What kind of an attack is this ?

[TheFu]

The short answer is that it probably is NOT an attack at all.

[bashiergui]

I wanted to know when I see ufw blocking a UDP packet what does that mean.


What kind of an attack is that ?


I guess its not that easy. May one needs to be a hacker to know that.

You just need to put the packet into context. You're trying to extract a novel from a sentence. If you really want to figure out what it is, then capture packets and get the whole picture. What other packets come from that IP? What were you doing at the time?

A blocked packet doesn't necessarily indicate an attack. It blocks lost and misdirected packets. And there are plenty of routine scanning of the internet by malicious and benign people constantly. If you have gotten a new DHCP IP address recently, the packet could be coming from someone trying to communicate with whomever had your IP before you. The possibilities are endless, hence you have to get more data to come to any meaningful conclusion.

[linuxyogi]

What other packets come from that IP? What were you doing at the time?

I saw multiple entries of only UDP coming from that IP. I was browsing the web with Firefox.

A blocked packet doesn't necessarily indicate an attack. It blocks lost and misdirected packets. And there are plenty of routine scanning of the internet by malicious and benign people constantly.

When I was not using a router I had configured psad but surprisingly didn't receive a single Email about my IP getting scanned.

If you have gotten a new DHCP IP address recently, the packet could be coming from someone trying to communicate with whomever had your IP before you. The possibilities are endless, hence you have to get more data to come to any meaningful conclusion.

You used the word communicate. This is exactly what I want to know, that is methods do they use ? So that I can counter that.

Problem is I have never seen packets coming from the same IP once my global IP changes it becomes very difficult.
If I learn how to analyze the network I will have to it within that session.

[SeijiSensei]

It seems like dd-wrt has no support for my router Dlink Dir 600 L

Or, more accurately, D-Link chooses not to design its routers to work with open firmware.

[linuxyogi]

Or, more accurately, D-Link chooses not to design its routers to work with open firmware.

Which brand is open firmware friendly ? I will choose that next time.

[vasa1]

From the little I read, Netgear has a good rep in this regard. Nice to see what others will suggest.

[linuxyogi]

From the little I read, Netgear has a good rep in this regard. Nice to see what others will suggest.

I was planning to buy Netgear but I guess its unlikely that people will suggest Netgear. See this post from one of my other threads.

[vasa1]

I was planning to buy Netgear but I guess its unlikely that people will suggest Netgear. See this post from one of my other threads.

Came across this: Ask HN: Best current model routers for OpenWRT, DD-WRT, Tomato, etc.?. It's about a year old but may give you some pointers.

[linuxyogi]

Came across this: Ask HN: Best current model routers for OpenWRT, DD-WRT, Tomato, etc.?. It's about a year old but may give you some pointers.

So its Ubiquiti and the Linksys WRT54Gx series. I don't think Ubiquiti routers are available in India. I

searched on both Flipkart and Ebay.

[SeijiSensei]

See my post here with a link to an article on routers available in India: http://ubuntuforums.org/showthread.p...9#post13000869.