DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 6th February 2012
Zyos's Avatar
Zyos Zyos is offline
Port Guard
 
Join Date: Nov 2011
Location: United States
Posts: 22
Thanked 0 Times in 0 Posts
Default I think my laptop is updating an attacker with my IP?

I am baffled. I have a laptop here next to me acting as a web server. It is connected to the internet using a NAT'ed router. I have a dynamic ip address which I have changed multiple time in order to get this ip here, 58.218.199.147 to leave me alone.

So far the only way I have gotten them to stop scanning my ports is to either edit pf.conf and block everything in all directions or unplug the machine entirely. I can't seem to find anything unusual showing up in pflog

If I open up the ports www, domain, and https on the server and use the router to block all access to it I still end up seeing things like this appear in it's logs several times a day.
Code:
[DoS Attack: ACK Scan] from source: 58.218.199.147, port 80
[DoS Attack: ACK Scan] from source: 58.218.199.147, port 443
If I open the ports via the router so that people can visit my website all sorts of crazy things start happening. 58.218.199.147 and one of its sister ip 58.218.199.250 or possibly 221.174.50.137 start accessing the server on a regular basis and a bunch of different ip's start attacking me. I have been WinNuked, IMAP scanned, ACK scanned, RST scanned, and Null scanned from all sorts of ip's all over the world in obvious patterns. I haven't told anyone there is a web-server here.

This computer has been compromised before when it had windows on it, but since then it's been wiped and reformatted several times. I believe my computer may still be compromised somehow, but I don't what to do about it. My other machines don't appear to do this, however one is new and the other has had its hard drive replaced.

I'm fairly new at all of this and have no idea what to do next. Does anyone know what's going on?
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Do I need xsrc etc when updating a release? claytonl NetBSD Installation and Upgrading 1 1 Week Ago 08:04 AM
Updating Wikipedia screenshots rpindy OpenBSD General 15 29th May 2011 09:14 PM
patching or updating ? dennky OpenBSD Installation and Upgrading 12 14th January 2010 07:17 PM
/usr became full while updating via cvs IronForge OpenBSD Installation and Upgrading 3 6th January 2010 01:08 PM
Updating FreeBSD carpman FreeBSD Installation and Upgrading 6 26th October 2008 11:49 AM


All times are GMT. The time now is 03:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick