How Do You Handle Portscanning Attacks? 140
Kainaw asks: "I tried to submit this earlier, but I couldn't because I had no bandwidth available. The reason is simple: I use Comcast for cable Internet. My modem/router is portscanned constantly. Nothing makes it past the router, so everyone tells me that it isn't an issue. Well, it is when I can't access any webpages, get email, or even submit a simple article to Ask Slashdot because my entire bandwidth is eaten up by script kiddies with a new portscanner toy. This is a two-part question: First, can anything be done with a simple at-home modem/Linksys router/two computer setup to stop a portscanning attack? Second, is it possible for the Linksys router to become a 'bot' and actually be the originator of much of the traffic?"
Contact Comcast (Score:2, Informative)
On a side note, I've also go Comcast, and I've never run into anything like this. They do tend to have a lot of problems with their DNS servers, though.
Re:Contact Comcast (Score:3, Informative)
I called Comcast and found that the DNS sent with DHCP for the cable modems is actually the testing DNS server. I had set the DNS server IP address manually and I've had no DNS problems since. Unfortunatly, I'm at work, so I have no clue what the IP address is.
Re:Contact Comcast (Score:1, Offtopic)
You mean you can't ssh into your home box from the office.
Loser.
Re:Contact Comcast (Score:2)
D
Re:Contact Comcast (Score:3, Interesting)
I actually had some discussions with the installers and local sales people for Comcast. Their attitude was a don't ask/don't tell policy for running services over their cable modem connections. As long as you aren't soaking up an extreme amount of bandwidth they don't really care if you are running a web server, ftp server, whatever.
Besides, I could run ssh over any port I want.
Re:Contact Comcast (Score:1)
Re:Contact Comcast (Score:2)
Kinda what I was thinking...
Re:Contact Comcast (Score:2)
How do you define care? As in it's listed in their TOS? They shut you down for it? You work for them and hunt people down that run websites or connect to their machine locally?
Almost a year ago I contacted our local Comcast business sales rep to see about a data line to our office. I wanted to see if I could sign up for an account where I could host a server. They did not offer an account that allowed server hosting in our area at
Re:Contact Comcast (Score:2)
Read your TOS. I think you may be pleasantly surprised to find that running a server on your connection has been forbidden by your ISP. I know my does.
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:2)
which ones would those be, 0-65535 ?
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:2)
I must admit I had never figured that port 0 was valid but I can't see any reason in RFC 793 - Transmission Control Protocol [faqs.org] that prohibits port 0 being used and IANA's port number document [iana.org] merely says that it is "reserved".
However
# sshd -p 0 -D
Bad port number.
it might be a neat hack if firewalls skip port 0 or some such
Re:Contact Comcast (Score:2)
ie its what you use when binding a socket for an outgoing connection or if you wan't to have a socket to listen on but don't really care about its port number since you will be telling your peer that by some other means.
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:3, Funny)
I'm at work, but even I know the IP address of my Comcast cable modem is 127.0.0.1. Bring the the script kiddieZ!!1!
Re: (Score:3, Insightful)
Re:Contact Comcast (Score:2)
Re:Contact Comcast (Score:2)
Not The Portscans (Score:4, Insightful)
Re:Not The Portscans (Score:1)
Re:Not The Portscans (Score:2)
Re:Not The Portscans (Score:3, Interesting)
Of c
Re:Yes Possibly The Portscans (Score:3, Insightful)
Here's a suggestion... (Score:5, Funny)
Got the IP addys of your tormentors?
Post them here!
I'm sure some of us could persuade these kids that port scanning is bad for your health...
^_^
Re:Here's a suggestion... (Score:2, Funny)
Faster than a gag order, more powerfull than a botnet
I probably horrably mangled that quote, but whatever
Re:Here's a suggestion... (Score:2)
Re:Here's a suggestion... (Score:2)
In that case, they'll probably quit on their own after reading my previous post.
Problem solved...that'll be $175 (American).
^_^
Re:Here's a suggestion... (Score:1, Redundant)
Hack away!
Re:Here's a suggestion... (Score:1)
Re:Here's a suggestion... (Score:1)
Re:Here's a suggestion... (Score:3, Funny)
I'm going to so end that sucker right now, i've got it all loaded up and i'm about to hit the ent
Found the source of the interference. (Score:2)
(let me jot down)
one two seven... dot zero... dot zero... dot one. There! Hit it guys.
Sounds more like a DoS to me (Score:2, Insightful)
IANA network security expert, but I'd say put a more capable firewall behind the router (read: a Linux or BSD box) and make it the DMZ.
At least you don't have some punk trying to find a weak username/password combo through SSH. (Silly script kiddie, you can't login to root through SSH on my box.)
Re:Sounds more like a DoS to me (Score:3, Interesting)
You definitely wouldn't want to do a default install of any distro I know of (except Debian, that doesn't install much of anything except what you ask for).
Re:Sounds more like a DoS to me (Score:3, Interesting)
Re:Sounds more like a DoS to me (Score:2, Informative)
After you use the latest installer, go to http://www.pfsense.com/updates/ [pfsense.com] and grab the latest version, then update via the 'firmware' tab on the web interface.
Re:Sounds more like a DoS to me (Score:2)
Re:Sounds more like a DoS to me (Score:1)
Which is why I tried OpenBSD. I found pf much easier than iptables, and it does NAT quite easily, too. A default install is secure. And the documentation in the FAQ is very helpful in getting your box configured.
Re:Sounds more like a DoS to me (Score:5, Informative)
In my expereience, when somebody's saying that `X is using up all my bandwidth', where `X' is things like virii, `hackers', ARP requests or something else, what that really means is that somebody doesn't really understand what's going on.
Most cable modems have a lot of downstream bandwith and not so much upstream bandwidth -- but even the upstream bandwidth is far far more than is used by a standard port scan where somebody hits all your ports to see if they're open.
And even that's unusual -- usually people seem to scan entire networks to see if one port is open, so a single scanner would only send a few packets at your box. It would take several thousand people hitting your box _at once_ like this to make things as bad as you make it sound.
Your box may actually be under attack (a DoS attack.) I get a lot of trouble like this when people want the nick I use on IRC -- they packet my box incessantly. I've got 5 Mb/s downstream on my cable modem, so as long as my packet filtering isn't responding to each packet, it takes a pretty signifigant attack to kick me off of IRC. But if my system does respond to every packet with packets of approximately the same size, an attack of about 0.3 Mb/s is enough to bring everything down to a crawl. It's all a matter of configuring my filters properly ...
Ultimately, what you should do is log all the packets being sent at your IP address with a tool like tcpdump, then send those logs to the abuse department of the ISP where they're coming from. If it's a DDoS attack, the odds are that the IPs are spoofed, but if it's really a portscan it's probably not (becuase they need to see the returning packets to see which ports are open.)
You could also contact Comcat and see if they could filter the traffic out, though I'd reserve that option for an attack that lasts days and doesn't give up, because if they're anything like RR, getting to somebody who can actually do that will be very difficult.
Another way of dealing with an attack is to turn off your cable modem long enough for your DHCP lease to expire, and then come back and get a new IP address, one that's hopefully not being attacked.
Re:Sounds more like a DoS to me (Score:1)
It is probably faster to get a new IP on cable by changing your MAC address than waiting for a DHCP lease to expire.
Re:Sounds more like a DoS to me (Score:3, Interesting)
Probably correct, though it's not always easy to do. Switching cards is easy enough, but it requires shutting down and opening up your computer. Some cards and/or OSs let you change the MAC address of a card on the fly, though it seems to be pretty rare.
Some cable modems will let you `reset' them by various means (holding down the rest button at power up, holding it down for a long
Re:Sounds more like a DoS to me (Score:3, Informative)
New mac addresses (Score:2)
Some cable companies use MAC address filtering as a way of stopping pirateing.
Write down your old mac address first. We got a new cable modem and they had to wait until there cisco guy got in before cox could get us back online once.
BTW: Don't things get routed by IP address once the cache (arp?) tables upstream get updated?
Re:Sounds more like a DoS to me (Score:1)
apt-get install macchanger
or
http://www.alobbs.com/macchanger [alobbs.com]
It'll allow you to change your mac adress
Re:Sounds more like a DoS to me (Score:3, Funny)
Hmm, I've never needed anything so fancy.
always did the job just fine.Re:Sounds more like a DoS to me (Score:2)
heheheheh, I'm so clever.
Re:Sounds more like a DoS to me (Score:3, Interesting)
I work for a cable provider in New Zealand. We have all been shown logs of a typical DoS attack and logs of typical filesharing and how to tell the difference. (We don't ban filesharing, but we do charge for extra traffic after a set amount (1GB, 5GB or 10GB depending on the plan)).
I'm not sure what our techies do about DoS attacks.
