Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I don't even have snmpd running. I was thinking that they could be some kind of malformed packets or something... but I don't really know how flexible the snmp protocol/packet is.
Maybe it was an attempted D.o.S.?
My disk activity was up untill the instant I brought down the interface, that's why I thought they might be on my system... I just can't figure out why the heck I was getting SOO many of those packets (there were a lot).
I'm running a lynksys router, and I've read about some vonerabilities on them with the SNMP protocol... I could be way off here though.
Thanks. It looks like I'm gonna have to play w/ the linksys a bit when I get some time. I know that I had disapled PnP...
I think that the disk activity was probably from klogd, I didn't have a BURST lilmit in my tables.
<Got attacked again last night>
Ok, so even if I let this come through the lynksys (which I hopefully won't), Is the DoS vunerability really a security issue with me? Am I wrong in assuming that DoS attacks only pose a threat to the attacked port? Or is it a threat to any port? What about if it's all caught by iptables?
Is the DoS vunerability really a security issue with me?
You can't classify the SNMP reporting/probing as a DoS unless it would severely bog down your connections. For classifying it as a threat to your Linksys and any boxen receiving SNMP you would need to first review the passwds, community strings etc etc.
Am I wrong in assuming that DoS attacks only pose a threat to the attacked port?
DoS stands for "Denial of Service" and it can mean different things from someone being able to clog up your network connections or bogging down the box with processess to being able to make the box do things you didn't authorize.
There's some links in the first sticky thread of this forum post #2 about DoS and DDoS, I suggest you read 'em.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.