For a long time I've received what looks like SYN floods and SMURF attacks to my port associated with Freenet. I've assumed that it's a fault of my firewall or PC, but what's weird is that the port of the "offending" IP increments. I thought that the port that Freenet uses was fixed being that it was defined in the .conf file.
Excuse my display of ignorance, but could someone please explain why the far ends port would need to change?
Example
Time: 05/31/2004, 04:21:52 Message: Smurf Source: 133.205.255.225, 1905
Time: 05/31/2004, 04:25:38 Message: Smurf Source: 133.205.255.225, 2600
Etc.
Most likely this is an attempt by a Freenet node on 133.205.255.225 to connect to your Freenet external port, which is fixed, but is being prevented by your firewall. It tries again and chooses the next available source port. It has to use a new source port so it can tell the difference between the present connection and previous ones, should a packet return. The return packet will be from your Freenet fixed port, and to the arbitrary source port on the remote machine, 133.205.255.225. This is normal. Can you tell your firewall to ignore connections to your Freenet port? I think it may well be identifying Freenet packets as smurf attacks - what does anyone else think?
--
Roger Hayter
_______________________________________________
Support mailing list
[EMAIL PROTECTED]
http://news.gmane.org/gmane.network.freenet.support
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support
Or mailto:[EMAIL PROTECTED]