We don't ban running servers or any
Re:Sounds more like a DoS to me (Score:2)
Re:Sounds more like a DoS to me (Score:2)
Mere portscanning doesn't intentionally clog all bandwidth.
Mod that statement up!
Not true at all - I have a whopping great 24/1M ADSL plan and I constatnly achieve full speed (being only across the road from the phone exchange). If I portscan my mate with the Insane settings in Nmap he goes down for the count. I can flood him with enough traffic to saturate his 512k link for a couple of minutes.
If I didn't like my mate I could easily take him off the net by asking nmap to scan his IP addr
Re:Sounds more like a DoS to me (Score:2)
The only options I see useful in nmap for actually doing a DoS attack designed to suck up all of somebody's bandwidth are the `-D decoy1 [,decoy2][,ME],...' and the --data_length options.
I found the `Insane' setting -- it's not really about flooding a host, it's about assuming that the latency is almost zero, so a scan will happen
Re:Sounds more like a DoS to me (Score:3, Interesting)
found the `Insane' setting -- it's not really about flooding a host, it's about assuming that the latency is almost zero, so a scan will happen quickly.
That's true to an extent, except that the Insane setting generally does not wait for a reply to packets before sending the next. It lets you flood the host, and if their connection is slower than yours and you run it enough times they end up with quite a backlog of packets they need to download from their ISP.
My point was that it is possible to DoS s
Re:Sounds more like a DoS to me (Score:2)
At that point, I'd say you're DoSing him, and any port scanning would be the side effect. After all, the Insane option doesn't give the packets long enough to come back and probably does discard them once they come back, because they took too long. Also, if you're overloading his connection, some packets will be lost, making some po
Re:Sounds more like a DoS to me (Score:2)
Ideally you should send no reply at all to port scans.
Actually, that's not true. Sending no reply is as good as sending a reply. If my IP address was not routed by my ISP at any time (ie, I'm not online) then the ISP's router should send some kind of reply telling the scanner that my IP address is not reachable.
Sending no reply actually says "hey, I'm here but I am 1337 and trying to hide behind this transparent screen with a big flashing light and siren on my head".
True, sending a port closed
Re:Sounds more like a DoS to me (Score:2)
Re:Sounds more like a DoS to me (Score:1)
Re:Sounds more like a DoS to me (Score:4, Informative)
Blame Canad^H^H^H^H^HKorea! (Score:2)
One way of dealing with that problem is to block China and Korea [okean.com] altogether. All the l33+ h4x0r5 who try to password guess on my ssh daemons come from educational institutions in Korea. Block them at the border router, problem goes away!
Perfectly Normal (Score:1)
I'm sure someone could upload firmware to a router and set it up to port scan or other activity.
Answers. (Score:4, Funny)
Your best bet would be to detect the port scan (eg, >5 sequential connections from the same host, or >15 nonsequential ones) and nullroute it so they get no response at all.
Of course they can get around that, but if you're avoiding the common drones it doesnt matter.
Second off, its not an attack, its just trying to get more information on you. Calling it an attack makes it sound bad, which furthers scare away the masses(who then get to vote on this stuff). If your isp didnt limit your upstream so much you wouldn't even notice it. nmap running in standard mode doesnt use nearly as much packets or bandwidth as my isp flooding me with arp who-has packets to see whos on.
sidenote, be careful with whatever you do. Last time I found out a friend of mine ran a stupid windows firewall that would automaticly firewall anything that portscanned him, I spoofed a scan from his dns, then after I had fun watching him wonder why he couldnt resolve anything, I spoofed one from his gateway.
Automated dropping is dangerous.
Disable ICMP echo reply (Score:5, Insightful)
I've also set it up to drop incoming TCP requests for dead ports (actually, it blocks the outgoing connection refused packets). So if they scan ports that aren't open, they never get a single packet back.
Essentially, unless they're connecting to something I intentionally have open, they can't tell that my system exists.
Re:Disable ICMP echo reply (Score:2, Informative)
3.2.2.6 Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies.
Have a wonderful day.
Re:Disable ICMP echo reply (Score:2, Insightful)
3.2.2.6 Echo Request/Reply: RFC-792
Every host MUST implement an ICMP Echo server function that receives Echo Requests and sends corresponding Echo Replies
You know what? I don't give a good goddamn about RFC 1122. Our servers get pounded on every port that is open, every day, since forever. Cutting off ping reduces it dramatically. So, by violating th
Re:Disable ICMP echo reply (Score:2)
Um, so does microsoft.com... You don't want to be like them, do you?
drops still give information (Score:3, Interesting)
A drop will generally indicate:
1) firewalling
2) an inverse map - "I didn't get the ICMP 'dest. host unreachable', ergo something is there"
blocking that outbound ICMP message is possibly a mistake if you have public net resources.
As others pointed out, a drop vs. the icmp error slows the scan down nicely, though.
Re:drops still give information (Score:2)
The router will only send a dest host unreachable if it has an ACL that blocks the traffic or if its next hop in the routing table is unreachable.
Re:drops still give information (Score:3, Informative)
http://www.faqs.org/rfcs/rfc792.html [faqs.org]
"Gateways in these networks may send destination unreachable messages to the source host when the
destination host
Re:Disable ICMP echo reply (Score:2, Informative)
Linksys ADMIN password (Score:4, Interesting)
And you don't allow access to it from un-trusted machines (i.e., the Internet), right?
Otherwise, in theory, it could get pwned. It is running Linux and tools such as busybox.
DNS, DoS, and braaaains (Score:2)
You might also be the victim of a lame DoS attack. Participate in any flamewars recently? Send relevant portions of your incoming traffic logs to the respective ISPs for (in)action.
Another possible cause is one of the machines behind your firewall has been pwned and is now a spam zombie. Is your firewall blocking both incoming and outgoing?
portscanning != DoS (Score:2)
Switch to a Linux/UNIX firewall - DROP traffic (Score:3, Informative)
Rather than using a Broadband NAT router, set up a firewall running Linux, *BSD, or similar. This way, you can send "irrelevant" traffic (e.g. ICMP ping requests, or TCP/UDP packets to ports on which you do not provide services) to the bit bucket ("DROP" in the language of Linux IPTables).
This slows down port scanning of your machine (e.g. using "nmap") to near a grinding halt, and thereby reduces the bandwith consumed by such port scans to near zero.
It is not bulletproof - someone could still direct DoS attacks against you - but it would nearly eliminate the traffic caused by causal port scanning of your machine.
Re:Switch to a Linux/UNIX firewall - DROP traffic (Score:3, Insightful)
All NAT routers I've seen need to be specifically set up to forward traffic, unless you set up your computer in a DMZ. If you don't set them up that way, packets will simply be dropped.
There are other reasons to use a linux firewall, but not the ones you stated. Add to that that you'd requ
Re:Switch to a Linux/UNIX firewall - DROP traffic (Score:2)
or unless your router is listening to upnp traffic.
Re:Switch to a Linux/UNIX firewall - DROP traffic (Score:2)
In contrast, when you simply DROP incoming SYN requests in the bit bucket, the client has no way of knowing whether the response from your end is due to a net.lag
Comcast scans you (Score:1)
Funny story, in fact, they were scanning me and I didn't know who it was (all I had was an IP and very little knowledge about the internets) so I called them up and informed them that "such and such IP is attempting to haxor my boxor!
Cox did the same, but always from the same 2 IPs (Score:2)
These are not script-kiddies (Score:5, Insightful)
It's spammers. It's professional organized crime. I believe the majority of these port scanning and worm/virus propagation is going on by organized groups looking to take over peoples' computers for the purpose of finding new IP space from which they can send unsolicited e-mail. If there are any script kiddies, they are a fraction of a fraction of the percentage of the traffic.
My systems are constantly under probe attacks and port scans. The majority of these attacks originate from rogue IP space in China, Korea, and other areas that appear to be more liberal in doing business with the spammer organized crime contingent.
At this point, I don't see technology making much difference. This is a political and enforcement issue.
My advice is to contact your local District Attorney and demand that they start prosecuting computer tampering cases. We know these people are ultimately in the U.S. and can be caught even if they route from around the globe. We know they're breaking laws and can be prosecuted. We have laws in effect right now - we don't need more laws. We need enforcement and government authorities who WILL ENFORCE THE LAW AND STOP THESE PEOPLE. You can't count on ISPs to help since they profit from bandwidth consumption; you can't count on corporations to help, they are scared of any attempt to curtail cyber marketing of any sort. You must start on a local level and demand that the judicial and enforcement branches go after these criminals.
Re:These are not script-kiddies (Score:2, Insightful)
The honeynet people seem to think most of them are in eastern Europe. I am also fairly certain that there are a lot of them in China, though this is much harder to confirm. My best evidence is the enormous volume of Chinese-language spam, which I do not suppose would be authored by Americans or Europeans, mostly.
