Hash: SHA1

Roger Hayter wrote:
> In message <[EMAIL PROTECTED]>,
>> For a long time I've received what looks like SYN floods and SMURF
>> attacks to my port associated with Freenet.  I've assumed that it's a
>> fault of my firewall or PC, but what's weird is that the port of the
>> "offending" IP increments.  I thought that the port that Freenet uses
>> was fixed being that it was defined in the .conf file.
>> Excuse my display of ignorance, but could someone please explain why
>> the far ends port would need to change?
>> Example
>> Time: 05/31/2004, 04:21:52
>> Message: Smurf
>> Source:, 1905
>> Time: 05/31/2004, 04:25:38
>> Message: Smurf
>> Source:, 2600
> Etc.
> Most likely this is an attempt by a Freenet node on to
> connect to your Freenet external port, which is fixed, but is being
> prevented by your firewall.  It tries again and chooses the next
> available source port.  It has to use a new source port so it can tell
> the difference between the present connection and previous ones, should
> a packet return. The return packet will be from your Freenet fixed port,
> and to the arbitrary source port on the remote machine,
> This is normal.  Can you tell your firewall to ignore connections to
> your Freenet port?  I think it may well be identifying Freenet packets
> as smurf attacks - what does anyone else think?

If this is from a SOHO broadband router - especially a D-Link router,
they should likely be disregarded, as the DoS detection in there doesn't
usually work and it KNOWN to be broken in D-Link's firmware.

There was a version of Freenet, 5023 IIRC, that accidently DID launch a
sort of "syn flood" as it would try to reconnect relentlessly.

In general, most SOHO router simply cannot handle the kind of traffic
Freenet generates, and it confuses it with a DoS attack.
Version: GnuPG v1.2.4 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

Support mailing list
Unsubscribe at http://dodo.freenetproject.org/cgi-bin/mailman/listinfo/support

Reply via email to