|Homepage / Publications & Opinion / Silicon.com
Peter Cochrane's Blog: How I fought off a DoS attack
Why do people keep probing my machine?
30.06.05, 10.15 BST, University of Cambridge Computing Dept, UK
At breakfast this morning I had all the bandwidth I needed. But by 08:30(BST) I was communicating at a rate a snail would be proud of. Using my utility programs I discovered that someone was pinging my machine every four seconds.
Why? I have no idea! But they seemed to be continually probing, looking for a way in, trying to find an open port or some means of accessing my hard drive, network, connectivity, email, who knows? One thing for sure, it was an automated attack from some machine.
Searching for the owner turned up an unused (anonymous) address and so there was no obvious way of making contact. And then it got even worse - two machines probing every couple of seconds. Now it looked like a co-ordinated attack.
What to do? My only solution to date has been to fight such attacks 'fire with fire'. A quick phone call and a bit of online activity and I had four machines online pinging both addresses of the attackers. Needless to say, after three hours of retaliation both attacking machines had gone away. Apparently the people denying me connectivity don't like denial of service attacks!
Bluntly I have to say that I really don't like doing things like this. It is like driving badly in response to someone else driving badly. But I cannot find an alternative at present. Fortunately it doesn't seem to be a regular occurrence for me but I know others that suffer attacks all the time, and I suspect the vast majority of people are blissfully unaware that anything is happening at all.
If ever this becomes a serious problem for me, I would feel inclined to cut some code to automate my retaliatory action. What would be a better solution would be some intervention by ISPs - who can see, and cut off, this traffic with ease in the same way they attenuate spam.