Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

Security- False Positives?

  • 21-02-2005 11:09pm
    #1
    Champ
    Registered Users, Registered Users 2 Posts: 677 ✭✭✭


    Hi all,
    Hmmm okay i don't have much experience with this sort of stuff, so thanks for your indulgence.
    Either i'm getting a load of false positives, or someone is really taking a keen interest in me.
    My router has mailed me close to 80 alerts about DOS attacks, with different times and various continuations (as in sequential) all thoughout today.
    I know enough about networks in that the source of the 'attacks', is well exactly on the same network as me! (unless that's faked?)

    I've got security maxed out.. i.e, all ports in 'stealth', no inbound initiated connections accepted, DHCP off, passwords all changed to alphanumeric combos, other factory defaults changed etc... So i don't think i have much to worry about.

    I've always gotten 1 or 2 of these DOS 'attacks' before, but 80+ has really blown it to new proportions. :confused:

    Any input? :cool:


Comments

  • #2
    Chalk
    Registered Users, Registered Users 2 Posts: 3,317 ✭✭✭Chalk


    no inbound initiated connections accepted,

    are all the hits from your isp perchance?


  • #3
    leeroybrown
    Closed Accounts Posts: 7,563 ✭✭✭leeroybrown


    You'll generally find that these attacks are worms that automatically target machines on the same network subnet. When Blaster was going strong I remember seeing an attempted attack every six seconds on a dial up connection I was using. It's more than likely just a worm of some kind.


  • #4
    Champ
    Registered Users, Registered Users 2 Posts: 677 ✭✭✭Champ


    are all the hits from your isp perchance?
    Yes, tracert reveals the reverse DNS to be the same ISP and same city... :rolleyes:

    Would it be any good if i contacted my ISP about this? We're on a dynamic ip system here... :confused:


  • #5
    Chalk
    Registered Users, Registered Users 2 Posts: 3,317 ✭✭✭Chalk


    i meant it could be your isp.
    afaik isps will try to perform some sort of check every few hours,
    if it gets blocked they usually retry.

    if its not your isp, then contact them and inform them of whats happening.
    if its something to do with them they should know, and if it isnt they can investigate it


Advertisement