCP Packet - Source:200.164.241.22,2741 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:23 - TCP Packet - Source:83.72.226.247,3731 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:25 - TCP Packet - Source:82.54.176.239,2340 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:26 - TCP Packet - Source:172.208.77.213,2876 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:29 - TCP Packet - Source:200.164.241.22,2741 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:29 - TCP Packet - Source:83.72.226.247,3731 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:55 - TCP Packet - Source:90.0.93.78,3426 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:56 - TCP Packet - Source:221.204.21.144,4905 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:56 - TCP Packet - Source:218.225.63.114,61815 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:56 - TCP Packet - Source:200.233.134.135,1998 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:57 - TCP Packet - Source:80.228.89.173,64697 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:57 - TCP Packet - Source:87.8.249.114,1844 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:21:59 - TCP Packet - Source:221.204.21.144,4905 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:22:00 - TCP Packet - Source:80.228.89.173,64697 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:22:07 - TCP Packet - Source:59.45.114.11,41007 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:22:08 - TCP Packet - Source:88.8.111.198,1385 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:22:11 - TCP Packet - Source:59.45.114.11,41007 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:22:12 - TCP Packet - Source:82.106.38.216,1829 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:23:01 - TCP Packet - Source:217.220.225.125,2778 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:23:40 - TCP Packet - Source:151.52.107.118,2155 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:23:40 - TCP Packet - Source:81.211.220.150,4786 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:23:41 - TCP Packet - Source:62.94.115.87,3150 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:24:46 - TCP Packet - Source:85.10.18.3,4558 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:17 - TCP Packet - Source:81.172.73.218,1068 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:19 - TCP Packet - Source:87.218.113.85,1069 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:19 - TCP Packet - Source:151.48.99.251,4168 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:19 - TCP Packet - Source:81.75.131.230,1075 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:22 - TCP Packet - Source:87.218.113.85,1069 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:22 - TCP Packet - Source:151.48.99.251,4168 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:43 - TCP Packet - Source:217.127.229.169,11866 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:25:45 - TCP Packet - Source:87.7.141.31,4838 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:46 - TCP Packet - Source:81.221.162.127,4205 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:50 - TCP Packet - Source:221.10.50.226,2009 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:50 - TCP Packet - Source:83.225.101.186,1465 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:50 - TCP Packet - Source:83.18.255.98,1072 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:54 - TCP Packet - Source:83.176.71.2,2820 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:58 - TCP Packet - Source:82.105.140.137,4256 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:26:58 - TCP Packet - Source:83.176.71.2,2820 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:27:45 - TCP Packet - Source:60.188.226.106,1795 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:28:23 - TCP Packet - Source:85.140.156.27,2388 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:28:23 - TCP Packet - Source:87.0.235.73,2719 Destination:87.2.231.234,445 - [DOS]
Sat, 2006-07-01 09:28:30 - TCP Packet - Source:88.113.134.146,2492 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:28:30 - TCP Packet - Source:151.51.86.115,2448 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:28:36 - TCP Packet - Source:193.77.172.38,4322 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:29:03 - TCP Packet - Source:151.47.217.193,2109 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:29:04 - TCP Packet - Source:82.124.38.126,2120 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:35:02 - TCP Packet - Source:83.53.148.81,1328 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:35:02 - TCP Packet - Source:84.184.171.134,62551 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:35:02 - TCP Packet - Source:86.195.65.82,3452 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:35:31 - TCP Packet - Source:151.38.188.150,1161 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:41:39 - TCP Packet - Source:219.248.37.94,3487 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:41:39 - TCP Packet - Source:59.39.255.27,13304 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:48:21 - TCP Packet - Source:151.44.119.172,1834 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:48:22 - TCP Packet - Source:151.37.75.87,4640 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:48:31 - TCP Packet - Source:201.11.24.230,1817 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:56:43 - TCP Packet - Source:87.2.230.154,1499 Destination:87.2.231.234,445 - [DOS]
Sat, 2006-07-01 09:57:12 - TCP Packet - Source:60.188.226.106,3606 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 09:59:50 - TCP Packet - Source:83.33.9.196,1826 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:00:44 - TCP Packet - Source:24.109.192.45,1631 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:00:45 - TCP Packet - Source:81.57.78.168,1926 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:00:45 - TCP Packet - Source:88.12.220.143,4268 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:01:49 - TCP Packet - Source:87.103.65.23,3738 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:01:50 - TCP Packet - Source:220.240.89.29,3291 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:01:51 - TCP Packet - Source:87.2.236.30,27258 Destination:87.2.231.234,139 - [DOS]
Sat, 2006-07-01 10:01:54 - TCP Packet - Source:83.59.232.190,15722 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:03:35 - TCP Packet - Source:82.116.243.64,2676 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:03:35 - TCP Packet - Source:87.2.250.125,2746 Destination:87.2.231.234,445 - [DOS]
Sat, 2006-07-01 10:03:35 - TCP Packet - Source:84.183.243.84,2401 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:03:49 - TCP Packet - Source:83.176.75.123,45826 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:03:49 - TCP Packet - Source:82.54.113.105,3982 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:08:53 - TCP Packet - Source:82.249.113.130,2291 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:09:36 - TCP Packet - Source:89.54.163.174,61920 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:15:28 - TCP Packet - Source:87.6.159.62,2284 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:22:42 - TCP Packet - Source:83.31.83.181,4168 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:22:43 - TCP Packet - Source:83.184.252.247,2528 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:30:03 - TCP Packet - Source:222.85.166.2,51018 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:34:47 - TCP Packet - Source:83.208.240.204,1205 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:47:13 - TCP Packet - Source:80.117.160.34,2965 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:47:14 - TCP Packet - Source:83.237.241.15,20428 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 10:54:43 - TCP Packet - Source:59.39.255.27,17771 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:05:21 - TCP Packet - Source:218.10.185.74,20976 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:05:22 - TCP Packet - Source:212.35.27.253,23187 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:05:22 - TCP Packet - Source:85.60.132.183,2932 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:34:10 - TCP Packet - Source:86.202.13.102,4982 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:46:17 - TCP Packet - Source:193.253.247.214,1583 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:49:29 - TCP Packet - Source:59.39.255.27,21250 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:49:30 - TCP Packet - Source:221.10.50.226,13516 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 11:55:48 - TCP Packet - Source:218.107.29.144,44541 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:01:07 - TCP Packet - Source:87.2.224.91,27533 Destination:87.2.231.234,445 - [DOS]
Sat, 2006-07-01 12:01:08 - TCP Packet - Source:89.136.110.101,1767 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:01:50 - TCP Packet - Source:58.66.136.83,2133 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:05:31 - TCP Packet - Source:218.12.34.42,58809 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:06:10 - TCP Packet - Source:218.73.189.154,1569 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:06:10 - TCP Packet - Source:87.2.211.141,1800 Destination:87.2.231.234,445 - [DOS]
Sat, 2006-07-01 12:06:18 - TCP Packet - Source:218.62.77.126,26038 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:19:02 - TCP Packet - Source:218.24.96.64,15196 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:19:03 - TCP Packet - Source:85.59.32.60,53466 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:19:06 - TCP Packet - Source:24.109.192.45,3232 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:29:55 - TCP Packet - Source:218.12.34.42,18313 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 12:29:55 - TCP Packet - Source:195.174.193.200,1505 Destination:192.168.0.3,4662 - [DOS]
Sat, 2006-07-01 13:18:03 - TCP Packet - Source:84.220.155.180,1456 Destination:87.2.231.234,6667 - [DOS]
Sat, 2006-07-01 15:54:43 - UDP Packet - Source:204.16.208.111,60810 Destination:87.2.231.234,1027 - [DOS]
Sun, 2006-07-02 18:19:45 - UDP Packet - Source:204.16.208.60,46904 Destination:87.2.231.234,1026 - [DOS]
Mon, 2006-07-03 10:45:37 - TCP Packet - Source:84.221.138.119,2156 Destination:87.2.231.234,6669 - [DOS]
Mon, 2006-07-03 10:45:37 - TCP Packet - Source:84.221.138.119,2157 Destination:87.2.231.234,6667 - [DOS]
Mon, 2006-07-03 13:20:52 - UDP Packet - Source:204.16.208.111,51444 Destination:87.2.231.234,1027 - [DOS]
Mon, 2006-07-03 13:20:52 - UDP Packet - Source:204.16.208.111,51444 Destination:87.2.231.234,1026 - [DOS]
Mon, 2006-07-03 13:20:52 - UDP Packet - Source:204.16.208.111,51444 Destination:87.2.231.234,1027 - [DOS]
Mon, 2006-07-03 21:53:36 - UDP Packet - Source:61.156.42.103,52320 Destination:87.2.231.234,2 - [DOS]
Mon, 2006-07-03 21:53:37 - UDP Packet - Source:204.16.208.66,51934 Destination:87.2.231.234,1026 - [DOS]

