What's Next

Unwanted incoming traffic/portscans?

TheRoDent

TheRoDent

Cool Ideas Rep
Joined
Aug 6, 2003
Messages
6,623
Alright, my Linux firewall shows an inordinate amount of portscans, and unwanted connections to my machine at home.

This is no doubt, laregly due to the 24 hour IP refresh cycle. Imagine it. Your neighbour runs some kind of P2P software such as Kazaa, or Gnutella.

Within 24hours, he becomes a 'super' node, and his IP adress gets cached in numerous listings, and p2p websites.

Now, come the next day, he drops his old IP and YOU the sucker, gets his fresh IP.

What do you see? A torrent of unwanted TCP, and in some cases UDP connections to the IP address that you just "inherited" from him. I see this happening on a daily basis. It sometimes lasts for hours...

I didn't ASK for that traffic. I inherited it, due to Telkom's forced IP refresh policy.

YET THAT DATA I DIDN'T WANT TO RECEIVE CONTRIBUTES TOWARDS MY CAP...

Pffft.

Look, I'm actually quite happy with my ADSL service. For me, it's been usable interenet for the first time in my life. But the finer details of their ridiculous arrangements leave me fuming sometimes.
 
Hi TheRoDent

An interesting argument you have. I agree that there is a great deal to be desired with the service we receive. I am certain Telkom can easily create a much happier group of users if only they will spend some time listening to them. ADSL users in specific are generally knowledgeable and will understand if there are major problems that are tough to eradicate. Unfortunately they have been very silent up to now despite many letters from us. Let hope this silence gets broken soon.

Regards,

RPM
[email protected]
 
TheRoDent said:
Alright, my Linux firewall shows an inordinate amount of portscans, and unwanted connections to my machine at home.

This is no doubt, laregly due to the 24 hour IP refresh cycle. Imagine it. Your neighbour runs some kind of P2P software such as Kazaa, or Gnutella.

Within 24hours, he becomes a 'super' node, and his IP adress gets cached in numerous listings, and p2p websites.

Now, come the next day, he drops his old IP and YOU the sucker, gets his fresh IP.

What do you see? A torrent of unwanted TCP, and in some cases UDP connections to the IP address that you just "inherited" from him. I see this happening on a daily basis. It sometimes lasts for hours...

I didn't ASK for that traffic. I inherited it, due to Telkom's forced IP refresh policy.

YET THAT DATA I DIDN'T WANT TO RECEIVE CONTRIBUTES TOWARDS MY CAP...

Pffft.

Look, I'm actually quite happy with my ADSL service. For me, it's been usable interenet for the first time in my life. But the finer details of their ridiculous arrangements leave me fuming sometimes.
Click to expand...
Was this your first post?
Is this why you started an ISP?
And is still a problem?
 
Ahhh the days of the 3gb a month cap...

/looks at 120gb game downloads

This post explains the cisp/vumatel static-ish IP allocations
 
DStvNothingOn said:
Was this your first post?
Is this why you started an ISP?
And is still a problem?
Click to expand...
I think you should go look at what I've done for internet in ZA, and how I helped to start Jawug and MyADSL back in the day. No, it wasn't my first post.

But yes, it was annoying because it would eat your measly cap.
 
TheRoDent said:
I think you should go look at what I've done for internet in ZA, and how I helped to start Jawug and MyADSL back in the day. No, it wasn't my first post.

But yes, it was annoying because it would eat your measly cap.
Click to expand...
woah Dude why so touchy there was no offence meant, I saw the post was done the day after your account was created so thought it might be you first post.
I was just taking a humours look back at what use to be problems in the day ADSL.
As well saying you complained about something and then started your own, thought it might have been funny.

I know you get attacked at lot but this wasn't one of them.
 
TheRoDent said:
I think you should go look at what I've done for internet in ZA, and how I helped to start Jawug and MyADSL back in the day. No, it wasn't my first post.

But yes, it was annoying because it would eat your measly cap.
Click to expand...
wow Jawug.. next we gonna find out you were on Lagnet or Blabber.za.net :)
 
Sinbad said:
lol siv hit on me on zanet BEFORE it was cool :D
Click to expand...
hahaha shew. showing your age there :)

Also we've OT'd this thread completely lol. We need to setup an IRC days in ZA thread to go through how many of us were k-lined by Morticia or tried be picked-up in #hottub.
 
Something interesting I found a couple of months ago.

If you have port 3389 open to the public with Windows RDP listening on it, in no time will you start seeing the security log fill up with logon fail entries. About every 5 seconds some IP from China or Russia tries a username and password combo.
 
Rouxenator said:
Something interesting I found a couple of months ago.

If you have port 3389 open to the public with Windows RDP listening on it, in no time will you start seeing the security log fill up with logon fail entries. About every 5 seconds some IP from China or Russia tries a username and password combo.
Click to expand...
Read somewhere that is has something to do with the uptick in Birthday attacks against TLS ciphers with 64 bit size vulnerability.
Port 3389 was specifically targeted.
Solution was to disable or stop using DES, 3DES, IDEA or RC2 ciphers

HTH.
 
Mr M said:
Read somewhere that is has something to do with the uptick in Birthday attacks against TLS ciphers with 64 bit size vulnerability.
Port 3389 was specifically targeted.
Solution was to disable or stop using DES, 3DES, IDEA or RC2 ciphers

HTH.
Click to expand...
I am an extremely lazy person, so all I did was use a much higher port on the outside and map it to 3389 on the inside. :ROFL:

But yeah - pretty scary stuff. What you say is true as the list of usernames tried as only about 10 or so that was repeated.
 
Rouxenator said:
I am an extremely lazy person, so all I did was use a much higher port on the outside and map it to 3389 on the inside. :ROFL:

But yeah - pretty scary stuff. What you say is true as the list of usernames tried as only about 10 or so that was repeated.
Click to expand...
jeeeeezus at least use a vpn.
 
You must log in or register to reply here.
Back
Top