<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div><SPAN>Thanks Bryan for the response. And yes, I have taken measures early on to protect myself, but what I found odd is that two of my nodes within a week got attacked. The first one I was unable to do anything with as I am on vacation. The second node, happens to be where I am vacationing right now and I have determined that the attack was occuring on the UDP port. I have since moved to a non standard port and instantly the problem went away as I am blocking the default port we tend to use. I was even unable to register until I moved to the new port.</SPAN></div>
<div><SPAN>Now one thing you mentiong and I hate to say it, but I don't even know how one is supposed to get the updates. I assumed it was already done automatically in the background. No? I have some on ACID and some on XIPAR. If you or someone could respond to me on how to make sure one is current, I would really appreciate it!</SPAN></div>
<div><SPAN>Thanks and 73</SPAN></div>
<div><SPAN>KA4EPS</SPAN></div>
<div><SPAN></SPAN> </div>
<div><BR></div>
<DIV style="FONT-FAMILY: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; FONT-SIZE: 16px">
<DIV style="FONT-FAMILY: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; FONT-SIZE: 16px">
<DIV dir=ltr>
<DIV style="BORDER-BOTTOM: #ccc 1px solid; BORDER-LEFT: #ccc 1px solid; PADDING-BOTTOM: 0px; LINE-HEIGHT: 0; MARGIN: 5px 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; HEIGHT: 0px; FONT-SIZE: 0px; BORDER-TOP: #ccc 1px solid; BORDER-RIGHT: #ccc 1px solid; PADDING-TOP: 0px" class=hr contentEditable=false readonly="true"></DIV><FONT size=2 face=Arial><B><SPAN style="FONT-WEIGHT: bold">From:</SPAN></B> Bryan D. Boyle <bdboyle@bdboyle.com><BR><B><SPAN style="FONT-WEIGHT: bold">To:</SPAN></B> app_rpt mailing list <app_rpt-users@ohnosec.org> <BR><B><SPAN style="FONT-WEIGHT: bold">Sent:</SPAN></B> Thursday, October 9, 2014 6:56 AM<BR><B><SPAN style="FONT-WEIGHT: bold">Subject:</SPAN></B> Re: [App_rpt-users] DOS<BR></FONT></DIV>
<DIV class=y_msg_container><BR>
<DIV id=yiv2051104736>
<DIV>
<DIV>rule 1: if you are connected to the net, you WILL be probed. Period. There are no guarantees of access, throughput, or that a weakness in your system, as defined by the services you are exposing, will not be exploited if a vulnerability is found.</DIV>
<DIV><BR clear=none></DIV>
<DIV>So, minimize the attack surface: shut off unnecessary inbound services, monitor your logs, configure any firewalls you may have correctly, keep your system patched, keep your application patched. Other than that, unless it's egregious, ongoing, and constant, your ISP is innundated with hundreds of complaints daily about this activity, so, they will typically, unless you're a commercial customer with a 4K monthly bill, put you at the bottom of the list for detailed investigation. </DIV>
<DIV><BR clear=none></DIV>
<DIV>That's just for starters. All you can do is all the right things: minimize attack surface, keep patches current, monitor your logs for suspicious activity, adopt a stance regarding applications of 'that which is not expressly permitted is prohibited', and realize that, in the general scheme of things, amateur radio repeater linking is not a high priority, national security, launch code, or life safety (really) infrastructure.</DIV>
<DIV><BR clear=none></DIV>
<DIV>And remember, it's not personal...on the part of the hackers...it's just business.</DIV>
<DIV><BR clear=none>--
<DIV>Bryan (doing this since 1990, CISSP holder)</DIV>
<DIV>Sent from my iPhone 5.<SPAN style="FONT-SIZE: 13pt">..No electrons were harmed in the sending of this message.</SPAN></DIV>
<DIV><BR clear=none>
<DIV><BR clear=none></DIV></DIV></DIV>
<DIV class=qtdSeparateBR><BR><BR></DIV>
<DIV id=yiv2051104736yqt65228 class=yiv2051104736yqt6855648515>
<DIV><BR clear=none>On Oct 9, 2014, at 08:04, Lu Vencl <<A href="mailto:vencl@att.net" shape=rect rel=nofollow target=_blank ymailto="mailto:vencl@att.net">vencl@att.net</A>> wrote:<BR clear=none><BR clear=none></DIV>
<BLOCKQUOTE type="cite">
<DIV><SPAN>Anyone else been experiencing DOS attacks on their nodes? Been having issues with at least two of my nodes, and I know one other person as well. </SPAN><BR clear=none><SPAN>Symptoms to look out for are a sudden degradation in your internet service that your node is attached to, steady it very active internet light on your router if you have one, major breakup in communications, pings to public ip addresses results show major packet loss, can't get registered on Allstar. </SPAN><BR clear=none><SPAN>Just to name a few. </SPAN><BR clear=none><SPAN>Please contact me directly if you have encountered this issue. </SPAN><BR clear=none><SPAN></SPAN><BR clear=none><SPAN>Lu</SPAN><BR clear=none><SPAN>KA4EPS</SPAN><BR clear=none><SPAN>_______________________________________________</SPAN><BR clear=none><SPAN>App_rpt-users mailing list</SPAN><BR clear=none><SPAN><A href="mailto:App_rpt-users@ohnosec.org" shape=rect rel=nofollow target=_blank
ymailto="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</A></SPAN><BR clear=none><SPAN><A href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" shape=rect rel=nofollow target=_blank>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</A></SPAN><BR clear=none><SPAN></SPAN><BR clear=none><SPAN>To unsubscribe from this list please visit <A href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" shape=rect rel=nofollow target=_blank>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</A> and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"</SPAN><BR clear=none><SPAN>You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem. </SPAN><BR clear=none></DIV></BLOCKQUOTE></DIV></DIV></DIV><BR>
<DIV id=yqt96337 class=yqt6855648515>_______________________________________________<BR clear=none>App_rpt-users mailing list<BR clear=none><A href="mailto:App_rpt-users@ohnosec.org" shape=rect ymailto="mailto:App_rpt-users@ohnosec.org">App_rpt-users@ohnosec.org</A><BR clear=none><A href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" shape=rect target=_blank>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</A><BR clear=none><BR clear=none>To unsubscribe from this list please visit <A href="http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users" shape=rect target=_blank>http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users</A>and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"<BR clear=none>You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
</DIV><BR><BR></DIV></DIV></DIV></div></body></html>