Aces High Bulletin Board

Help and Support Forums => Technical Support => Topic started by: straffo on October 04, 2004, 03:37:34 PM

Title: Skuzzy caan you explain me this ?
Post by: straffo on October 04, 2004, 03:37:34 PM

[04/Oct/2004 21:44:29] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:44:46] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:45:20] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:46:20] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner
[04/Oct/2004 21:47:20] Rule 'TCP ack packet attack': Blocked: In TCP, alt.flyaceshigh.com [216.91.192.19:3002]->localhost:1486, Owner: no owner

Did I fubared the configuration of my firewall ?

Title: Skuzzy caan you explain me this ?
Post by: Skuzzy on October 04, 2004, 03:50:41 PM

That looks like a login for Aces High.  What were you doing when it happened?

Title: Skuzzy caan you explain me this ?
Post by: straffo on October 04, 2004, 03:54:48 PM

That's propably that , I had to shutdown my connection several time to get one IP not "eMule/Kaazaa"porked.

I'll clear the log an retry login in AH to check.

Title: Skuzzy caan you explain me this ?
Post by: straffo on October 04, 2004, 04:04:16 PM

Got the same message

[04/Oct/2004 23:06:16] Rule 'TCP ack packet attack': Blocked: In TCP, 216.91.187.39:2001->localhost:1620, Owner: no owner

But only after 3 login (sorry for the added stress on you server ;))

And btw I'm using a pretty old version of Kerio firewall.

isn't this just timed out packet ?
I'm thinking of this because it's an ack (for acknowledgement?) packet

Title: Skuzzy caan you explain me this ?
Post by: Skuzzy on October 04, 2004, 04:12:57 PM

Not sure why it is reporting an 'ack' attack.  For some reason the firewall appears to think it is something along the lines of a SYN attack.

Title: Skuzzy caan you explain me this ?
Post by: straffo on October 04, 2004, 04:17:47 PM

It's perhaps just a  bit paranoid :)

Btw which firewall as your preference for a user like me ?(I won't play Dr Frankenstein with an old PC to put a linux on it :))

I'm concidering changing but I don't know if I should get a modem/router with integrated firewall or a software FW ...

Title: Skuzzy caan you explain me this ?
Post by: Skuzzy on October 04, 2004, 04:30:40 PM

I cannot really make any recommendations straffo.  I do not care for any of them.  I run an external firewall I built.

Title: Skuzzy caan you explain me this ?
Post by: straffo on October 05, 2004, 07:24:22 AM

You built your own ?
Can I call you Dr Skuzzystein now  ? :)

Title: Skuzzy caan you explain me this ?
Post by: FOGOLD on October 05, 2004, 08:47:27 AM

Straffo

I use Trend Micro Internet security and with the firewall set to default internet browsing I've had no problems with AH or any other programme. My PC is invisible to Shields Up and I think you could do worse.

You're never completely safe of course.

The biggest hassle for firewall is tweaking it for LAN functionality.  Easiest way for that is to pull the plug out on the phone line!:D