Local area connection issues - crossposted.

  • Thread starter Thread starter Oggie Ben Doggie
  • Start date Start date
O

Oggie Ben Doggie

I'm experiencing strange problems with my LAN connection.

I'm running WinXP SP 2. I recently reloaded so its pretty fresh.

I run a few services (web, ftp). I've had it happen 2 days in a row
where between 8:30am and 9:30am the LAN connection becomes disabled or
hosed.

Last evening I came home, the LAN connection icon wasn't showing,
altho it was enabled. I right-clicked to repair it, and everything
ran fine all night long.

Any ideas? Nothing showing in the event log as being at issue - no
errors or anything.

Regards

ND/OBD
 
In alt.comp.hardware.pc-homebuilt Oggie Ben Doggie
I'm experiencing strange problems with my LAN connection.

I'm running WinXP SP 2. I recently reloaded so its pretty fresh.

I run a few services (web, ftp). I've had it happen 2 days in a row
where between 8:30am and 9:30am the LAN connection becomes disabled or
hosed.

Last evening I came home, the LAN connection icon wasn't showing,
altho it was enabled. I right-clicked to repair it, and everything
ran fine all night long.

Any ideas? Nothing showing in the event log as being at issue - no
errors or anything.

Regards

ND/OBD
Click to expand...

When this happens to me, I generally just reboot the modem.
All sorts of glitches can cause a modem to drop offline.

Of course, *I* have a check: More than one computer hooked to the LAN.
So, if none of them talk to each other, it's the router.
If they talk to each other but not the Internet, then it's the modem.
If only one computer doesn't see the others or the Net, then I reboot
that one.
 
Oggie said:
I'm experiencing strange problems with my LAN connection.

I'm running WinXP SP 2. I recently reloaded so its pretty fresh.

I run a few services (web, ftp). I've had it happen 2 days in a row
where between 8:30am and 9:30am the LAN connection becomes disabled or
hosed.

Last evening I came home, the LAN connection icon wasn't showing,
altho it was enabled. I right-clicked to repair it, and everything
ran fine all night long.

Any ideas? Nothing showing in the event log as being at issue - no
errors or anything.

Regards

ND/OBD
Click to expand...

And if the "services" are available on the Internet, how long would
it take hackers to "tip over" the box ? At the rate my internet
connection is being scanned, I'd say it wouldn't take that long.

Paul
 
Paul said:
And if the "services" are available on the Internet, how long would
it take hackers to "tip over" the box ? At the rate my internet
connection is being scanned, I'd say it wouldn't take that long.

Paul
Click to expand...


Is there a particular piece of software that I can get that will let me know
how many times hackers of scanned my ports, etc.? Thanks.

Ed Cregger
 
Ed said:
Is there a particular piece of software that I can get that will let me know
how many times hackers of scanned my ports, etc.? Thanks.

Ed Cregger
Click to expand...

I have an ADSL modem connected to a home router, and then my computer is
connected to the router. The scanning is detectable by seeing the WAN
light flashing, with no corresponding LAN light flashing. The activity
varies by day of week and time of day. It varies with IP address, as
my ADSL modem gets an address from a pool of DHCP addresses. I find some
address ranges see more scanning than others. In some cases, I drop the
connection right after I connect, if I see too much flashing of the LED
on the WAN side.

The scanning rate is low, so that the router won't detect a "Syn flood".
The activity is slowed down, so as not to trigger protection like that.

I've toyed with the idea of setting up a box, to fit between the
ADSL modem and the router, to see exactly what they're looking for.
I'm just too lazy to waste time on the experiment.

My router has a "stealth" rating. At least as far as the "Shields Up!"
test link on this page. All that means, is the scanner on grc.com, was not
able to get a response from the 1024 lowest port numbers, which are the "official"
port numbers. The grc scanner actually results in "syn flood" being noted
in the router log, which doesn't happen for the flashing LED stuff I see.
Which means the testing isn't very thorough (because the router is throwing
away the probes from grc.com , rather than processing them).

http://www.grc.com/default.htm

So, no, there is no place for software here. The scanning would only
be observable, between the ADSL modem and the router. If I was connected
directly to the modem, then things would be different (and more
dangerous).

My comment is mainly focused on the idea of running an open FTP server.
What are the odds, that an easily available FTPD daemon, is kept up to date
with respect to the latest exploits ? The people who exploit FTP servers
are very methodical, and I expect the whole process is automated (i.e. a kit).
So there isn't an actual human, trying commands and inspecting stuff. Having
read some of the accounts of stuff like this, is why I wouldn't dream of
running a DMZ, or of using servers like FTPD or HTTPD on a computer
connected to the Internet. That is what cheap hosting is for :-)

Paul
 
Back
Top