Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    Joined
    Jan 2002
    Age
    45
    Posts
    105

    Twinge Attack Dectect....

    Hi,

    I´m having in my router (DI-624) the following message since 2 weeks ago. Somebody is trying to hack my wireless network and I think that I have I nice configuration to protect it.

    Passphrase (18 characters with letters and numbers)
    WPA/TKIP
    MAC Filtering


    Time Message Source Destination Note

    Sep/11/2006 22:19:31 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 22:19:30 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 21:59:13 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 21:59:11 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 21:39:20 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 21:39:19 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 21:18:08 TWINGE ATTACK Detect Packet Dropped
    Sep/11/2006 21:18:07 TWINGE ATTACK Detect Packet Dropped

    Any additional suggestion?

    Thanks.
    Last edited by Fermo; 09-11-2006 at 10:20 PM.
    MB: A7N8X-X (BIOS 1010)
    Processor: 3000XP Athlon (FSB 333)
    MEM: 2 GBytes PC3200 DDR400 (200 MHZ)
    PROMISE 2CH SATA 3GB 32BIT 66MHZ PCI ( FASTTRAK TX2300 )
    HD: RAID 1 2x250 WD RE WD2500YS
    Video: E-VGA 6800 128mb NU (325/700) (Driver 97.32)
    DVD±RW LITE-ON 20X Super Allwrite
    DVD±RW LITE-ON 16X
    Flat Panel NEC 1760NX
    PSU: Thermaltake XP550 430W (W0084)

  2. #2
    Joined
    Mar 2003
    Posts
    1,174

    Re: Twinge Attack Dectect....


  3. #3
    Joined
    Jan 2002
    Age
    45
    Posts
    105

    Re: Twinge Attack Dectect....

    I have the same settings that you have in your link.

    "Discard PING from WAN side" Disabled
    Last edited by Fermo; 09-11-2006 at 11:56 PM.
    MB: A7N8X-X (BIOS 1010)
    Processor: 3000XP Athlon (FSB 333)
    MEM: 2 GBytes PC3200 DDR400 (200 MHZ)
    PROMISE 2CH SATA 3GB 32BIT 66MHZ PCI ( FASTTRAK TX2300 )
    HD: RAID 1 2x250 WD RE WD2500YS
    Video: E-VGA 6800 128mb NU (325/700) (Driver 97.32)
    DVD±RW LITE-ON 20X Super Allwrite
    DVD±RW LITE-ON 16X
    Flat Panel NEC 1760NX
    PSU: Thermaltake XP550 430W (W0084)

  4. #4
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,105

    Re: Twinge Attack Dectect....

    Quote Originally Posted by Fermo
    I have the same settings that you have in your link.

    "Discard PING from WAN side" Disabled
    If that is disabled, your network shows up when the network address is scanned. You will want to set that RULE to disabled ENABLED so that pings are dropped. That way your network will not be visible.

    Edit edit edit.
    Last edited by Senor Panadero; 09-12-2006 at 01:34 AM.

  5. #5
    Joined
    Mar 2003
    Posts
    1,174

    Re: Twinge Attack Dectect....

    Quote Originally Posted by Senor Panadero
    If that is disabled, your network shows up when the network address is scanned. You will want to set that to disabled unless you have a specific reason not to.
    Is it me .. or .. did you just tell him to leave it disabled? He needs to enable it I believe...

    He could test it himself to determine which one he needs but I am sure he needs to enable it

    Discard PING from WAN side O Enabled O Disabled

    Interesting attack--- FYI : Info taken from page no longer exists:

    TWINGE
    The Twinge program sends a large number of false ICMP control messages very rapidly to a system. This usually results in performance degradation, and may cause the attacked system to crash. This spoofed attack, utilizes all types of ICMP packets with random IP source addresses.
    Affected systems: Win 95,98,NT
    Last edited by Yeah; 09-12-2006 at 01:48 AM. Reason: added

  6. #6
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,105

    Re: Twinge Attack Dectect....

    Quote Originally Posted by Yeah
    Is it me .. or .. did you just tell him to leave it disabled? He needs to enable it I believe...

    He could test it himself to determine which one he needs but I am sure he needs to enable it

    Discard PING from WAN side O Enabled O Disabled
    Dang router terms are always non-intuitive. No, I think we are on the same page.

    He needs to enable the rule which is "Discard pings to the WAN side". He has it disabled "just like in the pic". It is disabled in the pic. In the pic it is shown allowing pings, which he doesn't want. Maybe that is why that bot is hanging on his IP and not going away.

    Edit: Oh, I see, my post was messed up, OK hang on, I'll fix.

  7. #7
    Joined
    Jan 2002
    Age
    45
    Posts
    105

    Re: Twinge Attack Dectect....

    Hi,

    I still having the same problem. I set "Discard PING from WAN side" enable but I still having this fu.... guy trying to hack my network.


    Sep/12/2006 08:18:38 TWINGE ATTACK Detect Packet Dropped



    Any additional suggestion?

    Thanks.
    MB: A7N8X-X (BIOS 1010)
    Processor: 3000XP Athlon (FSB 333)
    MEM: 2 GBytes PC3200 DDR400 (200 MHZ)
    PROMISE 2CH SATA 3GB 32BIT 66MHZ PCI ( FASTTRAK TX2300 )
    HD: RAID 1 2x250 WD RE WD2500YS
    Video: E-VGA 6800 128mb NU (325/700) (Driver 97.32)
    DVD±RW LITE-ON 20X Super Allwrite
    DVD±RW LITE-ON 16X
    Flat Panel NEC 1760NX
    PSU: Thermaltake XP550 430W (W0084)

  8. #8
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Twinge Attack Dectect....

    As your logs show only 2 packets every 20mins, it looks like your firewall is correctly handling it and is logging it for your information. Doesn't look like your service would be degraded as a result.

    Once you've disabled pings, it may take a while for the attacks to stop as the attacker now has your IP. Once he reboots his machine, his bot (or whatever he's using to attack) will probably lose your IP and they'll stop, but obviously this could take a while.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  9. #9
    Joined
    Jan 2002
    Age
    45
    Posts
    105

    Re: Twinge Attack Dectect....

    Thanks,

    But if I change my IP from my router (192.168.0.1) to a new one, can I finish with it?

    Thanks again.
    MB: A7N8X-X (BIOS 1010)
    Processor: 3000XP Athlon (FSB 333)
    MEM: 2 GBytes PC3200 DDR400 (200 MHZ)
    PROMISE 2CH SATA 3GB 32BIT 66MHZ PCI ( FASTTRAK TX2300 )
    HD: RAID 1 2x250 WD RE WD2500YS
    Video: E-VGA 6800 128mb NU (325/700) (Driver 97.32)
    DVD±RW LITE-ON 20X Super Allwrite
    DVD±RW LITE-ON 16X
    Flat Panel NEC 1760NX
    PSU: Thermaltake XP550 430W (W0084)

  10. #10
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Twinge Attack Dectect....

    Quote Originally Posted by Fermo
    Thanks,

    But if I change my IP from my router (192.168.0.1) to a new one, can I finish with it?

    Thanks again.
    No, it's your external (WAN side, public) IP that's being attacked. Only your ISP can change that.

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  11. #11
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,105

    Re: Twinge Attack Dectect....

    Quote Originally Posted by Fermo
    Hi,

    I still having the same problem. I set "Discard PING from WAN side" enable but I still having this fu.... guy trying to hack my network.

    Any additional suggestion?

    Thanks.
    For one thing, try not to look at it as a person attacking you, there is not some guy sitting over there on the other side zeroed in on you. it is a thing. It is just a program out their running, probably on some innocent grandma's infected PC. Don't take it personally.

    Don't worry about things in the logs too much. You are always going to have attack attempts. For as long as you keep the router on, if you have the log running, it will be full of attack attempts.

  12. #12
    Joined
    Jul 2001
    Location
    UK
    Age
    46
    Posts
    20,230

    Re: Twinge Attack Dectect....

    ^^ Yes, Senor Panadero explained that far better than I did

    ~ Want to try Linux - check out the PC Perspective Linux FAQ ~
    ~ Please take some time to read the Forum Rules ~
    ~ Feed the spamb0tz, don't mail me here: B7Trz4568254@nirvana.admins.ws ~


  13. #13
    Joined
    Jan 2002
    Age
    45
    Posts
    105

    Re: Twinge Attack Dectect....

    Ok!


    Thanks a lot for your suggestions.
    MB: A7N8X-X (BIOS 1010)
    Processor: 3000XP Athlon (FSB 333)
    MEM: 2 GBytes PC3200 DDR400 (200 MHZ)
    PROMISE 2CH SATA 3GB 32BIT 66MHZ PCI ( FASTTRAK TX2300 )
    HD: RAID 1 2x250 WD RE WD2500YS
    Video: E-VGA 6800 128mb NU (325/700) (Driver 97.32)
    DVD±RW LITE-ON 20X Super Allwrite
    DVD±RW LITE-ON 16X
    Flat Panel NEC 1760NX
    PSU: Thermaltake XP550 430W (W0084)

  14. #14
    Joined
    Dec 2007
    Posts
    2

    Re: Twinge Attack Dectect....

    i am having the same problem only a little more severe.

    this is copied from my dlink di-524 router log file. dont worry about the date bc when i restart the router, it resets it.

    Apr/01/2002 03:13:50 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:13:08 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:12:27 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:11:42 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:11:00 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:10:18 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:09:36 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:08:54 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:08:12 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:07:30 TWINGE ATTACK Detect Packet Dropped


    now there are 3 computers on the network. my moms (desktop) my brothers laptop and mine. i reset the passkey and checked them one at a time. i get the logs whenever i connect my laptop to the router. what do i do now bc i dont have any virus/malware on my comp. i have avast 7 home (updated) and s&d spybot (updated) which i run frequently. so what is it that could be doing this.

    PLEASE HELP!!

    thanks

  15. #15
    Joined
    Apr 2001
    Location
    Los Angeles
    Posts
    21,105

    Re: Twinge Attack Dectect....

    Quote Originally Posted by alkillyou10 View Post
    i am having the same problem only a little more severe.

    this is copied from my dlink di-524 router log file. dont worry about the date bc when i restart the router, it resets it.

    Apr/01/2002 03:13:50 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:13:08 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:12:27 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:11:42 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:11:00 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:10:18 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:09:36 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:08:54 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:08:12 TWINGE ATTACK Detect Packet Dropped
    Apr/01/2002 03:07:30 TWINGE ATTACK Detect Packet Dropped


    now there are 3 computers on the network. my moms (desktop) my brothers laptop and mine. i reset the passkey and checked them one at a time. i get the logs whenever i connect my laptop to the router. what do i do now bc i dont have any virus/malware on my comp. i have avast 7 home (updated) and s&d spybot (updated) which i run frequently. so what is it that could be doing this.

    PLEASE HELP!!

    thanks
    Welcome alkillyou10,

    Did you have a question about the answers given to Fermo about this up above? Do those answers help you?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •