RE: Desperate for good firewall: ARP and DNS attacks
First apologize I don't use your replies.
As explained by Tim clean a harddrive is quiete easy ("dd if=/dev/zero of=/dev/sda bs=512 count=2048" in some shell get on system from any kind of live cd will blank partitions table).
Then, as explained again by Tim, if you have any issue coming from Internet, just unplug the Internet cable and then you'll be just sure "attacks" don't come from here.
Next you log on your router and disable wifi. Once you'll have made all that, you'll have only few cable plugged, remove all unneeded.
Finally you'll have your router connected on your PC (the one you want) and no other connection possible if the only cable is the one between the unique PC and the router. No connection = no attack.
Here you'll be able to rebuild all after you've checked "attacks" are no more present.
Finally, when you'll decide to build some firewall, think to block ipv6 traffic too. Here I don't speak to block all traffic, but at least block new connections from outside. On GNU/Linux ip6tables can help you but you don't use that kind of FW.
A last question, did you have fixed IP?
De : Linux User [mailto:email@example.com]
Envoyé : samedi 6 mars 2010 05:49
À : debian-firewall
Cc : DUFRESNE, Mathias (KPF)
Objet : Re: Desperate for good firewall: ARP and DNS attacks
Thank you for responding. This is a bigger problem than just a
firewall, which is why I posted in the security list as well, but I
don't think anyone understands what's happening.
On 3/3/10, DUFRESNE, Mathias (KPF) <MATTHIAS.DUFRESNE@airbus.com> wrote:
> >From my point you should first disable everything which is not needed. If
> you don't use Wifi, just stop it.
That makes no difference. My ISP put me on an IPv6 network where I
would also get an IPv4 address of course, because there was a lot of
traffic where someone or something wanted me to be visible on the
network all the time. When it got to the top level in tech support
(and I'm with a big ISP) I was told someone or something wants to see
my IP address all the time, so whenever I get a new DHCP lease
they/it/him/her can attack my system.
I did try a new modem/router, a Linksys/Cisco WAG120N, but as soon as
I plugged it in, I had no hope of getting to the configuration page in
the browser before it was being attacked. The ethernet port was
flashing indicating activity, but only a small part of that was me. It
kept going. And I couldn't do much on any machine because the DNS
wouldn't work. Sometimes it disallowed me access to the configuration
Oddly enough when I tried a new install, I moved from Debian to
Kubuntu and I got a message flashed on the screen saying the backup
BIOS on disk was being flashed. This is a feature of my motherboard,
but I did not enable it and it wasn't me doing any BIOS update.
> What kind of router are you using? A Linux distribution on some PC or
> dedicated hardware (as modem/router sold by DLink or some other vendors)?
> If you router is a GNU/Linux distribution it is possible to build a strong
> enough firewall with it using iptables (and ip6tables if you also have ipv6
> activated through Internet).
Please see above for make/model.
I have books of over 500 pages with IP tables information but only a
couple of pages. I can't make heads or tales of IP tables which is why
I asked if there was a consultant who could help me out. If the IP
tables manual pages don't go on forever perhaps I should print it out
and try and learn more than I do now.
> Regarding your possibly attacked systems as it was already explained the
> best you could do is to re-install them from scratch.
Unfortunately it makes no difference. I need a way to scrub my disks
clean because of the partitions "hidden" in there which take over an
installation somehow, and I need control over my system. I can't
believe how easy it is to break into a system and almost ruin it so
This also happened to my iMac, and the Apple technicians were
perplexed by it. I was supposed to only have one partition, for Snow
Leopard, but there were two partitions, and using the disk tool to
scrub the disk with zeros before installing did not work. It takes
over the installation and makes sure you can't get rid of it.
I'm not the only one at my ISP with this problem. I really wish they'd
do something about it.
Thank you for your email.
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org
This mail has originated outside your organization, either from an external partner or the Global Internet.
Keep this in mind if you answer this message.
The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.