Internet Security
 

I just discovered something.

I have close to 1.2GB of IPTables logs with this about every 8 lines on various ports, with various intended destinations. As far as I can tell, this has been going on for a few months. First, I would get packets from MediaDefender. Now it's the Department of Defense?!? Surely my Star Trek collection isn't worth that much.

As far as I can tell from my logs, I've been port scanned, DNS spoofed, rerouted across the country and back, and all of these attacks unsuccessful. I'm surprised my old firewall hasn't gone under yet. (I have to admit a 1.3GHz P4 running debian is massive overkill)

What does the DoD want with me? I'm a 15yr old high school student. My ping's been up in the >1000ms range (packet intercept the only explanation), and I'm starting to get that bad feeling in my stomach... :S

I'm not sure if it's wise for me to post this, but what the f*** should I do? :shoop: I called my ISP and was transferred to the fifth level of hell and back before they hung up on me when I asked about their policy regarding this. :angry:

This is where the fun begins. I've never encountered that though, how would I know? What did you do to get that information?

Reminds me of War Games. Perhaps you're linked to someone? Maybe they're profiling you. Are you middle eastern?

You sure its the Department of Defense? I thought the NSA was our little secret police force...

Where did the string "DoD Network Information Center" come from?

Edit: I mean, are you sure it's not spoofed?

well, as long as they are not successful, relax, open a good bottle of wine and watch them try :D

but well, even normal hackers tend today to hide them under all kind of false identities. But as long as the firewall keeps any attackers blocked, thats at least a good thing.

No one can be completely sure that something isn't spoofed, but whoever is attacking me sure knows his stuff. There are about 16 different IPs that have the same ID string, all doing something at the same time. The string came from the MoBlock tables I have merged to my iptables rules. That particular database is known for accuracy, and I have another table that blocks the popular bogon ranges, further reducing the probability of a spoof.


The attack has also increased in severity. The block count is in scientific notation, no kidding. :shock:. They really want that Star Trek. Called my ISP again several hours ago and demanded they stop the DDoS attack (it was that bad, just tail -f ing my log saturates my other gigabit NIC) that was being routed through their networks. As outlined in their TOSA, I'm entitled to quality of service that includes protection from large amounts of unnecessary data, due to my plan being bandwidth metered. I (very, very clearly) let them know about it. Once again I was transferred to the eighteenth level of hell and back; after about four hours, I got a response (in a thick Hindi accent): "We're sorry sir, but we can not help you at this time. Please call back ###### between the business hours of 7-5ET. Thank you and have a good day. *click*

521.6GB of downstream bandwidth later, I have yet to get them to do anything. :shoop::shoop::shoop::shoop::shoop:

I doubt it, judging by the volume.

http://img577.imageshack.us/img577/2412/14afxhw.jpg

Seriously, I'd suggest being careful... I'm sure you know what to do.

I got nothing but perhaps try d/c your computer from the internet and get a new IP.

The one time I don't want a static IP. :shoop:
For now I'm using the neighbor's WiFi and spoofing my packets to look like they're coming from my old IP so the WoW private servers don't get suspicious. It still looks like a rave in my closet with all the blinkey lights. I'm thinking I should write a quick rule in my firewall that changes the destination of their packets to their IP, thereby getting them to hack themselves.... :war:

EDIT: line too saturated to implement this. :(

I can't just go offline, because the RG supports an IP-based "Triple Play" package (that's a steaming pile of ikran s*** btw). My parents would definitely notice if the phones went out and tv wouldn't work. I'm thinking that may be the only thing I can do about this. My connection has begun throttling down because they made me exceed (by a factor of 10, I might add) my bandwidth limit. :shoop:!!!!!!!!!!111

My advice would be to have your parents d/c it.

Think about this. Your computer, or telling them about it. Which one?

Well, it has stopped. The last packet I received from "DoD Network Information Center" was at 12:00:01 last night. Either someone finally grew enough brain cells to figure out I'm not worth it, they gave up because it wasn't working, or they found something. The first one is the most likely, however I'd like to believe the second one because it makes me feel a bit warm and fuzzy inside that I managed to stick it to the government's "cyberwarfare" department for 3 whole days with a system I set up in 30 minutes. The last one makes me shudder a bit. I don't think that's the case, though, because no packets actually made it to my LAN, but a few did find their way to my storage server, but just on port 6881-6999, which is for torrents, but I have MoBlock running and it promptly rejected them.

Now I'm left with about 40GB of logfiles spread across three machines as evidence. Should I delete them or file them away somewhere safe? That's a lot of text. It takes gedit five minutes just to display one of the files, and I froze a WinXP VM trying to open one of the other two in notepad :D.

Certainly keep those somewhere safe. Put a backup in a truecrypt archive and put it somewhere else as well.

Tbh, I very much doubt it was the US government. I think somebody was just ****ing with you.

Not many people have that much bandwidth just to screw with someone. I don't even want to think how much actual data it would take to generate 1.2GB OF LOGS, and particularly the terrible ping times.