> I hope someone here has any clue or suggestion about the following. For
> quite some days now I am having problems while chatting on IRC, a user
> there doesn't seem to like me and floods me offline everytime he sees
> me. He uses Linux behind a firewall and seems to know quite some stuff
> (some say he's a hacker).
A script kiddy.
> Anyway, for what I have seen, he sends lots of
> packets to my connection, overloading it thus. Miami detects a ping
> flood (and ignores the pings I guess) but still I end up disconnected,
> the modem (TKR TriStar V34 28.8) goes crazy.
>
> Well, is there any way to protect myself against such flood attacks ? I
> use Miami3.2b, and have thought about adding the IPs he floods from to
> the IP-Filter, but it seems they differ every time he does so, and apart
> that would not really help to keep my line clean, no ? The attacks don't
> go through IRC, since AmIRC doesn't detect any floods. I am quite
> helpless here and hope I had an ADSL connection.
Could be a smurf attack, even though the victum of a smurf attack will
usually only recieve icmp replies from aload of misconfigured routers.
Sometimes Miami will pick up a few icmp request or ping floods as well.
This, you can do nothing about. You could always find a cheap unix shell
provider and set up a irc proxy bouncer on the shell, where you connect to
the proxy, send a password then use the shell's hostname to use as your own
through AmIRC.. This can be a hassle when doing it every time.. But if the
person tried to attack you, he will be trying to flood a T3 shell server.
Even though there is ways to find out your real IP through a shell (like if
finger is enabled on it).
But, anyway.. Miami cannot stop a user from wasting your bandwidth..
> I will EMail my ISP also and ask them for advice, but until then... I am
> not sure if they can get to that person, since even when on IRC he seems
> to hide his real IP address.
Yeah, send an e-mail or ring your ISP. Ask them to block the floods from
you, they should probably have the floods logged. This is all you can
really do.
If you want to find out who it is though... whois the person who attacks you
on IRC, get his [EMAIL PROTECTED] and type in shell/CLI:
miami:miamifinger user@host
replacing the user@host with his user@hostname ofcourse. :)
It may or may not tell you his/her name and IP address he/she is logged in
with.
But most of the time the finger service is disabled on shell providers.
Also trying e-mailing the admin of the shell/ISP he is using.
> Any help appreciated.
Here is a few tips that may help protect you though.
Try turning off services in Miami (database/iNetD) that are not needed.
Like chargen, echo, finger..
Also, he may be using an old exploit on you that disconnects some modems.
To block this, you add the following into your init string in the Miami
modem settings: S2=255
Like, if your init string is:
(Just an example) AT&F&K3&C1&D0\r replace it with:
AT&F&K3&C1&D0S2=255\r
Don't put any spaces in it, and look at your modem's manual if you get
stuck.
This added to your init string will stop + + + commands being sent to your
modem via ping or echo etc..
Hope some of this helped.
Oh, and if you dont telling.. Could you tell me which network, channel
etc.. and whats the nick of the person doing this?
Cya later..
Splatt.
__________________________________________________________
AmIRC Mailing List - Info & Archive: http://www.vapor.com/
For Listserver Help: <[EMAIL PROTECTED]>, "HELP"
To Unsubscribe: <[EMAIL PROTECTED]>, "UNSUBSCRIBE"
