Bryan D. Boyle
bdboyle at bdboyle.com
Thu Oct 9 08:56:20 EDT 2014
rule 1: if you are connected to the net, you WILL be probed. Period. There are no guarantees of access, throughput, or that a weakness in your system, as defined by the services you are exposing, will not be exploited if a vulnerability is found.
So, minimize the attack surface: shut off unnecessary inbound services, monitor your logs, configure any firewalls you may have correctly, keep your system patched, keep your application patched. Other than that, unless it's egregious, ongoing, and constant, your ISP is innundated with hundreds of complaints daily about this activity, so, they will typically, unless you're a commercial customer with a 4K monthly bill, put you at the bottom of the list for detailed investigation.
That's just for starters. All you can do is all the right things: minimize attack surface, keep patches current, monitor your logs for suspicious activity, adopt a stance regarding applications of 'that which is not expressly permitted is prohibited', and realize that, in the general scheme of things, amateur radio repeater linking is not a high priority, national security, launch code, or life safety (really) infrastructure.
And remember, it's not personal...on the part of the hackers...it's just business.
Bryan (doing this since 1990, CISSP holder)
Sent from my iPhone 5...No electrons were harmed in the sending of this message.
> On Oct 9, 2014, at 08:04, Lu Vencl <vencl at att.net> wrote:
> Anyone else been experiencing DOS attacks on their nodes? Been having issues with at least two of my nodes, and I know one other person as well.
> Symptoms to look out for are a sudden degradation in your internet service that your node is attached to, steady it very active internet light on your router if you have one, major breakup in communications, pings to public ip addresses results show major packet loss, can't get registered on Allstar.
> Just to name a few.
> Please contact me directly if you have encountered this issue.
> App_rpt-users mailing list
> App_rpt-users at ohnosec.org
> To unsubscribe from this list please visit http://ohnosec.org/cgi-bin/mailman/listinfo/app_rpt-users and scroll down to the bottom of the page. Enter your email address and press the "Unsubscribe or edit options button"
> You do not need a password to unsubscribe, you can do it via email confirmation. If you have trouble unsubscribing, please send a message to the list detailing the problem.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the App_rpt-users