[linux-help] Re: Port 18593 attacks

[bbales <bbales@xxxxxxx>]

On Monday 02 August 2004 17:58, you wrote:
> Powering it off will release the IP;  But ONLY when the lease expires
> and it does not get renewed.  Bruce said that, and I have experienced
> it.
>
> Usually a lease gets renewed some (specified) time before it expires, so
> the modem will need to be powered off for at least the lease period in
> order to force the issuance of a new IP.
>
> On Fedora Core 2, pump has been removed and dhcp client is serviced by
> dhclient. Old lease info is kept in the dhclient.leases file.  Removing
> or emptying that file may force assignment of a new lease without
> waiting for the lease to expire.  I am unable to test because I do not
> use dhcp, but info dhclient has lots of information (including how to
> explicitly release a lease).
>
> Also look at dhclient.conf file.

The 12 hour power off didn't work.  Cox told me the lease was up at 5:50 so I 
pulled the plug from 5:00 PM until 10:30 this morning.  Same IP address.  For 
two minutes I got hits on other ports - then the hits were all (or 96%) to 
18593.  Got 514 in 90 minutes.

The owner of the lease is a Frazierwall box with a very limited Linux system, 
so I doubt if it has dhclient.  I'm still investigating.

John and Adam suggest releasing the lease and dropping another ethernet board 
in.  I could do that if I knew how to release the lease.  The box has dhcpcd, 
but no man page.

As far as I can tell, this isn't hurting anything.  If Frazierwall didn't send 
in a list of blocked connections I wouldn't have known it was happening.  But 
I'd still like to get it stopped.
bruce

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi