IP hijack

[jiten]

Hi there.

Well, in the last few days, my hub has been a victim of IP hijacks.

They drop the hub server's connection and then hijack its IP, so that all user connections go temporarily to the hijacker's server who kicks/bans and redirects everyone.

We solved it by changing the IP adress in the no-ip account to another one.

Is there any way to prevent this kind of hijacks?

jiten

[witch]

i would also like to know it......had the same problem  

[plop]

sorry 2 say but this is only posible on crap isp's.
a good setup fw on linux/bsd solves this without any problem.
it's called spoofing.
windows is the weakest link here, it just let the other compie take the ip (it gives a bsod on 98).

plop

[witch]

thx plop 4 info, hope to find new linux host sOOn  

[jiten]

Isn't there any software/firewall for XP to prevent those kind of attacks?

[bastya_elvtars]

Originally posted by jiten
Isn't there any software/firewall for XP to prevent those kind of attacks?

outpost can solve these problems, altho dunno if it can solve THIS.

[Cypher]

get a better firewall :P

[witch]

i use outpost but wasn't save from atack, firewall cousing cpu 100% during atack, couldn't even open it  :baby:

[Cypher]

lol, software firewalls are crap against attacks. try a cisco or sumit ;)

[plop]

the attack causes a problem on the tcp/ip stack.
the software firewall runs on top of that so it will never work.
on a hardware firewall or linux/bsd system the firewall is running inside the tcp/ip stack, and thus it can protect against it.
but it isn't the fw which does the real protecting, it just refuses 2 drop the ip on a conflict.
by the idea of "i had it 1st".

plop

[bastya_elvtars]

Originally posted by witch
i use outpost but wasn't save from atack, firewall cousing cpu 100% during atack, couldn't even open it  :baby:

disable logging in outpost 2.5 then it wont eat 100% cpu nuttin more to offer lol

[Psycho_Chihuahua]

Originally posted by jiten
Isn't there any software/firewall for XP to prevent those kind of attacks?

Since SP2 there is a Firewall integrated into Windoze XP, Windows 2003 is the other Vesion that already has a Firewall

[plop]

Originally posted by Psycho_Chihuahua

Originally posted by jiten
Isn't there any software/firewall for XP to prevent those kind of attacks?

Since SP2 there is a Firewall integrated into Windoze XP, Windows 2003 is the other Vesion that already has a Firewall

it been in 2003 and xp from the start and it's still as leaking as it was on the start.
and like i said before the problem can't be solved by a firewall, the problem is the tcp/ip stack of windows.
and the firewall from windows shouldn't ever be used in combination with dc.

plop

[v??KM?k]

there is a software wall that drops packets that r no good but you can still max out the chip.
V isthnetic

[witch]

...my hub attacked again  looks like time to get router/firewall.....any advice what to get?

thx & Merry Christmas  )

[n1ck]

Dunno if this may help, but wouldnt it be better if you werent on no-ip and had your own domain?

[[PT]CableGuy]

Hi there:

It seems , that ZoneAlarm and Kerio firewalls prevent "ip spoofing". :]
The main problem is the "direct modem" connection...giving a public IP to the hub's PC.
This is a problem when the "attack" is some kind of DoS (Denial of Services).
DoS is "a flood" , so to speak , and when the PC reaches full consumption of "native processes"...
...it crashes , allowing the "alleged hacker" to spoof you're IP and "take control" of you're network.
My advice (like plop) is to use a linux router
You'll only need a 200MHz PC with more than 128Mb of RAM....with IPCOP
IPCOP is a linux distribution and it's one of the best routers i've ever seen.
The ideia is to "place" a IPCOP machine between you're modem and you're local network.
This way....the attacked machine is allways the IPCOP machine.

btw: Having a router (hardware/software) prevents "local PCs" to be "seen" on the internet.

[witch]

Thx n1ck, but of cose i do use DNS service...

[PT]CableGuy thx 4 info man, i'll maybe try that too...

Merry Christmass every1  

[plop]

Originally posted by n1ck
Dunno if this may help, but wouldnt it be better if you werent on no-ip and had your own domain?

this doesn't mather.
when you open a website your browser is gone send a request to the DNS servers, asking them 2 translate the given url into an IP.
your browser then trys 2 connect 2 that IP.
incase of an attack this would be the point where it starts.

plop

[n1ck]

I certainly know that sygate has mac spoofing detection (as i've been hit a few times). Also its damn good anyway lol

[jiten]

Originally posted by plop

a good setup fw on linux/bsd solves this without any problem.

plop

which firewall would you recommend for linux? in my case, mandrake 10.1?

regards,

jiten

[plop]

Originally posted by jiten which firewall would you recommend for linux? in my case, mandrake 10.1?

they say ipcop and thewall are really good on linux.
i'm a freebsd user myself, on that they use there own firewall.
freebsd 4.x and older uses ipfw and freebsd 5.x uses ipfw2.
2 activate these you can either load the kernel module, but better is 2 compile a new kernel with the firewall inside it.

plop

[jiten]

hi there.
well, i downloaded ipcop and thewall but, both of them delete all the existing partitions on disk for the installation.
isn't there other firewall for that prevents this kind of attacks and doesn't require deleting partitions or a old pc to run?

best regards,

jiten

[plop]

Originally posted by jiten
hi there.
well, i downloaded ipcop and thewall but, both of them delete all the existing partitions on disk for the installation.
isn't there other firewall for that prevents this kind of attacks and doesn't require deleting partitions or a old pc to run?

best regards,

jiten

try freesco.
it should be able 2 handle these attacks and it runs from a floppy.

plop