Che mi potete dire a riguardo?

matteo1

04-07-2006, 16:49

gli attacchi vengono sulla porta 4662 che in genere è quella di default di emule,per cui ti consiglio di bloccarla dal ruoter blocca la 4662 tcp in entrata e uscita.
C'è da dire che quello che chiami lamerucolo potrebbe essere un'associazione anti p2p IANA :stordita:

luxorl

04-07-2006, 16:55

gli attacchi vengono sulla porta 4662 che in genere è quella di default di emule,per cui ti consiglio di bloccarla dal ruoter blocca la 4662 tcp in entrata e uscita.
C'è da dire che quello che chiami lamerucolo potrebbe essere un'associazione anti p2p IANA :stordita:

Se cambiassi le porte usate da amule? e bloccassi quelle di default?

Poi altra domanda.. ho fatto uno scanning sul mio ip lan:

lux@PortatileVaio:~$ sudo nmap -sS -p1-65000 192.168.0.3

Starting Nmap 4.03 ( http://www.insecure.org/nmap/ ) at 2006-07-04 16:51 CEST
Interesting ports on 192.168.0.3:
(The 64998 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
111/tcp open rpcbind
664/tcp open unknown

Nmap finished: 1 IP address (1 host up) scanned in 17.259 seconds

Che sono queste due porte aperte?

matteo1

04-07-2006, 17:07

dunque per un mio errore ho scambiato il tuo ip lan per la IANA;per quanto riguarda emule cambie le porte e blocca la 4662
per le porte aperte leggi qui:
http://www.seifried.org/security/ports/0/111.html
http://www.s0ftpj.org/bfi/online/bfi6/bfi6.05.html
http://www.neohapsis.com/neolabs/neo-ports/neo-ports.html
http://isc.incidents.org/port_details.php?port=664

Soloarte

05-07-2006, 00:22

Non si può avere tutto. Se vuoi più sicurezza non usare IRC. ;)

Ciauz