Still Smurfing around

Thread Starter

#12

Joined Nov 30, 2010
18,224
Will that stop Bright House from detecting hackers using random IP addresses on the Internet?
Will that change the IP address of the modem which Bright House installed in my house?
 
Last edited:

Kermit2

Joined Feb 5, 2010
4,162
Most older routers default to allowing directed broadcast. It is important to note that IP directed broadcast should be disabled on all routers and interfaces that do not need it. On Cisco routers the command "no ip directed-broadcast" should be applied to each interface. You can also configure your firewall to drop ICMP messages.

From a Web search
 

BR-549

Joined Sep 22, 2013
4,928
I never said that a VPN would prevent a DNS attack. If I could prevent one, I'd be filthy rich.

Sorry that you think I wasted your time. ta ta.
 

Thread Starter

#12

Joined Nov 30, 2010
18,224
Most older routers default to allowing directed broadcast. It is important to note that IP directed broadcast should be disabled on all routers and interfaces that do not need it. On Cisco routers the command "no ip directed-broadcast" should be applied to each interface. You can also configure your firewall to drop ICMP messages.
I am curious about this but I lack education. As a, "just in case" I would prefer to be sure my router is not re-broadcasting.
I disabled SSID broadcast because I only have one router and I know it's name.
It does not, "Respond to ping on Internet port".
It has a default under, "LAN setup" as, "Use router as a DHCP server" for addresses from 192.168.1.2 to 192.168.1.254
Is that bad? I think it is irrelevant because this setting is only for hard wired connections.
I believe I can limit that range to about 3 addresses and have enough for my possessions and a port for repairing Other People's Computers.
The, "Guest Network" is disabled.
Under, "Port Triggering" it says, "Port triggering opens an incoming port temporarily and does not require the server on the Internet to track your IP address if it is changed by DHCP, for example."
I have no idea what this means except it is about Chat and Games. I have entered nothing into this section.
UPnP is turned off.
I don't see anything about a firewall.
Are you referring to the firewall in my Linux OS? Ubuntu 14.03
It's a Netgear WGR614 Version 10

My goal is to be sure my router is merely logging the attacks, not retransmitting them or responding to them.
If you see anything that might be helpful, please reply.
 

fooforon

Joined Jan 4, 2016
1
I would do as post #21 mentioned and try to change the MAC address of your router.

Top of page 26 from Setup Manual.

"Some cable modem services require you to use the MAC address of the computer
registered on the account. If so, in the Router MAC Address section of the Basic Settings
menu, select “Use this Computer’s MAC Address.” Click Apply to save your settings.
Restart the network in the correct sequence."

Changing the MAC address may force the ISP DHCP server to provide you with a new IP.

Some routers will allow you to manually modify the MAC address in which cause you can change the last 4 digits or use a secondary computer if one is available.
 

eetech00

Joined Jun 8, 2013
3,859
Hi again

Nothing on the computers is going to prevent a smurf attack. That includes the firewall, unless thats what you are using as the ISP router (and your not). Turn your focus to the configuration of the router connected to the ISP. Here are some router configuration items to check. Verify the following settings:

Enable the SPI firewall:
1. Disable SPI firewall = NOT CHECKED = FIREWALL ENABLED

Do not respond to ping on internet port:
2. Respond to Ping on internet port = NOT CHECKED = do not respond

Enable DDOS protection
3. Disable Port Scan and DODS protection = NOT CHECKED = ENABLED

I don't know if your router has item 3 above, but if it does, do not disable that functionality (do not check checkbox).

Now...this is the beginning of securing your router. Perform each step ONE AT A TIME, and verify you can still reach the internet by browsing to sites. If you can't reach Internet, the firewall probably needs adjusting but should be set to its default before beginning.
 

eetech00

Joined Jun 8, 2013
3,859
I would do as post #21 mentioned and try to change the MAC address of your router.

Top of page 26 from Setup Manual.

"Some cable modem services require you to use the MAC address of the computer
registered on the account. If so, in the Router MAC Address section of the Basic Settings
menu, select “Use this Computer’s MAC Address.” Click Apply to save your settings.
Restart the network in the correct sequence."

Changing the MAC address may force the ISP DHCP server to provide you with a new IP.

Some routers will allow you to manually modify the MAC address in which cause you can change the last 4 digits or use a secondary computer if one is available.

That will not help
 

Thread Starter

#12

Joined Nov 30, 2010
18,224
According to the answers, I have done everything correctly with my router. It does not respond to Pings. There is no option to turn off the firewall. There is no option to turn off DDoS protection. I have had my modem replaced by the ISP. If they want to change my IP address, they can.
 

eetech00

Joined Jun 8, 2013
3,859
According to the answers, I have done everything correctly with my router. It does not respond to Pings. There is no option to turn off the firewall. There is no option to turn off DDoS protection. I have had my modem replaced by the ISP. If they want to change my IP address, they can.
According to the manual for your router, there is an option to turn off the firewall.. Just make sure the firewall is enabled
 

eetech00

Joined Jun 8, 2013
3,859
Ok....I will leave you with this....if you have the router firewall enabled and you are still getting smurfed...then there are three possibilities:

1. The firewall is disabled (but you think it's enabled)
2. The firewall is misconfigured.
3. The router/firewall is worthless...

If item 1 or 2 is not true..then get a better router/firewall.

Good luck...
 

djsfantasi

Joined Apr 11, 2010
9,156
Hi

A smurf attack has nothing to do with a three way hand shake.o_O
A smurf attack is generated using ICMP, in which case there is no handshake. :cool:
My bad. Missed the protocol when researching the attack. Thanks for catching it.

But given that is ICMP, the from: address of the request will be some j-random address and the to: address will be #12's address. That will result in a reply from #12's address to the j-random address - looking as if an attack is coming from #12's address!
 

eetech00

Joined Jun 8, 2013
3,859
My bad. Missed the protocol when researching the attack. Thanks for catching it.

But given that is ICMP, the from: address of the request will be some j-random address and the to: address will be #12's address. That will result in a reply from #12's address to the j-random address - looking as if an attack is coming from #12's address!
Yes. That is basically correct. But if the firewall is configured correctly, the request will be blocked.
 

eetech00

Joined Jun 8, 2013
3,859
If he has ping backs disabled, his system should not be sending replies to anyone.
Yes. moreover, if inbound ICMP is blocked, internal machines will never receive the request.

(notice I didn't use the word "ping"? Traceroute (in windows its called "tracert") also uses ICMP to find routes)
 
Last edited:

Thread Starter

#12

Joined Nov 30, 2010
18,224
I just received another phone call from Bright House. A fellow named Bob has been studying this for weeks and finally arrived at the conclusion that my machines have NEVER sent a DDoS attack. This was all down to the stupidity of the Bright House IT "pros".

There was never a reason to, "fix" my machines.
There was never a reason to shut off my Internet connection.
There was never a reason to threaten me.
It merely took BRIGHT HOUSE 4 months to figure out the definition of a Smurf attack is a spoofed IP address.

ps, the Ping response has always been, "off".
 
Last edited:

cmartinez

Joined Jan 17, 2007
8,220
I just received another phone call from Bright House. A fellow named Bob has been studying this for weeks and finally arrived at the conclusion that my machines have NEVER sent a DDoS attack. This was all down to the stupidity of the Bright House IT "pros".

There was never a reason to, "fix" my machines.
There was never a reason to shut off my Internet connection.
There was never a reason to threaten me.
It merely took BRIGHT HOUSE 4 months to figure out the definition of a Smurf attack is a spoofed IP address.

ps, the Ping response has always been, "off".
Well... at least this Bob fella had the decency to call you and explain things...
Guess now you're on your way to getting a new I.P address, aren't you?
 

Thread Starter

#12

Joined Nov 30, 2010
18,224
Guess now you're on your way to getting a new I.P address, aren't you?
No.
I never had a problem with the Internet. The problem was Bright House telling me to stop attacking myself. After three of those "warnings" I started investigating and told my router to keep logs of the INCOMING attacks. After 3 months of me monitoring their traffic for them and sending them thousands of log entries, Bright House learned how to tell the difference between incoming traffic and outgoing traffic. That stopped the problem.
 
Top