Disconecting dial up conection
Results 1 to 4 of 4

Thread: Disconecting dial up conection

  1. #1
    Senior Member
    Join Date
    Aug 2002
    Posts
    547

    Disconecting dial up conection

    Hi, right now i'm running a win me computer with all the up dates for all it software including windows. This computer is in dialup. As i firewall i Have norton internet security 2003 up to date. but today some thing weird happend read the log entry below.

    Details: Intrusion: Invalid Source IP Address
    Intruder: 0.48.94.193
    Risk Level: Low
    Source IP address: 0.48.94.193.This IP address is invalid.
    Destination IP address: 224.0.0.2
    Protocol: IGMP.

    I have been geting that all day from the same Ip, and always when this happens it gets disconected and i don't see in the NIS03 no rule that says that in any Intrusion detection it should disconect, also i disabled NIS03 for 2 Hours and it hapend 4 times(getting disconected), i haven't had this problem in the past.

    /The voices in my head are asking me if i manage to send Packets with an IP like that one 0.48.94.193 to a dial up user could it make the same efect ? ? ?

    I can't think very well i havent sleep in 3 days, i'm really tired but i can't go to sleep

  2. #2
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    thats really interesting. looks like a smurf attack. here's some info on it not quit spacific but the closest i could find:

    leave group: this message is issued by a host whichleaves a multicast group. If the host was the last to re-ply to a query with a membership report for that group, thehost sends the leave group message to all-routers multicastgroup (224.0.0.2).[12] studies the effects that forged IGMP messages mayhave on multicast hosts and network traffic.A forgedquery from a machine with lower IP than the currentquerier will cause querier duties to be assigned to theforger. This might probably result in an DoS attack forsome members of the multicast group if some additionalconditions are fulfilled. A forged query message sent to a
    group with members will cause the hosts which are mem-bers of the group to report their membership. This causesa small amount of extra traffic on the LAN, but causes noprotocol problems.A forged report message may cause multicast routersto think there are members of a group on a subnet whenthere are not. Forged report messages are troublesome ifthe source address of the report is spoofed.A forged leave message will cause the querier to sendout group-specific queries for the group in question.

    http://216.239.51.104/search?q=cache...ng_en&ie=UTF-8

    +=+=+=+=+=+=+=+=+=+=+=+=

    0.48.94.193 would definitly be a lower ip address than one anybody would have. if you do use a packet crafterm please post your results.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  3. #3
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    well i smell something weird in the llast hour i have received the same thing but from a diferent ip but with the same destination address. i have an old box with win 98 laying around i'm going to see if the problem is windows , the firewall. or me for running out of coffeeeeeeeeeeeeeeeeeeeeeeeeee

    Details: Intrusion: Invalid Source IP Address
    Intruder: 0.68.94.193
    Risk Level: Low
    Source IP address: 0.68.94.193.This IP address is invalid.
    Destination IP address: 224.0.0.2
    Protocol: IGMP.


    Thanks Tedob1 for the response

    **********
    /the voices in my head say thank you also

    exept for the little one he is the quiet one
    LOL

    ******************
    I just noticed something maybe the packets are from the same ip it just got malformed
    0.48.94.193 and 0.68.94.193 i will keep looking for an answer



    Details: Intrusion: Invalid Source IP Address
    Intruder: 0.48.94.193
    Risk Level: Low
    Source IP address: 0.48.94.193.This IP address is invalid.
    Destination IP address: 224.0.0.2
    Protocol: IGMP.

    Details: Intrusion: Invalid Source IP Address
    Intruder: 0.68.94.193
    Risk Level: Low
    Source IP address: 0.68.94.193.This IP address is invalid.
    Destination IP address: 224.0.0.2
    Protocol: IGMP.

  4. #4
    Senior Member
    Join Date
    Aug 2002
    Posts
    547
    *************************************
    i think this is going to bemy last update in this thread, but you never know.

    I finaly got an Ip logged that looks legit 240.96.94.193

    I whent to http://network-tools.com to make some research and i got nothing. and i tryed VisualRoute 6.2g (the one that comes in Norton I. S.)

    Network Information

    titleNETWORK: NET-240-0-0-0-0 [268435456]
    OrgName: Internet Assigned Numbers Authority
    OrgID: IANA
    Address: 4676 Admiralty Way, Suite 330
    City: Marina del Rey
    StateProv: CA


    that's the only thing i got, but i'm still cluless, but who cares maybe tommorow the problem gets fix by it self, and all kidiots become productive members of society, and Bill Gates makes Windows and all of its software Open Source and fixes the bugs before they can be exploited. . . yeah right Lol

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •