[Linux] what could be killing my linux router?

Michael Beal linux@flux.org
Sun, 17 Jun 2007 17:40:06 -0700 (PDT) 

Seems your router isn't the only one that gets knocked down.  I've got
a Belkin Wireless thing that gets knocked down routinely about every 3
weeks.  A simple reset brings it back.  Must be the hackers
sweepin'-n-probin' to find a weakling...




--- Terry Richards <sn00per1@bellsouth.net> wrote:

> Phil Smith wrote:
> 
> >Terry Richards wrote:
> >
> >  
> >
> >>how do i find out when<exact time> the connection
> >>    
> >>
> >goes off and what 
> >triggers the disconnection?
> >
> >Terry,
> >
> >I was making an assumption that your older machine
> >might be running outdated software leading to
> >eventual, successful attacks.  Debian based systems
> >have a /var/log/auth.log where failed SSH logins from
> >China, Italy, etc. are stored, listing the attempted
> >userid.  Perhaps Gentoo stores this in another file or
> >logging  has to be activated.  
> >
> >I'd look for whatever files you do have in /var/log:
> >syslog, kern.log, messages, etc., especially looking
> >for a TCP window shrinkage issue that show up logged
> >as "Treason uncloaked" that is a kernel vulnerability
> >for which no real fix exists yet, mainly because some
> >are still arguing whether the existing kernel code
> >works "well enough" or not, even when confronted with
> >system crash reports.
> >  
> >
> 
> i think i found it.
> 
> faillog -u root
> |faillog -a|
> both turn up only 8 failed login attempts.
> 
> grep "authentication failure" /var/log/messages|awk '{ print $13 }' |
> cut -b7- | sort | uniq -c
>       6 192.168.0.102
> sysipus terry # faillog -u root
> Login       Failures Maximum Latest                   On
> root            8        0   05/16/07 11:03:12 -0400
> sysipus terry # faillog -a
> Login       Failures Maximum Latest                   On
> root            8        0   05/16/07 11:03:12 -0400
> sysipus terry # grep "Treason uncloaked" /var/log/messages|awk '{
> print
> $13 }' | cut -b7- | sort | uniq -c
> 
> 
> >You didn't state your ISP.  I recently had problems
> >with a Bellsouth DSL 6 upgrade, they shipped a very
> >low quality "Westell WindRiver" DSL modem that lost
> >connectivity at the slightest rumble of thunder (18
> >times in one hour!), and the Cat 5 patch cable they
> >provided failed a continuity test.  I've reverted to
> >the older Westell DSL 3 modem for now and in the
> >future, the new AT&T will not be providing me any more
> >"hardware", apparently you can buy your own DSL modem.
> >
> >Most DSL modems seem to require a complete power-down
> >reset at least every few months for reliable
> >operation.
> >
> >  
> >
> 
> i'm leaning towards the thunderbolts now. the other day my tv went
> out
> for a few seconds and i am on an antennea! it was pretty cool. the
> power
> grid i am on is famous for brown outs and i have a power ups on the
> 'puters. BUT if they went down for 20 minutes while i am outside,
> they
> wouldn't have the uptimes they do. . . hmmm. might still be something
> to
> do with static<thunder> bringing down the link, i guess i should run
> the
> tele-line through the ups too. - 'bout time i did that.
> 
> >You could also be having an issue with DHCP leases
> >expiring from your ISP and the Linux DHCP not agreeing
> >with a Windows-based ISP's idea on DHCP license
> >renewal.  This would be expected to happen
> >consistently after a certain number of hours of
> >operation after acquiring a license.
> >
> 
> it has been pretty consistant for over a year now, i have a static ip
> so
> that one is prolly off the table.
> 
> >  
> >
> >You can probably find or write a tool to monitor the
> >connection, for example, ping google.com once every 5
> >minutes and log if ping was successful.  In some
> >cases, this keeps connections alive that drop perhaps
> >because of some ISP inactivity policy.
> >  
> >
> 
> i was thinking that was _the way_ to find out when or nearabouts when
> it
> comes off-line
> 
> >To diagnose a connection, you determine:
> >1) can you ping the default gateway at the ISP by ip
> >address?
> >2) can you ping anything more distant by ip address?
> >3) can you ping anything by name, to determine if
> >DNS/remote DNS servers are reachable.working.  
> >
> >Many times I can ping by IP address but not name,
> >there is a tool called 'dig' to figure out where the
> >DNS failure is:
> >
> >dig @192.168.1.254 google.com # DSL modem
> >dig @4.2.2.1 google.com    # verizon DNS
> >
> >Phil
> >
> >
> >
> >  
> >
> thanx for the tips on how to find if i am connected or not. i'll just
> have to wait for some action or in this case non-action
> in the mean time i found gentoo has denyhosts and swatch as well
> which
> may help with avoiding a brute force attack
> 
> 
> :-)^2
> 
> 
> _______________________________________________
> Linux mailing list
> Linux@flux.org
> http://www.flux.org/mailman/listinfo/linux
> 



       
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more. 
http://mobile.yahoo.com/go?refer=1GNXIC