[GRLUG] DoS Block on my local IP address

Michael Mol mikemol at gmail.com
Tue Dec 28 08:35:41 EST 2010


On Tue, Dec 28, 2010 at 8:01 AM, Eric Beversluis
<ebever at researchintegration.org> wrote:
> On 12/28/2010 7:57 AM, Ben Rousch wrote:
>>
>> On Tue, Dec 28, 2010 at 7:52 AM, Eric Beversluis
>> <ebever at researchintegration.org>  wrote:
>>
>>>
>>> Suddenly this morning my Linux box won't reach the internet, although LAN
>>> is
>>> working fine. When I look at the firewall log on my Belkin router, it
>>> shows
>>> a DoS block on the Linux box IP address. When I talk to Belkin support,
>>> they
>>> say that I need to change something in the Linux box to remove the block,
>>> not something in the Belkin wireless router.
>>>
>>> Does anyone know what would be causing this and what I need to do? (I was
>>> trying unsuccessfully to access the Linux box by terminal server client
>>> last
>>> night because of a monitor problem on the box. So I'm wondering if that
>>> may
>>> have triggered some response in the Linux box that I need to undo?)
>>>
>>
>> Is it possible that your ISP is blocking you so as to draw your
>> attention to a virus infection or nefarious activity emanating from
>> your network?
>>
>
> It's the private IP (192.168.2.3) that's showing blocked, and the Windows
> boxes are getting out to the network fine. I don't think there's any way for
> TimeWarner to block some of the boxes on my LAN but not others, is there?

Stupid question: Is your WAN IP outside the private IP range? Some
ISPs hand out RFC 1918 addresses instead of public ones.

If you know how, put a box between your Linux machine and your router,
take a look with Wireshark, and see if there's something odd there.
(Or load up Wireshark on the Linux box itself). Is your Linux box in a
DMZ, or are there services forwarded to it? Check to make sure it's
clean. Boot an Ubuntu live CD or some such on it, and see if the
router will let it get out.

Final thoughts: As far as I know, no common consumer router allows an
ISP to control it, so Time Warner should have no say here. Your router
should allow you to disable the DoS entry. If not, then you need a
better router.

-- 
:wq

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the grlug mailing list