Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ISP says that I'm doing DOS attacks on gaming servers
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
maiku
Guru
Guru


Joined: 24 Mar 2004
Posts: 573
Location: Long Island, NY

PostPosted: Thu Sep 18, 2014 3:35 pm    Post subject: ISP says that I'm doing DOS attacks on gaming servers Reply with quote

I just got a phone call from my ISP saying that my DLink router has Simple Service Discovery on and that I need to close UDP port 1900 and disable Simple Service Discovery.

I do not have a DLink router. I'm using a Gentoo machine for a router. There is no protocol like that installed as far as I know and the only ports open are as follows.
Quote:
pkts bytes target prot opt in out source destination
254M 272G fail2ban-VSFTPD tcp -- any any anywhere anywhere
254M 272G fail2ban-SSH tcp -- any any anywhere anywhere
202M 164G ACCEPT all -- !eth0 any anywhere anywhere
0 0 ACCEPT all -- any any 10.1.1.0/24 anywhere
120M 133G ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
57677 3119K ACCEPT icmp -- any any anywhere anywhere limit: avg 1/sec burst 1
10874 571K ACCEPT tcp -- any any anywhere anywhere tcp dpt:ssh
185 8492 ACCEPT tcp -- any any anywhere anywhere tcp dpt:ftp
0 0 ACCEPT udp -- eth0 any anywhere anywhere udp dpt:openvpn
40983 2171K ACCEPT tcp -- eth0 any anywhere anywhere multiport dports http,hosts2-ns state NEW
51 2576 ACCEPT tcp -- eth0 any anywhere anywhere state NEW tcp dpt:8000
156K 8846K ACCEPT tcp -- eth0 any anywhere anywhere state NEW tcp dpts:50500:50600
407 176K ACCEPT udp -- eth0 any anywhere anywhere udp dpts:5004:5082
8279 780K ACCEPT udp -- eth0 any anywhere anywhere udp dpts:10000:20000
248 10574 ACCEPT tcp -- any any anywhere anywhere tcp dpts:50601:50700
4 188 ACCEPT tcp -- any any anywhere anywhere tcp dpt:10000
142 6464 ACCEPT tcp -- any any anywhere anywhere tcp dpt:1723
17 800 ACCEPT tcp -- any any anywhere anywhere tcp dpt:5666
0 0 ACCEPT esp -- any any anywhere anywhere
0 0 ACCEPT ah -- any any anywhere anywhere
101 4348 ACCEPT tcp -- any any anywhere anywhere tcp dpts:re-mail-ck:xns-mail
6821 337K ACCEPT udp -- any any anywhere anywhere udp dpts:re-mail-ck:xns-mail
6 2244 ACCEPT udp -- any any anywhere anywhere udp dpt:isakmp
2 120 ACCEPT udp -- any any anywhere anywhere udp dpt:ipsec-nat-t
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:3784
0 0 ACCEPT udp -- any any anywhere anywhere udp dpt:3784
14 580 ACCEPT tcp -- any any anywhere anywhere tcp dpt:25565
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:cvspserver
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:25566
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:25568
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:25567
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:25569

Chain FORWARD (policy ACCEPT 2385K packets, 2869M bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 383K packets, 214M bytes)
pkts bytes target prot opt in out source destination

Chain fail2ban-SSH (1 references)
pkts bytes target prot opt in out source destination
254M 272G RETURN all -- any any anywhere anywhere

Chain fail2ban-VSFTPD (1 references)
pkts bytes target prot opt in out source destination
254M 272G RETURN all -- any any anywhere anywhere
They said that my router is being used to redirect traffic. What in the world could they be talking about?
_________________
Michael A. Leonetti
As warm as green tea
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1717

PostPosted: Thu Sep 18, 2014 8:43 pm    Post subject: Reply with quote

I'd start with asking for details and deploing sniffer on your WAN.

E.g. Why they think it's dlink might be good to ask.
What servers you're flooding, and how they determine it was you.
Some logs could be usefull as well

Many providers are still using MAC filtering for the purpose of recognising their customers. Those can be sniffed without any effort even on switched networks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum