Topic: Packeting Attempts

[sabu]

As an IRC user, I have an IRC Bot, which i keep my channel active with so no take overs occur on IRC servers with no services.

This however brings on packeting.
I get packeted often and go over my download limit.
I am pretty sure my computer is not responding to all these DDoS pings, because when i look in my Bandwidth Monitory (bwm) I see lots of download acitivity, but no upload.

How or where can i get a list of IP's that were involved in the attack so i can warn them that they have been compromised to attack others. Also, I need decent logs to provide my ISP so they don't cut me off.


Thanks

sabu

P.S. Is it possible to firewall my box so hard, that it will drop all ping requests and port scans, or other scans from outside my LAN. Thanks again.

[Terry Brummell]

Install it as "Private Server & Gateway" and it will not respond to any external requests.  Including http, smtp, pop and Imap.  Not sure if you use those services but it is one solution available to you.

Terry

[Terry Brummell]

I should also clarify that it also won't respond to pings, ident and trace routes when in private server and gateway.

Terry

[sabu]

Although I don't think responding to pings is the problem, thanks, where can i find out the exact differences that state the differences between Private Server & Gateway, and the others?

Also, is there a way I can log and then retrieve a list of IP's that were involved in the attack?

[NickR]

You can turn on the firewall logging with this:

/sbin/e-smith/db configuration setprop masq Logging all
/sbin/e-smith/signal-event remoteaccess-update

The rejected port accesses will then get logged in /var/log/messages

[sabu]

thanks!