World Of Cybergings!! Ver 3.1 | View topic

Delta · **Posted:** Sat Jul 07, 2007 6:15 pm

Im constantly having DoS type stuff happen to my conn according to Sygate. I dunno why anyone would target me, it doesnt make sense.

I recently installed CFOS speed program which is sposed to help with your ping during heavy download sessions, but it was shit so I stopped using it. I uninstalled it the other day. The attacks were happening while it was running, but I assumed it was sygate mistaking the way it operates, as the CFOS documentation suggested so. For it still to be happening is confusing.

It's affecting my browsing quite badly. Websites are timing out regularly, and it coincides with a DoS log in sygate.

If anyone knows much about this can you give me some advice? I did a backtrace and whois and get similar to the following on all traces:

Quote:

% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '0.0.0.0 - 255.255.255.255'

inetnum: 0.0.0.0 - 255.255.255.255
netname: IANA-BLK
descr: The whole IPv4 address space
country: EU # Country is really world wide
org: ORG-IANA1-RIPE
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
remarks: The country is really worldwide.
remarks: This address space is assigned at various other places in
remarks: the world and might therefore not be in the RIPE database.
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
mnt-routes: RIPE-NCC-RPSL-MNT
source: RIPE # Filtered

organisation: ORG-IANA1-RIPE
org-name: Internet Assigned Numbers Authority
org-type: IANA
address: see http://www.iana.org
remarks: The IANA allocates IP addresses and AS number blocks to RIRs
remarks: see http://www.iana.org/ipaddress/ip-addresses.htm
remarks: and http://www.iana.org/assignments/as-numbers
e-mail: bitbucket@ripe.net
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
e-mail: bitbucket@ripe.net
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
source: RIPE # Filtered

Delta · **Posted:** Sat Jul 07, 2007 6:20 pm

Quote:

Denial of Service "Jolt2 Attack" attack detected.
Description:
Jolt2 attacker floods illegally fragmented ICMP or UDP packets into your computer and causes your CPU utilization to be 100%

KuifJe · **Posted:** Sat Jul 07, 2007 6:57 pm

The obvious questions...

Spyware/Malware checks?

Antivirus?

Firewall?

Windows updates?

http://www.securiteam.com/exploits/5RP090A1UE.html

Delta · **Posted:** Sun Jul 08, 2007 5:32 am

I've done a deep scan with symantec, and ran hitman pro. Some stuff was pulled out but not much, and the problem still happens. It's a pretty fresh install of windows too. However I did install RealPlayer and QTime which I've avoided for the past few years (got fed up of websites not displaying video).

All the sites Ive checked for the Jolt2 Attack say its only a vulnerability on Win 2000 and older setups. Can't seem to find any updates for XP.

I'm using sygate btw. It's maybe time to change it though as its no longer updated.

KuifJe · **Posted:** Sun Jul 08, 2007 7:20 am

Firewalls should drop the corrupt packets according to all sites. Might be worthwhile to install an update firewall. Also check your router settings and see if it's got a built-in firewall and if it's enabled.

Bit odd you get affected by a 5 yr old attack which has been patched up by all virusscanners and windows...always knew you were speshul

Delta · **Posted:** Sun Jul 08, 2007 11:48 am

The router I had was part of a set top box for the TV we get here. I rearranged my room and the cable no longer stretched to the box, but it did to the PC. So I'm just running the connection straight from the wall.

What firewall can you recommend? Sygate blocks it, but its not very quick off the mark. I'd like something thats as piss easy to use as Sygate.

KuifJe · **Posted:** Sun Jul 08, 2007 3:28 pm

You could try the Windows built-in version for starters, by default it drops all unsollicited (sp?) traffic and only accepts traffic which requests were generated on your PC.

This is if you're using Windows XP SP2 ofcourse, the original version was a big PoS.

Couldnt really recommend anything else seeing I'm using my routers built-in firewall.

Sift · **Posted:** Sun Jul 08, 2007 3:45 pm

Just using good ole free zonealarm here

Delta · **Posted:** Sun Jul 22, 2007 6:55 pm

So I got rid of Sygate a while back and just used the Windows Firewall which seemed to be ok. However in the past week I've been disconnected by my ISP twice.

The garbled message I got was "special software" which leaves me guessing theyve cottoned on to my torrenting and have put a block on it when they see me at it. With Sygate they seemed not to notice but with ICF they do.

So I stuck sygate back on after I reformatted the other day and now its going absolutely bananas, with DoS attacks popping up from every single peer Im connected to on utorrent, as well as any websites I look at.

I'm a bit confused about where or why its happening. It's a fresh format with the same sygate exe I've used for the past year odd so I'm reluctant to say its that. I suspect my ISP might be up to no good, but no idea what.

ZoneAlarm you say Sifty?

Sift · **Posted:** Sun Jul 22, 2007 6:58 pm

Yes. The free version is not overly configurable and I'm sure that there are firewall programs with a smaller memory footprint but I've been using it for gawd knows how many years and have never suffered any malware issues. It does what it says on the tin.

KuifJe · **Posted:** Sun Jul 22, 2007 6:58 pm

Move back to scotland?

Try changing portnumbers on utorrent and limiting the number of connections.

And get rid of that Sygate rubbish.

[edit]
Theres also a nice website that'll do a portscan on your PC: https://www.grc.com/x/ne.dll?bh0bkyd2

Theres more tools on that site to test what ports your ISP is blocking etc
[/edit]

Delta · **Posted:** Sun Jul 29, 2007 9:14 am

I got banned from the web

They caught me 4 times in a week using torrents and now they have to decide if theyll switch me back on or not. According to them, Ive been screwing up everyones connection which is pure lies. I called them to complain about the terrible speeds when i moved in and they said there was nothing they could do. Because its so shit I havent downloaded much at all, and when I do I get speeds of 10-20k peak, maybe around 100k off peak. I only started using torrents last week after I saw whelans DS post, and the file was 5gb, of which I managed to download 2gbs worth over 3 nights. Hardly connection shattering.
They want to be blocking youtube and the like as that site alone probably sucks up most of the bandwidth.

So its definitely those fuckers attacking me with something. Sygate is fine when i use my mobile phone`s modem. Id be interested to see if what theyre doing is against any kind of law.

Sift · **Posted:** Sun Jul 29, 2007 6:16 pm

Delta wrote:

So its definitely those fuckers attacking me with something. Sygate is fine when i use my mobile phone`s modem. Id be interested to see if what theyre doing is against any kind of law.

I thought you were gettng super silly fast speeds out there? I have no idea if what they are doing (if they are doing anything) is against any (Jap) law. And it would probably not be worth your time or expense to try to prove it. Can't you just get a different provider?

Delta · **Posted:** Mon Aug 13, 2007 7:38 am

My company set me up with an apartment in this city, and the housing agency does their own internet providing. I was never gonna settle down here cos of the location, size and price, so it didn't seem worthwhile to go thru the rigmarole of getting a phone line installed etc. I'm moving on Sept 1st so hopefully I'll have a nice meaty connection again.

I'm giving ZA a whirl, it seems ok so far. I'm not gonna touch a torrent tho, its not worth the hassle of getting switched off again.

KuifJe · **Posted:** Mon Aug 13, 2007 9:03 am

utorrent has a nice option to encrypt torrent data which makes detection a lot harder. And make sure you never use the standard portnumber.

And wtf is ZA >.<

Delta · **Posted:** Mon Aug 13, 2007 9:19 am

Zone Alarm /SLAP

Delta · **Posted:** Thu Sep 13, 2007 2:34 am

ROAR!

No issues with Sygate anymore, so it was definitely that ISP despite them claiming otherwise

Sift · **Posted:** Thu Sep 13, 2007 10:30 pm

Grats mate.

KuifJe · **Posted:** Sun Sep 16, 2007 10:44 am

givf your upload tbh..i'd be hosting a gameserver

Delta · **Posted:** Sun Sep 16, 2007 2:57 pm

Id only host a server if people I knew were gonna benefit, but you lot are too far away for it to be worthwhile.

Who is online
Users browsing this forum: No registered users and 1 guest

DoS attacks

Who is online