/me wonders if anyone reads this forum

Anyway, some background for you.
I am connected on a (relatively) fresh install of win2k with not alot on it. The PC is connected by cable with a Black Ice firewall running to stop those dastardly hacker types....

A few days ago i installed KAZAA! - a point 2 point shraing prog and (possibly) since then i have encountered some connectivity problems.
Whilst the prog is running i time out web pages and searches on gamespy, i turn it off and i get web pages instantly and pings from gamespy of 40...
"So leave it turned off" - well yeah i did that. Then last night my firewall started going nuts. Looking at it i saw vast numbers of TCP requests hitting it - quite a few per second.

This (i think) is the P2P clients on other machines doing searches and pinging my IP to see if my client is running. Ok, fair enough (sort of) and leads me to my question.

If you have a large enough number of clients (ie Napster size number) will the number of searches and TCP requests against my IP start to cause a DOS attack?
Or am i just being an un-educated muppet?


Bring it.


COME ON - BRING IT!
(except you Fury - you bugger off)

the best place to read up on DoS attacks I've found is GRC (http://grc.com/dos/grcdos.htm) ... worth a look

Yeah read it before.....
Just wondered about the issues of P2P sharing progs causing DOS attacks (by accident or poor design)

In one word yes!

If you get enough people pinging you then it will DOS you. And infact it would be a DDOS but that does matter for now. If it is really a problem then turn of the p2p prog as they haven't thought this through to well. Or if it is more a napster style with a central database then share less.

Firstly I'd recommend Zone Alarm over Black Ice anyway, Black Ice won't protect you from trojans }:-):

Secondly I'd imagine that if you left off the P2P software for long enough then the scans will stop as you dissapear of the DB, or whatever.

I have to credit white knight with this as he sent the link to me

http://www.tinysoftware.com/pwall_features.php

It's like zone alarm but better as you can block by the port level it even takes an md5 hash to check the application so a virus (or what ever) can't pretended to be ICQ or what ever.

once i got it working it was a lot better than ZA more potential problems were stopped, but it produced a log that if printed probably would have reached the end of my road.

/me makes not to turn loggin *off*

I hate all personal firewall projects.

If someone wants me off the net, they can get me off the net, not a great deal I can do about it. I worry more about my hosted stuff, and I REALLY worry about my work boxes.

I'd tell you all my anti-h4x0r secrets, but that would kinda defeat the point of them being secrets :).

What firewall do the realy big companies use? U know the 1337357 of 1337 firewalls?

Im on nearly 24/7 even tho i have dialup and have experienced a few hack attemps, 1 of them loosing me 2 programming projects and all my schoolwork. :(

/me drills it into Reborn's skull...

Use the SAVE function FREQUENTLY
Backup important work FREQUENTLY

You're no n00b Reborn, so get some fewking skillz and start backing up!!
________________________________
-Zenith-http://cwm.ragesofsanity.com/s/cwm/silly.gif
Providing ShockLance (http://sierrastudios.com/games/tribes2/2_3_0_weapons.html) treatment since April 2001
Tribes 2 Admin @ Multiplay UK i-series LAN parties (http://www.multiplay.co.uk/i-series)
Tribes 2 Admin @ Jolt.co.uk (http://www.jolt.co.uk/index.php?page=tribes2)

Or even better, do both of those and have a nice secure fileserver to keep a your coursework on (Backup to your system)
Trying to fill all the holes in win98 security is like splitting into the wind...

Just set up a little proxy/firewall there are enough stuff out there to make it secure and if you use linux then use IPTables or chains....

We use "CheckPoint Firewall 1" here at work..

Its the dogs doo-dahs.. but i doubt you could afford it for home use.

Its like £3000 for the install + £100 per user licesnse or somthing like that... and we have 250 users !!!!


Personally i`ll be runing the "trial" version of WinRoute Pro from tiny software to secure my fire wall...and their personal firewall software on all my workstations to stop trojans, and spurios network traffic.

Zone Alarm takes the MD5 hash aswell. Does the home user really require by port blocking anyway?

The average "Duh! Whats TCP/IP?" home user doesnt, but anyone who actually knows anything about it would appreciate the extra abilities.

You can use it just like ZA if you want anyway, you dont have to use the port blocking if you dont want to.. but the option is there.

in a work yes!

Cos most people should know what it is.