Constant IP updates & sudden attack spams when up.

gortiag · Tux's lil' helper Joined: 30 Aug 2005 Posts: 92

Hello!

We run a wireless lan, using d-links router DL-624 and I've just recieved complaints about my gentoo box.

My admin told me that my computer renews its IP adress *every* time somebody else connects to the network.

Also, he told me that as soon as I connect to the network, the router (which is also a firewall) gets spammed by attacks from the outside.. (random ip adresses).
He says he has observed the same pattern several times.

I'm quite the newbie when it comes to Linux, and networking in general..

Does anybody know how I can make it stop renewing the IP every time somebody connects to the router, and can I check if the attacks made from outside the router really is my computers fault, and what can I do about in that case?

Thanks!

NeddySeagoon · Posted: Sun Jan 15, 2006 10:39 pm Post subject:

gortiag,

Your wirless interface needs to be in managed mode, not ad-hoc mode. You must not be running a DHCP server on your gentoo either.

I'm not sure what 'outside' means for wireless. Everything is outside. Is the attack comming down the wired interface on the firewall?

Get tcpdump and record traffic on your wireless interface. It will be easy to spot the things your admin claims are happening.
See if you can work with your system admn to spot the attacking IPs
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.

gortiag · Tux's lil' helper Joined: 30 Aug 2005 Posts: 92

Thanks for the reply!

My wireless interface is in managed mode, and I'm not running a DHCP server on my box - only the client.

I'm pretty sure that he meant that the attacks were coming from outside
of our network, ie not my computer or anything "behind" the router, but
rather the big, big internet out there.

It looks like this:

--------------Router---------------
---------------- || -----------------
-- Our -------- || ----- The big---
- Network --- || ------Internet -
---------------- || -----------------

Sorry about the drawing, but I like to draw.

NeddySeagoon · Posted: Mon Jan 16, 2006 8:28 pm Post subject:

gortiag,

OK, so far so good. Drawing is easier if you use the

gortiag · Tux's lil' helper Joined: 30 Aug 2005 Posts: 92

Thanks for the reply.

I emerged tcpdump, but when I don't run an application (like mozilla or irssi), there is no output, not even with the -vv flag.. (that's a good sign, right?)

So, what's the next step?

EDIT:

So, uh, he sent me over this log, or made the router send me the log or whatever. It spammed my mailbox with four messages... (I've got this really annoying admin)
But I don't get much out of it, and obviously neither did he.

This is *probably* the ip-renewal thingie he mentioned...? I've got *no* clue at all, really.. He could've sent me an essay in ancient greek.. -.-

Rovtomte is our essid asus-p4pe is somebody elses cpu and MPU is mine.