aidogs 100 Posted May 31, 2006 Report Share Posted May 31, 2006 Connections are sporatic due to a router/firewall problem. It appears to be dropping passthrough on port 80 (HTTP) from time to time. According to the literature I have found, the router in question is suceptible to floods and possibly certain attacks and goes in to hibernation. This is a feature that I could have done without so tonight (PDT, Seattle) I will be replacing the router with a different one that does not have this problem. Quote Link to post Share on other sites
aidogs 100 Posted June 2, 2006 Author Report Share Posted June 2, 2006 The offending router was replaced last night with a standalone Linux firewall running Snort. This gives me the capability to detect attacks and control traffic down to a single IP:Port. Short showed that the suspect attacks from China were in fact real. In a 24 hour period the logger detected over 20,000 intrusion attempts, mainly from one address in Shanghai. As a result, an entire CIDR class B block from this attacker has been set to be denied. This encompasses Beijing, Chengdu, Huang Shan, Liuzhou, Shanghai, Zhijiang, and Hong Kong. Here's the jist of this tale : if you are going to be on the internet, you should have a firewall. A hardware firewall is better than a software package. If you are going to host, build a dedicated Linux appliance - commercial hardware router/firewalls under $1000 are inadequate. From this point out, barring maintenance, there should be no connection issues on this side of the internet. If there are, I would appreciate email being sent via the user email. Quote Link to post Share on other sites
Allison 2,369 Posted June 2, 2006 Report Share Posted June 2, 2006 Thanks. He put in a tremendous amount of work, everyone, and all for a little extra kibble in the bowl. It's really great. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.