being attacked? by friend - Page 4
Page 4 of 5 FirstFirst ... 2345 LastLast
Results 31 to 40 of 50

Thread: being attacked? by friend

  1. #31
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Turn your "friend" into the ISP next time. Plain and simple. Warn him, if he continues, turn him in. If he is your friend Im sure you have his name, address, etc. The cable co can search his MAC out and fix the problem. If you have his IP address well this is obviously better. start logging times, dates, etc and let his ISP know.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  2. #32
    Senior Member
    Join Date
    Feb 2002
    Posts
    518
    Turn your "friend" into the ISP next time. Plain and simple. Warn him, if he continues, turn him in. If he is your friend Im sure you have his name, address, etc. The cable co can search his MAC out and fix the problem. If you have his IP address well this is obviously better. start logging times, dates, etc and let his ISP know.
    Remember -
    The ark was built by amatures...
    The Titanic was built by professionals.

  3. #33
    Senior Member SodaMoca5's Avatar
    Join Date
    Mar 2002
    Posts
    236
    You have received some very good advice here. Let's try to boil it down.

    1. The firewall on your system isn't really effective because you are sharing a connection through an entry location. Either a cable/dsl router or your parent's computer. Figure out which. If it is a cable/dsl router with a h/w firewall then a firewall on your parent's computer will not really be very effective either. If your parents connect directly to the cable/dsl modem then it should help considerably at least in tracking down and logging his ip and mac.

    2. Warn your friend. What he is doing is illegal. Let him know that if he continues you will pursue him through his ISP. If he desists fine, if not please realize that stopping him now with this minor incident is much better than if he continues as a script kiddie and breaks into or causes damage to a company who really presses full charges. What he is doing is not funny, it is not cute, it is not friendly. He is attacking you and his ability to do so is, as you stated, harassment and is now a felony. I only suggest the warning because you say he is a friend. Truthfully I think he needs a boot to the head.

    3. Re-assess what you consider a friend. Whether my friends can harass me is immaterial because they won't harass me. I do not call people with that small minded, mean spirited attitude friends. Of course I no longer have to pick and choose my friends from among a group of immature adolescents but even within that group are a lot of "good" friends you can choose over this mini-tyrant.
    SodaMoca5
    \"We are pressing through the sphincter of assholiness\"

  4. #34
    Senior Member SodaMoca5's Avatar
    Join Date
    Mar 2002
    Posts
    236
    You have received some very good advice here. Let's try to boil it down.

    1. The firewall on your system isn't really effective because you are sharing a connection through an entry location. Either a cable/dsl router or your parent's computer. Figure out which. If it is a cable/dsl router with a h/w firewall then a firewall on your parent's computer will not really be very effective either. If your parents connect directly to the cable/dsl modem then it should help considerably at least in tracking down and logging his ip and mac.

    2. Warn your friend. What he is doing is illegal. Let him know that if he continues you will pursue him through his ISP. If he desists fine, if not please realize that stopping him now with this minor incident is much better than if he continues as a script kiddie and breaks into or causes damage to a company who really presses full charges. What he is doing is not funny, it is not cute, it is not friendly. He is attacking you and his ability to do so is, as you stated, harassment and is now a felony. I only suggest the warning because you say he is a friend. Truthfully I think he needs a boot to the head.

    3. Re-assess what you consider a friend. Whether my friends can harass me is immaterial because they won't harass me. I do not call people with that small minded, mean spirited attitude friends. Of course I no longer have to pick and choose my friends from among a group of immature adolescents but even within that group are a lot of "good" friends you can choose over this mini-tyrant.
    SodaMoca5
    \"We are pressing through the sphincter of assholiness\"

  5. #35
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Spyder32: Run that by me again...... A SYN flood is where he synch's the packets so he can send more?????? Am I understanding you right or did you mis-speak.

    A SYN flood is a DOS attack based on the way TCP/IP works. To make a connection between 2 PC's requires a three way handshake. SYN - SYN/ACK - ACK. So when a computer receives a SYN it has to set aside space on the stack for the ensuing connection.

    A SYN flood takes advantage of this by sending multiple SYN's at the target computer. The target sends back the SYN/ACK's, (which it should do), and sets aside space on the stack for the completed connection when the ACK arrives. And there's the catch - The ACK never comes so the target is sat there with all this space taken up on it's stack with what is known as "half open" connections. There comes a point where there is no space left on the stack for new connections which therefore is denial of service to the subsequent legitimate connection attempts.

    Many OS's have now been fixed to avoid this problem to a large degree by giving the half open connections a timeout value if the ACK is never received.

    If srfgollum was playing counterstrike when a SYN flood attack came in his connection would be unaffected in terms of DOS to him since he already has his 3 way handshake complete and has his space on the stack. However, the sudden increase in traffic would tend to slow down the connection. What is a problem though is that srfgollum is on broadband and even at peak periods should be able to get 40-60kbps transfers but counterstrike only consumes about 3.5-5kbps in it's transfers. That means that his "dear" friend has to eat 35-55kbps of his bandwidth all on his own. That's not likely as it would DOS the whole network.

    I would speculate that his friend lives close by - like on the same subnet..... - Then he sets up a sniffer like snort to sniff any packet from XXX.XXX.XXX.XXX, (srfgollum's IP), that is directed at any IP on port 27015-20 and if it finds one it is to send a RST, (reset). On a busy network that would take less bandwidth, would not attract any attention to yourself as the "attacker" though it would suffer from missing some packets on a less than optimal machine. The effect would be to slow srfgollum and lag him out no end while his machine keeps retrying.... if the RST only went to srfgollum and not the server the connection should stay up, assuming the client software tries to reconnect under difficult conditions rather then dropping altogether.

    Anyone want to poke holes in that theory?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #36
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Spyder32: Run that by me again...... A SYN flood is where he synch's the packets so he can send more?????? Am I understanding you right or did you mis-speak.

    A SYN flood is a DOS attack based on the way TCP/IP works. To make a connection between 2 PC's requires a three way handshake. SYN - SYN/ACK - ACK. So when a computer receives a SYN it has to set aside space on the stack for the ensuing connection.

    A SYN flood takes advantage of this by sending multiple SYN's at the target computer. The target sends back the SYN/ACK's, (which it should do), and sets aside space on the stack for the completed connection when the ACK arrives. And there's the catch - The ACK never comes so the target is sat there with all this space taken up on it's stack with what is known as "half open" connections. There comes a point where there is no space left on the stack for new connections which therefore is denial of service to the subsequent legitimate connection attempts.

    Many OS's have now been fixed to avoid this problem to a large degree by giving the half open connections a timeout value if the ACK is never received.

    If srfgollum was playing counterstrike when a SYN flood attack came in his connection would be unaffected in terms of DOS to him since he already has his 3 way handshake complete and has his space on the stack. However, the sudden increase in traffic would tend to slow down the connection. What is a problem though is that srfgollum is on broadband and even at peak periods should be able to get 40-60kbps transfers but counterstrike only consumes about 3.5-5kbps in it's transfers. That means that his "dear" friend has to eat 35-55kbps of his bandwidth all on his own. That's not likely as it would DOS the whole network.

    I would speculate that his friend lives close by - like on the same subnet..... - Then he sets up a sniffer like snort to sniff any packet from XXX.XXX.XXX.XXX, (srfgollum's IP), that is directed at any IP on port 27015-20 and if it finds one it is to send a RST, (reset). On a busy network that would take less bandwidth, would not attract any attention to yourself as the "attacker" though it would suffer from missing some packets on a less than optimal machine. The effect would be to slow srfgollum and lag him out no end while his machine keeps retrying.... if the RST only went to srfgollum and not the server the connection should stay up, assuming the client software tries to reconnect under difficult conditions rather then dropping altogether.

    Anyone want to poke holes in that theory?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #37
    Member
    Join Date
    Oct 2002
    Posts
    65
    Very informative, Tiger Shark! Thanks for the info, it sounds like you could write a great tutorial on TCP/IP!

    Yeah, I know there are many already out... but it's so well explained...
    Have you filled out an ID-10-T or PEBKAK form lately?

  8. #38
    Member
    Join Date
    Oct 2002
    Posts
    65
    Very informative, Tiger Shark! Thanks for the info, it sounds like you could write a great tutorial on TCP/IP!

    Yeah, I know there are many already out... but it's so well explained...
    Have you filled out an ID-10-T or PEBKAK form lately?

  9. #39
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    I totally agree with avenger_jcc, send a mail to his ISP with the logs of his attacks (ZoneAlarm must stock the logs somewhere). I guess he will never search to attack you again after a such reaction (the problem is that he will also probably never want to play again with you at CS).
    Life is boring. Play NetHack... --more--

  10. #40
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    I totally agree with avenger_jcc, send a mail to his ISP with the logs of his attacks (ZoneAlarm must stock the logs somewhere). I guess he will never search to attack you again after a such reaction (the problem is that he will also probably never want to play again with you at CS).
    Life is boring. Play NetHack... --more--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides