User profile for user: §•§
§•§ Author
User level: Level 1
8 points

DOS attacks!

I recently looked at my router logs and and was alarmed to see tons of these:
{[DOS attack: STORM] attack packets in last 20 sec from ip [(my ip address)], Friday, Jan 30,2009 19:19:18}
and these {[DHCP IP: (my ip address)] to MAC address 00:0D:93:56:A6:2A, Sunday, Feb 01,2009 09:21:32.}
How concerned should I be? Is my computer infected by some kind malware? How can I stop this? Anti-Virus/malware software? Both messages (DHCP IP and the DOS Attack) come up my router log about every couple minutes.

Message was edited by: §•§

Message was edited by: §•§

Message was edited by: §•§

Power Mac G5 Dual 1.8 GHz, Mac OS X (10.3.x)

Posted on Feb 1, 2009 10:28 AM

Reply
5 replies
User profile for user: The hatter
The hatter
User level: Level 9
61,031 points

Feb 1, 2009 12:39 PM in response to §•§

It tells me that you are using your router properly. Without knowing whether you run a server, or how/why your IP address is getting hit, I found using torrents really publishes your IP address and is used to harvest valid IP addresses of people often using high speed broadband.

I have mine set to immediately email if it receive a certain level. It is impossible not to and if you didn't see any either your router or firewall isn't performing its job, or isn't logging.

http://en.wikipedia.org/wiki/DDoS#Distributed_attack
Reply
User profile for user: The hatter
The hatter
User level: Level 9
61,031 points

Feb 1, 2009 1:46 PM in response to §•§

multiple compromised systems flood the bandwidth or resources of a targeted system, usually one or more web servers.


Check CERT and some of the other top level results:
http://www.google.com/search?hl=en&q=denialof+service&aq=0&oq=Denial+of

If it was YOU doing the DOS attack, outbound, but it isn't, it is inbound from the hordes of botnets. No where did Wiki say the target system (yours) is infected. My guess is the only thing it can do to OS X systems is make it next to impossible to do anything else, which is what happens.

All you can do is harden your router, block the source at the time (for which NetBarrier would work) or a "smart" router (mine I don't know if it puts an IP into a 30 minute "penalty" block list, but it might).

The best tool I can think of is the demo of Intego VirusBarrier and NetBarrier.

Security Threats:

Discovered: January 27, 2009
Updated: January 27, 2009 7:51:16 PM
Also Known As: OSX/iWorkS-B [Sophos], OSX/IWService.b [McAfee]
Type: Trojan
Infection Length: 413,604 bytes

OSX.Iservice.B is a Trojan horse that runs on Mac OS X and opens a back door on the compromised computer.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-012620 -2836-99
Reply
User profile for user: §•§
§•§ Author
User level: Level 1
8 points

Feb 1, 2009 1:57 PM in response to The hatter

So my internet/computer should be running really slowly? I was confused when you said my computer shouldnt be able to do anything else? My system doesn't seem to be affected that much by the DOS attacks? So I should buy net/virus barrier or norton antivirus? For the last part of your message are you saying I have a trojan on my computer, and that is the main cause? How do I block the source on my router when it only lists my ip address?
Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

DOS attacks!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up