[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Desperate for good firewall: ARP and DNS attacks

Hello Matthias,

Thank you for responding. This is a bigger problem than just a
firewall, which is why I posted in the security list as well, but I
don't think anyone understands what's happening.

On 3/3/10, DUFRESNE, Mathias (KPF) <MATTHIAS.DUFRESNE@airbus.com> wrote:
> Hello,
> >From my point you should first disable everything which is not needed. If
> you don't use Wifi, just stop it.

That makes no difference. My ISP put me on an IPv6 network where I
would also get an IPv4 address of course, because there was a lot of
traffic where someone or something wanted me to be visible on the
network all the time. When it got to the top level in tech support
(and I'm with a big ISP) I was told someone or something wants to see
my IP address all the time, so whenever I get a new DHCP lease
they/it/him/her can attack my system.

I did try a new modem/router, a Linksys/Cisco WAG120N, but as soon as
I plugged it in, I had no hope of getting to the configuration page in
the browser before it was being attacked. The ethernet port was
flashing indicating activity, but only a small part of that was me. It
kept going. And I couldn't do much on any machine because the DNS
wouldn't work. Sometimes it disallowed me access to the configuration

Oddly enough when I tried a new install, I moved from Debian to
Kubuntu and I got a message flashed on the screen saying the backup
BIOS on disk was being flashed. This is a feature of my motherboard,
but I did not enable it and it wasn't me doing any BIOS update.

> What kind of router are you using? A Linux distribution on some PC or
> dedicated hardware (as modem/router sold by DLink or some other vendors)?
> If you router is a GNU/Linux distribution it is possible to build a strong
> enough firewall with it using iptables (and ip6tables if you also have ipv6
> activated through Internet).

Please see above for make/model.

I have books of over 500 pages with IP tables information but only a
couple of pages. I can't make heads or tales of IP tables which is why
I asked if there was a consultant who could help me out. If the IP
tables manual pages don't go on forever perhaps I should print it out
and try and learn more than I do now.

> Regarding your possibly attacked systems as it was already explained the
> best you could do is to re-install them from scratch.

Unfortunately it makes no difference. I need a way to scrub my disks
clean because of the partitions "hidden" in there which take over an
installation somehow, and I need control over my system. I can't
believe how easy it is to break into a system and almost ruin it so

This also happened to my iMac, and the Apple technicians were
perplexed by it. I was supposed to only have one partition, for Snow
Leopard, but there were two partitions, and using the disk tool to
scrub the disk with zeros before installing did not work. It takes
over the installation and makes sure you can't get rid of it.

I'm not the only one at my ISP with this problem. I really wish they'd
do something about it.

Thank you for your email.

Kind Regards.

Reply to: