coding heeeeelp

muchalucha · Post by **muchalucha** » Sun Aug 10, 2008 6:49 pm

I don't know how many people on this forum can help me with this but i need a batch file that runs hidden but detects if anyone is trying to ping my computer and runs another batch file if it does.
The second batch file determines whether it is a friendly ping or a dos attack.

Ive already written the second batch file but i need help on the first. I have searched the internet but so far to no avail. please help.
Tom

Post by **petec** » Mon Sep 01, 2008 8:44 pm

Tom, there are lots of port monitoring scripts and programmes on the internet which will detect whether you are being ping'd but in practise you will find you are being ping'd all the time. However, I'm more worried by your script to determine whether the ping is hostile - you cannot determine that as a ping itself cannot be hostile. If you could determine it, what would you do? You can't sling anything back worthwhile, and anyone sensible will be routing through multiple servers to cover their tracks....this is a big area you are getting into.

My advice....leave it alone and just make sure you have a good firewall set up properly.

muchalucha · Post by **muchalucha** » Thu Sep 04, 2008 10:40 am

Let me clarifly things a bit.
I have been the victim of several dos attacks and have a batch file which when run denies ping's over a certain size (6000 bytes) If the ping is under 6000 bytes however it lets it proceed.

These dos attacks are more than just a minor inconvinience they are really annoying as i am running 2 servers running 3 websites and a mail client (all apache). Not only is it taking down the websites but it is preventing me from using vnc to rectify the problem remotly and i can only do it manually on weekends.

Whats more confusing still is that the ip address of the "attacker" is 255.255.255.255 !!!

if it helps here is a little info about the servers. please let me know if there is anything i can do to stop this .

server 1
128 mb ram
733 mhz processer
windows xp
ip tomtestpage.no-ip.biz (yes im behind no ip

)
port 80

server 2
256 mb ram
1 ghz processer
ubuntu
xanox.no-ip.biz
port 8080

when i have built there rack mount cases and the racks to mount them on (there currently next to my desktop pc in the lounge

) i might consider a better fire wall butfor the time being the internet comes in through my desktop pc's e-net port and out through a usb to ethernet converter it then goes into my hacked, reflashed and "pimped" lol bt home hub(running open vms) for logging and further fire wall protection before it goes into my daisy chained servers.

bobblebot · Post by **bobblebot** » Thu Sep 04, 2008 11:12 am

I don't know if there is anything that can be done to stop the attacks, but I have also had a similar problem of 100,000s of hits every month over the last 6 months to my website. It was so bad at one stage it was over 70,000 hits a day.

I would also like to hear if there is a solution to this problem. Fortunately, my web server hasn't been affected badly by what I assume are attacks, but it is really screwing up my server logs and website analytics tools

muchalucha · Post by **muchalucha** » Thu Sep 04, 2008 5:36 pm

Well with 2 servers and a desktop pc on a 2mb ntl line my internet is going down frequently and my apache error logs and my bt home hub logs are bursting with errors and other joys for me to sort out.

Post by **petec** » Sun Sep 07, 2008 7:47 pm

I think you guys might need to look closer to home...suggest you may have a trojan on board, possibly you've been recruited to a botnet. Make sure all your security is up to date and then some (two firewalls is a good start).

Send me a log file by email if you like and I'll take a look for you, but normally 255.255.255.255 is only a self-return address....or an address mask.

muchalucha · Post by **muchalucha** » Wed Sep 10, 2008 7:56 pm

ill pm you the error logs on saturday but they havent been online for about a month so xanox.com and dombeckistan.com are now up for the buyin

</puppydogeyes>

josh · Post by **josh** » Wed Sep 10, 2008 8:19 pm

can i please just ask were on earth did u get those url names from

?

muchalucha · Post by **muchalucha** » Wed Sep 10, 2008 8:45 pm

good question LOLOL

.
xanox is the name of my debian based linux distibution (yes im xx (edited by admin to protect Tom)

)

dombeckistan is the name of my country (long story i might start a thread on it one day).
Its called dombeckistan because my friends at school youst to call me dom insted of tom

muchalucha · Post by **muchalucha** » Wed Feb 18, 2009 1:32 pm

oops...

(edited by admin to protect Tom)

what did i put i cant remember (pm me

), sorry a bit of a thread bump