[XCSSA] Help I'm under attack!

xcssa@xcssa.org xcssa@xcssa.org
Fri, 1 Dec 2006 18:11:53 -0600 

Thanks Tom,

        I had the router flashed and the passwords/addresses changed outa 
the box. It's some of the more esoteric (at least to me) settings that I did 
not know about and/or understand. Like the Ping and UPNP settings that I 
didn't know were there. Also all the open ports for games, video 
conferencing and stuff that I don't do or use. Firewall settings were a 
mystery. Lucky the router had a couple pre-configured. In any case I don't 
think I was ever totally unsecure...just not as secure as I could have been 
for awhile and probably not as secure as I need to be now. BTW Their are at 
least two unsecure wireless access points around my home, some of them still 
have the SSID as the brand of router!!

Thanks-) Gene "The Vigilant"

----- Original Message ----- 
From: <xcssa-admin@xcssa.org>
To: <xcssa@xcssa.org>
Cc: <xcssa-admin@xcssa.org>
Sent: Tuesday, October 31, 2006 3:59 PM
Subject: Re: [XCSSA] Help I'm under attack!


> On Thursday 30 November 2006 03:55 pm, xcssa-admin@xcssa.org wrote:
>> Thanks Tom,
>>
>>     Glad to be here on the Internet...I think. Attacks did not seem to be
>> this big of a problem with RR. Been on the net for years, I guess 
>> obscurity
>> isn't enough anymore.
>
> I've had a home brew firewall on RR for years now (around 7 years) and the
> incoming traffic LED is almost always  flickering non stop...  I used to 
> pay
> attention tot he logs more.. and even save them.. but I don't have the 
> time..
> It's pretty much non stop.
>
>
>> Don't think any attacks breached the firewall. Had
>> the generic rules in place for blocking request outside the LAN. Added 
>> one
>> that's suppose to help with smurf attacks. Turned off all the UPNP stuff,
>
> Good.
>
>> turned off Ping reply and remote access options. Its a DI-614+ D link
>> wireless/router. Have turned on all the security options that I know how 
>> to
>> configure. Changed passwords and factory address.
>
> Heh.. you should have done that before even hooking it to the RR side.
>
>
>> Flashe to latest
>> firmware. I think I'm as secure as I can be. Just got concerned with all
>> the DOS attacks in the last couple weeks. This is a new neighborhood with
>> allot of wireless routers unsecured.
>
> If I were you..  (depending on the make/model)... I would recommend 
> reflashing
> to an open source variant (if you make/model has an open source project 
> that
> will work on it).  COTS firewall is almost an oxymoron.  That would be 
> like
> people using Windows ISA as a enterprise firewall.. It's a joke. You just
> don't do it.
>
>
>> I think I'm surrounded by
>> zombies!!!!!!!-) I will continue to monitor my router logs and learn. I
>> think some of the problem stems from the fact I just started looking at 
>> the
>> logs when I could not browse the web even though all appeared to be 
>> working
>> fine. Resulting in me being paranoid. So I just need to relax?
>
> Always keep a healthy bit of that anxiousness.  That's what keeps you
> "secure"... always challenging the boundaries of what you have security 
> wise.
> As soon as you "relax" or proclaim yourself as "secure", that's the 
> beginning
> of the end.. ;)
>
> But I see what you're saying.. there is a point at which you can feel that
> you've reached equilibrium or tilted the scaled in your favor.  I think 
> that
> balance comes in the form of "comfortable diligence" (for lack of a better
> term).
>
> For me, that point was building my own firewall (not as hard as it sounds:
> http://xcssa.org/files/SOHOFIREWALL/img0.html).  Buying an OTS firewall 
> and
> thinking that's all I need is waaay outside "my comfort zone" security 
> wise.
> I prefer to the DIY approach, or in the very least get something OTS and 
> turn
> it into something that you can reflash into something non-mainstream
> (http://xcssa.org/pipermail/xcssa/2006-January/003502.html).  Then at 
> least
> you know that you're not running the same thing that 98% of the other mom 
> and
> pops targets out there are running (which is what internet worms and 
> script
> kiddies go after).  After I get something non-mainstream on line, then I
> learn it inside out, and/or customize it further to my liking.  That's my
> sweet spot.
>
> What about some of you?  What do you run for your gateway/router/firewall?
> COTS?
> Homebrew/DIY?
> Hard drive distro?
> CDROM/USB distro?
> Reflash distro?
>
> I hope this helps Gene.. :)
>
> Tweeks
> _______________________________________________
> XCSSA mailing list
> XCSSA@xcssa.org
> http://xcssa.org/mailman/listinfo/xcssa
>
>
> -- 
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.428 / Virus Database: 268.13.21/509 - Release Date: 
> 10/31/2006 4:10 PM
>
>