-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Roger Hayter wrote: > In message <[EMAIL PROTECTED]>, > [EMAIL PROTECTED] writes > >> For a long time I've received what looks like SYN floods and SMURF >> attacks to my port associated with Freenet. I've assumed that it's a >> fault of my firewall or PC, but what's weird is that the port of the >> "offending" IP increments. I thought that the port that Freenet uses >> was fixed being that it was defined in the .conf file. >> >> Excuse my display of ignorance, but could someone please explain why >> the far ends port would need to change? >> >> Example >> >> Time: 05/31/2004, 04:21:52 >> Message: Smurf >> Source: 133.205.255.225, 1905 >> >> Time: 05/31/2004, 04:25:38 >> Message: Smurf >> Source: 133.205.255.225, 2600 >> > Etc. > > Most likely this is an attempt by a Freenet node on 133.205.255.225 to > connect to your Freenet external port, which is fixed, but is being > prevented by your firewall. It tries again and chooses the next > available source port. It has to use a new source port so it can tell > the difference between the present connection and previous ones, should > a packet return. The return packet will be from your Freenet fixed port, > and to the arbitrary source port on the remote machine, 133.205.255.225. > This is normal. Can you tell your firewall to ignore connections to > your Freenet port? I think it may well be identifying Freenet packets > as smurf attacks - what does anyone else think?
If this is from a SOHO broadband router - especially a D-Link router, they should likely be disregarded, as the DoS detection in there doesn't usually work and it KNOWN to be broken in D-Link's firmware. There was a version of Freenet, 5023 IIRC, that accidently DID launch a sort of "syn flood" as it would try to reconnect relentlessly. In general, most SOHO router simply cannot handle the kind of traffic Freenet generates, and it confuses it with a DoS attack. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAu7YxhctESbvQ8ZwRAlhbAJ9Xn5orQIPwNhtdaONP5Ha7vHuNnACfSODp 2eiFYi1hJm8YNcVQSuVA+5o= =okvI -----END PGP SIGNATURE----- _______________________________________________ Support mailing list [EMAIL PROTECTED] http://news.gmane.org/gmane.network.freenet.support Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support Or mailto:[EMAIL PROTECTED]