But anyway, we certainly do not *know* that they are all ultimately in the U.S. There are good solid reasons to believe otherwise. *Some* of
Re:These are not script-kiddies (Score:2)
Anonymous COWARD. You must be a spammer, and that's why you're so offended by my message. Why don't you show your identity?
There's plenty of stats and information to back up these claims. Most domestic spam is originating from compromised computers being used as unauthorized SMTP relays.
You want evidence? Check your e-mail you stupid moron. Look at the headers of the spam you receive. Notice how a significant chunk of it comes from comcast, v
Re:These are not script-kiddies (Score:2, Interesting)
> of the spam you receive. Notice how a significant chunk of it comes from
> comcast, verizon, cox cable, TDE, and other broadband IP space.
I haven't checked this in the last few months, so maybe it's changed, but the last time I did check, virtually 100% of the spam I get came from the APNIC block, and roughly 0% of it came from IP addresses with a corresponding PTR record in DNS for reverse lookup.
I think it depends some
Re:Err.... (Score:4, Informative)
You're wrong. And this isn't about spam. It's about computer tampering, which has been a crime since before the Internet. People who break into other peoples' computers and compromise them are breaking laws. (Port scanning may or may not be criminal, but it's the precursor to criminal activity) I'm just pointing out that the most significant group doing this are obviously the spammers. Anyone who is paying attention can see that, and they are clearly breaking the law. If you break in and take over someone else's computer, that's a felony.
Unfortunately, we probably won't see law enforcement do anything about it until a spammer accidently breaks into the computer that contains the formula for McDonald's special sauce.
Every state has laws like this:
Here's a list of computer crime laws by state [nsi.org]
Here's info on Federal computer crime laws [usdoj.gov]
Also see:
Tarpit... (Score:3, Informative)
Seriously, dump that Linksys or other SOHO box and spring for a small *nix-based machine. Personally, I use a slimmed-down Linux box running iptables. I also use the TARPIT target. The TARPIT target is designed to keep the connection open until it times out. This slows port scans and worms to a crawl. While it takes slightly more resources on the firewall machine itself, it doesn't eat up any more bandwidth than the port scan itself would, except that now the bandwidth is spread over a longer period of time. It also helps to block other packet types that can cause issues, such as ICMP echo. It is definitely not a good idea to block all ICMP traffic, though. Also, try setting up QoS or some other form of traffic shaping to give priority to your packets, specifically ACK packets, as this will improve responsiveness and will keep you from being locked out of your connection, even when under a high bandwidth load.
Re:Tarpit... (Score:5, Insightful)
as long as you do not need to do anything fancy, the simplified firewalls on consumer-level routers work fine. i have ICMP echo turned off, and a few well-know ports open for apps. no problems.
if this doesn't fix it for him, clearly this guy has some larger problem than port scanning. let's no mislead him.
How stealthy are your ports? (Score:2)
Make sure that you disable inbound http and ftp.
Re:How stealthy are your ports? (Score:2)
Unlikely (Score:4, Informative)
So the peak scan bandwidth of a really noisy nmap scan is about 100 kilobits per second, and you would have to have 23 simultaneous scans being performed in the absolute worse case scenario to max out your link. If your router's external interface was actually replying to these scans, you would notice problems at somewhere less than this, say, 20 simultaneous scans. The actual number of scans you could endure before noticing it is much, much higher than this, because I used -T5 to make nmap really noisy (not typical for k1ddi3s scanning), and I took the peak bandwidth instead of the average bandwidth for my calculations.
But I'm a Comcast customer and I don't see anywhere near that level of scanning. I see a few port scans a day, plus the usual worm remnants. Sometimes someone will get a bug up their ass and scan me repeatedly, but that's still just a few scans in a row. This is much, much lower than the 4 Mbit capacity of the throttled rx queue on my cable modem.
The other thing that makes scans an unlikely root cause of your connectivity problem is that Comcast's security department would certainly go after anyone who was scanning one of their customers that hard, and possibly install filters to keep from having to pay their transit suppliers for all that bandwidth.
The most likely explanation is that the problem is a simple misconfiguration, such as a misconfigured DNS setting or a P2P app running on your machine. The P2P apps in particular will cause intermittent problems loading web pages, which sounds like what you're experiencing.
Change your MAC address (Score:2)
Portscanning is not an attack. (Score:3, Insightful)
Don't confuse a portscan with a DOS attack. There is a difference, both in method and intent. Portscans are diagnostics or exploratory probes and are necessary for many benign purposes.
I have been a comcast customer for many years at several locations. Their service is unreliable; the internet is sometimes unreachable and like all the big-name ISPs they let worms that could easily be stopped run rampant in their network. Their DNS infrastructure is also well below par. Since they have a regional monopoly, it is not necessary for them to provide a clean feed, there simply is no competition in their market sector.
My comcast-connected systems are, like yours, portscanned constantly. So are my systems at work (where I have far less bandwidth in both directions) but I don't ever have connectivity problems on the non-comcast links.
Again, if it's really a portscan, it's not an attack. But let's say it's a DOS over multiple ports so it looks like a portscan... you can reverse-resolve the addresses, figure out Comcast's IP-to-physical location mapping (easier than it sounds) and go burn down those people's houses. Other than that, probably not. In theory, yes, absolutely. That's why you keep it up to date on patches and always change the default password. Here in the Real World [tm] you haven't supplied the type of router or patchlevel you are using so I can't go look it up on Google or astalavista. Some cable interface boxes are pretty secure due to hardware limitations, others make very good bots.
Finally... most people on comcast that have major problems are infected with viruses or worms, usually propagated by email. Those that are not are sometimes suffering from bad grounds - check that your cable system and the electrical outlets that feed your computer and televison systems are all properly grounded.
HTH, I'm off to dinner.
Use a good packet filter (Score:3, Informative)
See in a portscan, they send a SYN, and you send back an ACK... and back and forth. They try to connect to a port, your tcpip stack replies with a drop connection and the increment the port and repeat. The amount of data going in each direction is roughly equal when the ports are closed.
The amount of bandwidth you have is not symmetrical. The best ADSL can do is 4/.8 mbps for download/upload, and the best a docsis modem can do is similar. It is more likely that your upload bandwidth is chocked, since 4mbps of download bandwidth is plenty of room. Unless you have a 'lite' internet speed which is rediculously slow.
So a packet filter simply doesnt take the packet. No replies, either TCP or ICMP. That also means they will give up trying to keep their bandwidth efficient, and start portscanning another IP that actually replies. And since TCPIP is several back and forth packets to connect, you'll save on some download bandwidth, and you'll save ALL of your precious upload bandwidth.
Its even better if you have NO ports open at all from the outside, like ssh or http or smtp. That way intruders cannot know at all if you exist, and its just a waste to portscan all 4 billion IPs, all their TCP and UDP ports rather than just the IPs which actually reply.
My favorite packetfilter is OpenBSD for obvious reasons, they clearly had the best packet filter until recently. Now the competition is close, since everyone seems to be copying them. I dont have much experience with iptables and it confuses me, but it has a much greater install base, and commercial companies to back it.
I've tried the WRT56GX Linksys (latest wireless) router, and havent been impressed with its firewall options. I wonder if I can grab a linksys and replace the firmware with a much simpler OpenBSD embedded system (is there an Openbsd for ARM?). For serious outfits, I'd use OpenBSD on a pentium III-ish with two good nics and low power consumption for stability.
If it hasn't already been said... (Score:3, Interesting)
Chances are someone's pulling your bandwidth via WIFI or its creating some problem.
I haven't quite nailed it down yet but in the last few months both my personal network and a friend of mine's have been bogged down whenever the WiFi is turned on. I like to think I'm security savvy but I just started digging into it yesterday.
I'll reconfigure the netgear so it only accepts the MAC addresses I have but it's still quite annoying. I didn't broadcast the SSID and I used WEP/WPA but my surfing lags horribly whenever WiFi is turned on. Even in rural Idaho there be issues.
who'd thunk it?
Good luck!
DO NOT REACT TO PORTSCANS. (Score:2)
Re:One question... (Score:5, Funny)
Re:One question... (Score:2)
Re:My biggest fear... (Score:2)
but if you have to ask, your fears are justified
Re:My biggest fear... (Score:2)
if you cant type "livecd firewall" into a search engine what chance do you stand installing and maintaining many of them, hence my suggestion that if one needs to ask the question then one might not be prepared for the answer.
Yeah, I'm a fully representative of the Linux community please attribute anything I say that you don't like to the penguinistas! 7|\|>< 4|\||> 8y3
there's this guy.... (Score:1)
Never used it, just aware of it. Something like this?