[App_rpt-users] DOS

Lu Vencl vencl at att.net
Thu Oct 9 14:36:10 UTC 2014 

Thanks Bryan for the response. And yes, I have taken measures early on to protect myself, but what I found odd is that two of my nodes within a week got attacked. The first one I was unable to do anything with as I am on vacation. The second node, happens to be where I am vacationing right now and I have determined that the attack was occuring on the UDP port. I have since moved to a non standard port and instantly the problem went away as I am blocking the default port we tend to use. I was even unable to register until I moved to the new port.
Now one thing you mentiong and I hate to say it, but I don't even know how one is supposed to get the updates. I assumed it was already done automatically in the background. No?  I have some on ACID and some on XIPAR. If you or someone could respond to me on how to make sure one is current, I would really appreciate it!
Thanks and 73
KA4EPS
 


________________________________
From: Bryan D. Boyle <bdboyle at bdboyle.com>
To: app_rpt mailing list <app_rpt-users at ohnosec.org> 
Sent: Thursday, October 9, 2014 6:56 AM
Subject: Re: [App_rpt-users] DOS



rule 1: if you are connected to the net, you WILL be probed.  Period.  There are no guarantees of access, throughput, or that a weakness in your system, as defined by the services you are exposing, will not be exploited if a vulnerability is found.

So, minimize the attack surface: shut off unnecessary inbound services, monitor your logs, configure any firewalls you may have correctly, keep your system patched, keep your application patched.  Other than that, unless it's egregious, ongoing, and constant, your ISP is innundated with hundreds of complaints daily about this activity, so, they will typically, unless you're a commercial customer with a 4K monthly bill, put you at the bottom of the list for detailed investigation. 

That's just for starters.  All you can do is all the right things: minimize attack surface, keep patches current, monitor your logs for suspicious activity, adopt a stance regarding applications of 'that which is not expressly permitted is prohibited', and realize that, in the general scheme of things, amateur radio repeater linking is not a high priority, national security, launch code, or life safety (really) infrastructure.

And remember, it's not personal...on the part of the hackers...it's just business.

-- 
Bryan (doing this since 1990, CISSP holder)
Sent from my iPhone 5...No electrons were harmed in the sending of this message.





On Oct 9, 2014, at 08:04, Lu Vencl <vencl at att.net> wrote:


Anyone else been experiencing DOS attacks on their nodes? Been having issues with at least two of my nodes, and I know one other person as well. 
>Symptoms to look out for are a sudden degradation in your internet service that your node is attached to, steady it very active internet light on your router if you have one, major breakup in communications, pings to public ip addresses results show major packet loss, can't get registered on Allstar. 
>Just to name a few. 
>Please contact me directly if you have encountered this issue. 
>
>Lu
>KA4EPS
>_______________________________________________
>App_rpt-users mailing list
>App_rpt-users at ohnosec.org
>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users
>
>To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
>You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 
>

_______________________________________________
App_rpt-users mailing list
App_rpt-users at ohnosec.org
http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users

To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-usersand scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.keekles.org/pipermail/app_rpt-users/attachments/20141009/03779cd8/attachment.html>

More information about the App_rpt-users mailing list