Something bit odd happened today with my
humble but small server. I'm not sure what, but I hope
somebody could help, because I hope it doesnt't happen
My connection basically
is a ADL connection. I have private address
in local ISP network to which I connect by Nokia M1122
ADSL router . I have fixed IP but there is NAT before
big bad internet. I have Debian potato 2.2.19 with ipchains
as a firewall. I've enabled with ICMP traceroute and other ICMP's that
are required but not ECHO.
I wasn't doing anything special but I noticed suddenly
that lot of pings were coming at my server as firewall
logs arrived. No matter otherwise, but I also noticed that
connection to internet was not working properly. DNS queries to my
ISP didn't work. Nslookup for example didn't work because
no DNS server couldn't be found.
Looking Ethreal, I could see that traffic was coming to server.
This state of affairs lasted maybe 30-50 minutes or maybe more.
I wasn't counting time, I was wondering was I under attack.
After time, things returned to normal. Not sure why, I did add some specific
rules to firewall concerning the domain where pings came, but
as I was already denying them, so I'm not sure did it help.
There came pings later too but nothing happened because them.
As I contacted the origin of these pings, I was referred here:
Now, what did happen? Unfortunately I didn't know back
then how to look my routers status so I don't have logs about
it. Far as I can tell, traffict came to my server, but
I was unable to send.
Besides those pings, I can't figure anything exceptional
that would have happened.
Certainly I didn't do anything out of ordinary.
Was fault in router, Debinan or somehow
misconfigured firewall ?
I'd add that that I rarely have anykind of
problems with connectivity to internet.
My PGP public key:
Sex, rags and rock'n roll!