coding heeeeelp
Moderators: BeligerAnt, petec, administrator
-
- Posts: 339
- Joined: Sat Oct 20, 2007 7:20 pm
- Location: worthing/ west Sussex
coding heeeeelp
I don't know how many people on this forum can help me with this but i need a batch file that runs hidden but detects if anyone is trying to ping my computer and runs another batch file if it does.
The second batch file determines whether it is a friendly ping or a dos attack.
Ive already written the second batch file but i need help on the first. I have searched the internet but so far to no avail. please help.
Tom
The second batch file determines whether it is a friendly ping or a dos attack.
Ive already written the second batch file but i need help on the first. I have searched the internet but so far to no avail. please help.
Tom
Fight or flight ... ?
...suicide
...suicide
Tom, there are lots of port monitoring scripts and programmes on the internet which will detect whether you are being ping'd but in practise you will find you are being ping'd all the time. However, I'm more worried by your script to determine whether the ping is hostile - you cannot determine that as a ping itself cannot be hostile. If you could determine it, what would you do? You can't sling anything back worthwhile, and anyone sensible will be routing through multiple servers to cover their tracks....this is a big area you are getting into.
My advice....leave it alone and just make sure you have a good firewall set up properly.
My advice....leave it alone and just make sure you have a good firewall set up properly.
------------
RobotWars101.org
RobotWars101.co.uk
Antweights.com
Antweights.co.uk
AntweightWorldSeries.com
RobotWars101.org
RobotWars101.co.uk
Antweights.com
Antweights.co.uk
AntweightWorldSeries.com
-
- Posts: 339
- Joined: Sat Oct 20, 2007 7:20 pm
- Location: worthing/ west Sussex
Let me clarifly things a bit.
I have been the victim of several dos attacks and have a batch file which when run denies ping's over a certain size (6000 bytes) If the ping is under 6000 bytes however it lets it proceed.
These dos attacks are more than just a minor inconvinience they are really annoying as i am running 2 servers running 3 websites and a mail client (all apache). Not only is it taking down the websites but it is preventing me from using vnc to rectify the problem remotly and i can only do it manually on weekends.
Whats more confusing still is that the ip address of the "attacker" is 255.255.255.255 !!!
if it helps here is a little info about the servers. please let me know if there is anything i can do to stop this .
server 1
128 mb ram
733 mhz processer
windows xp
ip tomtestpage.no-ip.biz (yes im behind no ip )
port 80
server 2
256 mb ram
1 ghz processer
ubuntu
xanox.no-ip.biz
port 8080
when i have built there rack mount cases and the racks to mount them on (there currently next to my desktop pc in the lounge ) i might consider a better fire wall butfor the time being the internet comes in through my desktop pc's e-net port and out through a usb to ethernet converter it then goes into my hacked, reflashed and "pimped" lol bt home hub(running open vms) for logging and further fire wall protection before it goes into my daisy chained servers.
I have been the victim of several dos attacks and have a batch file which when run denies ping's over a certain size (6000 bytes) If the ping is under 6000 bytes however it lets it proceed.
These dos attacks are more than just a minor inconvinience they are really annoying as i am running 2 servers running 3 websites and a mail client (all apache). Not only is it taking down the websites but it is preventing me from using vnc to rectify the problem remotly and i can only do it manually on weekends.
Whats more confusing still is that the ip address of the "attacker" is 255.255.255.255 !!!
if it helps here is a little info about the servers. please let me know if there is anything i can do to stop this .
server 1
128 mb ram
733 mhz processer
windows xp
ip tomtestpage.no-ip.biz (yes im behind no ip )
port 80
server 2
256 mb ram
1 ghz processer
ubuntu
xanox.no-ip.biz
port 8080
when i have built there rack mount cases and the racks to mount them on (there currently next to my desktop pc in the lounge ) i might consider a better fire wall butfor the time being the internet comes in through my desktop pc's e-net port and out through a usb to ethernet converter it then goes into my hacked, reflashed and "pimped" lol bt home hub(running open vms) for logging and further fire wall protection before it goes into my daisy chained servers.
Fight or flight ... ?
...suicide
...suicide
I don't know if there is anything that can be done to stop the attacks, but I have also had a similar problem of 100,000s of hits every month over the last 6 months to my website. It was so bad at one stage it was over 70,000 hits a day.
I would also like to hear if there is a solution to this problem. Fortunately, my web server hasn't been affected badly by what I assume are attacks, but it is really screwing up my server logs and website analytics tools
I would also like to hear if there is a solution to this problem. Fortunately, my web server hasn't been affected badly by what I assume are attacks, but it is really screwing up my server logs and website analytics tools
Mike - Bobblebot.co.uk
-
- Posts: 339
- Joined: Sat Oct 20, 2007 7:20 pm
- Location: worthing/ west Sussex
I think you guys might need to look closer to home...suggest you may have a trojan on board, possibly you've been recruited to a botnet. Make sure all your security is up to date and then some (two firewalls is a good start).
Send me a log file by email if you like and I'll take a look for you, but normally 255.255.255.255 is only a self-return address....or an address mask.
Send me a log file by email if you like and I'll take a look for you, but normally 255.255.255.255 is only a self-return address....or an address mask.
------------
RobotWars101.org
RobotWars101.co.uk
Antweights.com
Antweights.co.uk
AntweightWorldSeries.com
RobotWars101.org
RobotWars101.co.uk
Antweights.com
Antweights.co.uk
AntweightWorldSeries.com
-
- Posts: 339
- Joined: Sat Oct 20, 2007 7:20 pm
- Location: worthing/ west Sussex
can i please just ask were on earth did u get those url names from ?
RPD International
www.RPDintl.com
www.RPDintl.com
-
- Posts: 339
- Joined: Sat Oct 20, 2007 7:20 pm
- Location: worthing/ west Sussex
good question LOLOL .
xanox is the name of my debian based linux distibution (yes im xx (edited by admin to protect Tom) )
dombeckistan is the name of my country (long story i might start a thread on it one day).
Its called dombeckistan because my friends at school youst to call me dom insted of tom
xanox is the name of my debian based linux distibution (yes im xx (edited by admin to protect Tom) )
dombeckistan is the name of my country (long story i might start a thread on it one day).
Its called dombeckistan because my friends at school youst to call me dom insted of tom
Fight or flight ... ?
...suicide
...suicide
-
- Posts: 339
- Joined: Sat Oct 20, 2007 7:20 pm
- Location: worthing/ west Sussex