question about reporting tcp ack atacks
Results 1 to 4 of 4

Thread: question about reporting tcp ack atacks

  1. #1
    Senior Member
    Join Date
    Jun 2002
    Posts
    148

    question about reporting tcp ack atacks

    Maybe I am worying over nothing, im a bit new to firewalls, I checked my log and found a couple of thousand lines like this:

    1,[05/Sep/2002 01:02:12] Rule 'TCP ack packet attack': Blocked: In TCP, 205.188.209.194:80->localhost:3973, Owner: no owner

    1,[05/Sep/2002 01:08:50] Rule 'Asia Spacfic Network': Blocked: In TCP, 211.36.202.149:3504->localhost:1433, Owner: no owner


    Does this mean I am under atack? I found this web site:

    http://www.der-keiler.de/Newsgroups/...2-06/1357.html

    and acording to someones post, it is nothing to wory about, but what if I have about a couple of dozen of those?

    Is there some way I can report it? Should I send my logs to the police?
    In snatches, they learn something of the wisdom
    which is of good, and more of the mere knowledge which is of evil. But must I know what must not come, for I shale become those of knowledgedome. Peace~

  2. #2
    Banned
    Join Date
    Jun 2002
    Posts
    458
    Um, I didn't read the link, my computer is slow and so I am reluctant to open new windows, however, I just wanted to say, I get those often as well, not ACK, I get SYN attacks, but they're both DoS attacks. Nothing to worry about, and you could report these to the ISP, which you could probably find out with some network lookup tool or neotrace. It won't hurt you, and even if you didn't have a firewall, it wouldn't have done anything unless you had a port that was accepting connections. It might be a good idea to read up on TCP/IP if you're interested in what this person was trying to do. Basically, don't sweat it, its just that you're logging these things now, chances are people were trying to attack a range of computers, that you were in, and this had probably been going on long before you had a firewall.

  3. #3
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Only report these kind of attacks to the police if they are (potentially) hurting you. Compare it with a real life situation: whould you report a kid that rings your doorbell 15 times on one day to the police?

    If you feel that the attacks are causing damage to you, or that your system is being used to cause damage to others (we're mostly talking 'commercial server' here), report it to the police. In any other case, just report it to the victims ISP (abuse@isp). Send a carbon copy to your ISP as well.

    Us Dutchies use cents again eversince the Netherlands introduced the Euro. These were two of mine.
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  4. #4
    Senior Member
    Join Date
    Jun 2002
    Posts
    148
    thanks, i will definately find a good tutorial on TCP/IP, I know the basics but i never got too involved in reading about it, maybe I will get out my LAN book that taks about TCP/IP

    I found out by whois on the ip that it was assigned to a AOL member. I then found this site:

    http://webmaster.info.aol.com/index.cfm?article=15

    They tell you all the ip address assigned to AOL members, I made some rules to block most of those IP ranges.

    Thanks for explaining that to me.
    In snatches, they learn something of the wisdom
    which is of good, and more of the mere knowledge which is of evil. But must I know what must not come, for I shale become those of knowledgedome. Peace~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •