Re: Somebody is being a little too intrusive...

Don't know about all that (details beyond me), but, I suppose you are behind a router? Lots of folks get their DSL modem (from their ISP), but it really needs to be a modem/router combo (as Earthlink provides), or put a router in series with the DSL modem. A router doesn't solve everything, but darned near so.

Re: Somebody is being a little too intrusive...

Yes, I use the modem/router combo you suggested; this is just kinda strange. Somebody from the same IP address (192.168.1.254) was attempting to access both my laptop and desktop, which use 2 different IP addresses I have Firestarter installed just to be alerted in case of such activity, and am glad I did.

I almost made a not-so-smart decision . . . I was listening to an internet radio station when all this started; it began skipping and losing connection as soon as whoever the IP address owner is began hitting my firewall. I started to allow the connection thinking for some reason IPTables was blocking the stream (probably because I was too tired to think straight), but happened to look over at my desktop and saw the same IP address was attempting to access it as well (oops!). I finished the work I was doing on my laptop and went to bed, thinking it was just a stray occurrence; then, today about 12:40, the dude hit my desktop again, and I decided it was time to change my ID :P

Do you think it was just a fluke? Or do you think I should do anything else to secure my PC?

Re: Somebody is being a little too intrusive...

Re: Somebody is being a little too intrusive...

IANA -- if that's the case, I think that's OK, isn't it? That's legitimate.
I'm not set up (yet) in Kubuntu like I was in XP to catch, chase, track, id, etc., all these, but I used to get many, many IANA knocks on the door. Better get a network specialist to chime in here, but I think you're ok.

DSL reports are good, too (the forum & docs):
here's Earthlink, but you can also find the other ISPs there close by:
http://www.dslreports.com/forum/earthlink

Re: Somebody is being a little too intrusive...

192.168.x.whatever is your home LAN. Routers use a fixed "x" value (usually 0, sometimes 1 or 2, in your case 1) and distribute the 255 possibilities of "whatever" to dhcp clients. The 192.168.x.255 is reserved for something (broadcast IIRC), and the rest are used for computers connected to it.

So the connection attempt came from inside your home network, meaning the attacker is already connected to your router.

Re: Somebody is being a little too intrusive...

Most likely 192.168.1.254 is your router's address. As mentioned address range 192.168.0.0-192.168.255.255 is reserved for LAN use and aren't "real" internet addresses.

Check your router's configuration. (Theoretically 192.168.1.254 could be a wireless client connected to your (open) wireless network if you have one).

Maybe your router is broadcasting on the network, port 53 seems to suggest some sort of DNS traffic.

Re: Somebody is being a little too intrusive...

192.168.1.254 is the default IP for more than one router brand, I am using a billion and that is it's default.

if you open http://192.168.1.254 in a web browser it will probably ask you to log in

Cheers

Reuben

Re: Somebody is being a little too intrusive...

Are you running a wireless network? Pings are very common nowadays, Roadrunner is crazy with them, especially with more and more people getting high speed internet.

I recently read an article which stated that most computers connected via high speed access experience between 200 and 20,000 harmless hits a day.

Most are nothing to worry about. If you are getting hits from your own LAN, it could be as simple as a Windows machine pinging local addresses to update the workgroup list. If you dont have any Windows machines or you have wireless, more investigation is warranted. You could even change your wireless key just to be safe.

Just a side note because I'm way to chatty today .....

I chuckle when I see on a tv show that a computer gets hacked or they trace an IP which always seems to be a 127.0.0.1 or 192.168.0.1 address. A lot of people wont catch that, but they're local addresses for a LAN and would never come from the internet. Keep in mind, those are cabled computers in the shows. Wireless can open up a whole new case of issues if someone gets your SSID and key codes. Then they can hit you from inside. Again, if you have a cabled LAN, don't worry about it.

Re: Somebody is being a little too intrusive...

That makes since; I do have a Windows machine connected to the router, but I haven't configured any kind of network. As far as wireless goes, I'm currently connected to DSL via ethernet, but am planning on upgrading to wireless very soon. So do y'all think I'm OK then?

Re: Somebody is being a little too intrusive...

You should very well be ok. You may want to check just for the sake of it that no one has plugged into your router you don't know, but that's highly doubtful without you noticing I'd assume.
It is, however, always a good idea to have a firewall setup, which most routers come with just for safety's sake.

I should mention, a fair share of routers setup can be accessed by typing http://192.168.0.1 or http://192.168.1.1 into your browser.

If everyone lived by WWJD, no one would hack someone else's system. Just a thought. :-)

Re: Somebody is being a little too intrusive...

Cool then! Thanks for the tips, all of you