[XCSSA] Help I'm under attack!

xcssa@xcssa.org xcssa@xcssa.org
Tue, 31 Oct 2006 16:59:09 -0500 

On Thursday 30 November 2006 03:55 pm, xcssa-admin@xcssa.org wrote:
> Thanks Tom,
>
>     Glad to be here on the Internet...I think. Attacks did not seem to be
> this big of a problem with RR. Been on the net for years, I guess obscurity
> isn't enough anymore.

I've had a home brew firewall on RR for years now (around 7 years) and the 
incoming traffic LED is almost always  flickering non stop...  I used to pay 
attention tot he logs more.. and even save them.. but I don't have the time.. 
It's pretty much non stop.


> Don't think any attacks breached the firewall. Had 
> the generic rules in place for blocking request outside the LAN. Added one
> that's suppose to help with smurf attacks. Turned off all the UPNP stuff,

Good.

> turned off Ping reply and remote access options. Its a DI-614+ D link
> wireless/router. Have turned on all the security options that I know how to
> configure. Changed passwords and factory address. 

Heh.. you should have done that before even hooking it to the RR side.


> Flashe to latest 
> firmware. I think I'm as secure as I can be. Just got concerned with all
> the DOS attacks in the last couple weeks. This is a new neighborhood with
> allot of wireless routers unsecured.

If I were you..  (depending on the make/model)... I would recommend reflashing 
to an open source variant (if you make/model has an open source project that 
will work on it).  COTS firewall is almost an oxymoron.  That would be like 
people using Windows ISA as a enterprise firewall.. It's a joke. You just 
don't do it.


> I think I'm surrounded by 
> zombies!!!!!!!-) I will continue to monitor my router logs and learn. I
> think some of the problem stems from the fact I just started looking at the
> logs when I could not browse the web even though all appeared to be working
> fine. Resulting in me being paranoid. So I just need to relax?

Always keep a healthy bit of that anxiousness.  That's what keeps you 
"secure"... always challenging the boundaries of what you have security wise.  
As soon as you "relax" or proclaim yourself as "secure", that's the beginning 
of the end.. ;)  

But I see what you're saying.. there is a point at which you can feel that 
you've reached equilibrium or tilted the scaled in your favor.  I think that 
balance comes in the form of "comfortable diligence" (for lack of a better 
term).

For me, that point was building my own firewall (not as hard as it sounds: 
http://xcssa.org/files/SOHOFIREWALL/img0.html).  Buying an OTS firewall and 
thinking that's all I need is waaay outside "my comfort zone" security wise.  
I prefer to the DIY approach, or in the very least get something OTS and turn 
it into something that you can reflash into something non-mainstream 
(http://xcssa.org/pipermail/xcssa/2006-January/003502.html).  Then at least 
you know that you're not running the same thing that 98% of the other mom and 
pops targets out there are running (which is what internet worms and script 
kiddies go after).  After I get something non-mainstream on line, then I 
learn it inside out, and/or customize it further to my liking.  That's my 
sweet spot.

What about some of you?  What do you run for your gateway/router/firewall?
COTS?
Homebrew/DIY?
Hard drive distro?
CDROM/USB distro?
Reflash distro?

I hope this helps Gene.. :)

Tweeks