Internet Security - Tree of Souls - An Avatar Community Forum
Tree of Souls - An Avatar Community Forum
Go Back   Tree of Souls - An Avatar Community Forum » General Forums » Science and Technology

Reply
 
LinkBack Thread Tools Display Modes
  #1  
Old 11-12-2010, 06:47 AM
Sight Unseen's Avatar
Karyu
Sight Unseen is a perfectly ordinary magical unicorn.
 
Join Date: Mar 2010
Location: Silicon Valley
Posts: 1,374
Default Internet Security

I just discovered something.

Code:
Thu Nov 11 23:02:47| IN: DoD Network Information Center,hits: 825514,SRC: 14.202.32.159
I have close to 1.2GB of IPTables logs with this about every 8 lines on various ports, with various intended destinations. As far as I can tell, this has been going on for a few months. First, I would get packets from MediaDefender. Now it's the Department of Defense?!? Surely my Star Trek collection isn't worth that much.

As far as I can tell from my logs, I've been port scanned, DNS spoofed, rerouted across the country and back, and all of these attacks unsuccessful. I'm surprised my old firewall hasn't gone under yet. (I have to admit a 1.3GHz P4 running debian is massive overkill)

What does the DoD want with me? I'm a 15yr old high school student. My ping's been up in the >1000ms range (packet intercept the only explanation), and I'm starting to get that bad feeling in my stomach...

I'm not sure if it's wise for me to post this, but what the f*** should I do? I called my ISP and was transferred to the fifth level of hell and back before they hung up on me when I asked about their policy regarding this.
Reply With Quote
  #2  
Old 11-12-2010, 08:11 AM
Spock's Avatar
Ikran Makto
Spock is hopeful.
 
Join Date: Mar 2010
Location: Hamilton, New Zealand
Posts: 886
Default

This is where the fun begins. I've never encountered that though, how would I know? What did you do to get that information?
__________________
Live long and prosper
Reply With Quote
  #3  
Old 11-12-2010, 08:57 AM
Woodsprite's Avatar
Olo'eyktan
Woodsprite is very busy.
 
Join Date: Mar 2010
Location: Los Angeles, CA, USA
Posts: 3,174
Default

Reminds me of War Games. Perhaps you're linked to someone? Maybe they're profiling you. Are you middle eastern?
Reply With Quote
  #4  
Old 11-12-2010, 01:30 PM
Isard's Avatar
Old Guard
Isard -- Wait, you do hear the voices right?
 
Join Date: Mar 2010
Posts: 3,416
Send a message via Skype™ to Isard
Default

You sure its the Department of Defense? I thought the NSA was our little secret police force...
__________________
:psyduck:
Reply With Quote
  #5  
Old 11-12-2010, 06:45 PM
stdout's Avatar
King of Output Streams
stdout .
 
Join Date: Mar 2010
Posts: 247
Default

Where did the string "DoD Network Information Center" come from?

Edit: I mean, are you sure it's not spoofed?
__________________
Reply With Quote
  #6  
Old 11-12-2010, 09:28 PM
SaphirJD's Avatar
Ikran Makto
SaphirJD The World is mine now, i win :D
 
Join Date: Mar 2010
Location: The Universe... Evil is everywhere
Posts: 979
Send a message via ICQ to SaphirJD Send a message via AIM to SaphirJD Send a message via Yahoo to SaphirJD Send a message via Skype™ to SaphirJD
Default

well, as long as they are not successful, relax, open a good bottle of wine and watch them try

but well, even normal hackers tend today to hide them under all kind of false identities. But as long as the firewall keeps any attackers blocked, thats at least a good thing.
__________________


www.youtube.com/watch?v=eEpcjgYHE4U
- So bad that it's coming close to Awesome - No, not my personality

SUPER Villain and SOON UPRISING GOD of


VfSCaM - Villains for Strawberry Cruelty against Mankind


Only awesome sweet white Wine can bring you back epic Sunshine

If you want to succeed in life, be evil, mean and show no mercy. But ALWAYS posess A GOOD TASTE !
Reply With Quote
  #7  
Old 11-13-2010, 01:36 AM
Sight Unseen's Avatar
Karyu
Sight Unseen is a perfectly ordinary magical unicorn.
 
Join Date: Mar 2010
Location: Silicon Valley
Posts: 1,374
Default

Quote:
Originally Posted by stdout View Post
Where did the string "DoD Network Information Center" come from?

Edit: I mean, are you sure it's not spoofed?
No one can be completely sure that something isn't spoofed, but whoever is attacking me sure knows his stuff. There are about 16 different IPs that have the same ID string, all doing something at the same time. The string came from the MoBlock tables I have merged to my iptables rules. That particular database is known for accuracy, and I have another table that blocks the popular bogon ranges, further reducing the probability of a spoof.


The attack has also increased in severity. The block count is in scientific notation, no kidding. . They really want that Star Trek. Called my ISP again several hours ago and demanded they stop the DDoS attack (it was that bad, just tail -f ing my log saturates my other gigabit NIC) that was being routed through their networks. As outlined in their TOSA, I'm entitled to quality of service that includes protection from large amounts of unnecessary data, due to my plan being bandwidth metered. I (very, very clearly) let them know about it. Once again I was transferred to the eighteenth level of hell and back; after about four hours, I got a response (in a thick Hindi accent): "We're sorry sir, but we can not help you at this time. Please call back ###### between the business hours of 7-5ET. Thank you and have a good day. *click*

521.6GB of downstream bandwidth later, I have yet to get them to do anything.
Reply With Quote
  #8  
Old 11-13-2010, 04:42 AM
Human No More's Avatar
Toruk Makto, Admin
Human No More has no status.
 
Join Date: Mar 2010
Location: In a datacentre
Posts: 11,751
Default

Quote:
Originally Posted by stdout View Post
Where did the string "DoD Network Information Center" come from?

Edit: I mean, are you sure it's not spoofed?
I doubt it, judging by the volume.



Seriously, I'd suggest being careful... I'm sure you know what to do.
__________________
...
Reply With Quote
  #9  
Old 11-13-2010, 05:42 AM
Banefull's Avatar
Ikran Makto
Banefull has a status.
 
Join Date: Sep 2010
Location: Ohio
Posts: 814
Send a message via Skype™ to Banefull
Default

I got nothing but perhaps try d/c your computer from the internet and get a new IP.

Last edited by Banefull; 11-13-2010 at 05:44 AM.
Reply With Quote
  #10  
Old 11-13-2010, 06:19 AM
Sight Unseen's Avatar
Karyu
Sight Unseen is a perfectly ordinary magical unicorn.
 
Join Date: Mar 2010
Location: Silicon Valley
Posts: 1,374
Default

The one time I don't want a static IP.
For now I'm using the neighbor's WiFi and spoofing my packets to look like they're coming from my old IP so the WoW private servers don't get suspicious. It still looks like a rave in my closet with all the blinkey lights. I'm thinking I should write a quick rule in my firewall that changes the destination of their packets to their IP, thereby getting them to hack themselves....

EDIT: line too saturated to implement this.

I can't just go offline, because the RG supports an IP-based "Triple Play" package (that's a steaming pile of ikran s*** btw). My parents would definitely notice if the phones went out and tv wouldn't work. I'm thinking that may be the only thing I can do about this. My connection has begun throttling down because they made me exceed (by a factor of 10, I might add) my bandwidth limit. !!!!!!!!!!111

Last edited by Sight Unseen; 11-13-2010 at 06:31 AM.
Reply With Quote
  #11  
Old 11-13-2010, 07:06 AM
Banefull's Avatar
Ikran Makto
Banefull has a status.
 
Join Date: Sep 2010
Location: Ohio
Posts: 814
Send a message via Skype™ to Banefull
Default

My advice would be to have your parents d/c it.

Think about this. Your computer, or telling them about it. Which one?
Reply With Quote
  #12  
Old 11-14-2010, 12:24 AM
Sight Unseen's Avatar
Karyu
Sight Unseen is a perfectly ordinary magical unicorn.
 
Join Date: Mar 2010
Location: Silicon Valley
Posts: 1,374
Default

Well, it has stopped. The last packet I received from "DoD Network Information Center" was at 12:00:01 last night. Either someone finally grew enough brain cells to figure out I'm not worth it, they gave up because it wasn't working, or they found something. The first one is the most likely, however I'd like to believe the second one because it makes me feel a bit warm and fuzzy inside that I managed to stick it to the government's "cyberwarfare" department for 3 whole days with a system I set up in 30 minutes. The last one makes me shudder a bit. I don't think that's the case, though, because no packets actually made it to my LAN, but a few did find their way to my storage server, but just on port 6881-6999, which is for torrents, but I have MoBlock running and it promptly rejected them.

Now I'm left with about 40GB of logfiles spread across three machines as evidence. Should I delete them or file them away somewhere safe? That's a lot of text. It takes gedit five minutes just to display one of the files, and I froze a WinXP VM trying to open one of the other two in notepad .

Last edited by Sight Unseen; 11-14-2010 at 12:28 AM.
Reply With Quote
  #13  
Old 11-14-2010, 12:44 PM
Human No More's Avatar
Toruk Makto, Admin
Human No More has no status.
 
Join Date: Mar 2010
Location: In a datacentre
Posts: 11,751
Default

Certainly keep those somewhere safe. Put a backup in a truecrypt archive and put it somewhere else as well.
__________________
...
Reply With Quote
  #14  
Old 11-14-2010, 04:49 PM
Isard's Avatar
Old Guard
Isard -- Wait, you do hear the voices right?
 
Join Date: Mar 2010
Posts: 3,416
Send a message via Skype™ to Isard
Default

Tbh, I very much doubt it was the US government. I think somebody was just ****ing with you.
__________________
:psyduck:
Reply With Quote
  #15  
Old 11-14-2010, 05:37 PM
Human No More's Avatar
Toruk Makto, Admin
Human No More has no status.
 
Join Date: Mar 2010
Location: In a datacentre
Posts: 11,751
Default

Not many people have that much bandwidth just to screw with someone. I don't even want to think how much actual data it would take to generate 1.2GB OF LOGS, and particularly the terrible ping times.
__________________
...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



Visit our partner sites:

      pandoraworld.ru



All times are GMT +1. The time now is 03:11 PM.

Based on the Planet Earth theme by Themes by Design


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.
Content Relevant URLs by vBSEO ©2011, Crawlability, Inc.
All images and clips of Avatar are the exclusive property of 20th Century Fox.