Re: Local area connection issues - crossposted.
- From: Paul <nospam@xxxxxxxxxx>
- Date: Sat, 21 Jul 2007 00:47:49 -0400
Ed Cregger wrote:
"Paul" <nospam@xxxxxxxxxx> wrote in message news:f7oms4$1e2$2@xxxxxxxxxxxOggie Ben Doggie wrote:I'm experiencing strange problems with my LAN connection.And if the "services" are available on the Internet, how long would
I'm running WinXP SP 2. I recently reloaded so its pretty fresh.
I run a few services (web, ftp). I've had it happen 2 days in a row
where between 8:30am and 9:30am the LAN connection becomes disabled or
hosed.
Last evening I came home, the LAN connection icon wasn't showing,
altho it was enabled. I right-clicked to repair it, and everything
ran fine all night long.
Any ideas? Nothing showing in the event log as being at issue - no
errors or anything.
Regards
ND/OBD
it take hackers to "tip over" the box ? At the rate my internet
connection is being scanned, I'd say it wouldn't take that long.
Paul
Is there a particular piece of software that I can get that will let me know how many times hackers of scanned my ports, etc.? Thanks.
Ed Cregger
I have an ADSL modem connected to a home router, and then my computer is
connected to the router. The scanning is detectable by seeing the WAN
light flashing, with no corresponding LAN light flashing. The activity
varies by day of week and time of day. It varies with IP address, as
my ADSL modem gets an address from a pool of DHCP addresses. I find some
address ranges see more scanning than others. In some cases, I drop the
connection right after I connect, if I see too much flashing of the LED
on the WAN side.
The scanning rate is low, so that the router won't detect a "Syn flood".
The activity is slowed down, so as not to trigger protection like that.
I've toyed with the idea of setting up a box, to fit between the
ADSL modem and the router, to see exactly what they're looking for.
I'm just too lazy to waste time on the experiment.
My router has a "stealth" rating. At least as far as the "Shields Up!"
test link on this page. All that means, is the scanner on grc.com, was not
able to get a response from the 1024 lowest port numbers, which are the "official"
port numbers. The grc scanner actually results in "syn flood" being noted
in the router log, which doesn't happen for the flashing LED stuff I see.
Which means the testing isn't very thorough (because the router is throwing
away the probes from grc.com , rather than processing them).
http://www.grc.com/default.htm
So, no, there is no place for software here. The scanning would only
be observable, between the ADSL modem and the router. If I was connected
directly to the modem, then things would be different (and more
dangerous).
My comment is mainly focused on the idea of running an open FTP server.
What are the odds, that an easily available FTPD daemon, is kept up to date
with respect to the latest exploits ? The people who exploit FTP servers
are very methodical, and I expect the whole process is automated (i.e. a kit).
So there isn't an actual human, trying commands and inspecting stuff. Having
read some of the accounts of stuff like this, is why I wouldn't dream of
running a DMZ, or of using servers like FTPD or HTTPD on a computer
connected to the Internet. That is what cheap hosting is for :-)
Paul
.
- References:
- Local area connection issues - crossposted.
- From: Oggie Ben Doggie
- Re: Local area connection issues - crossposted.
- From: Paul
- Re: Local area connection issues - crossposted.
- From: Ed Cregger
- Local area connection issues - crossposted.
- Prev by Date: Re: Any recommendations for a replacement to my Pioneer 111D?
- Next by Date: Re: Cables?!?!!?
- Previous by thread: Re: Local area connection issues - crossposted.
- Next by thread: Re: Local area connection issues - crossposted.
- Index(es):
Relevant Pages
|
