Complete.Org: Mailing Lists: Archives: linux-help: August 2004:
[linux-help] Re: Port 18593 attacks

[linux-help] Re: Port 18593 attacks

[Top] [All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: Port 18593 attacks
From: "Jonathan Hall" <flimzy@xxxxxxxxxx>
Date: Tue, 3 Aug 2004 14:16:33 -0500
Reply-to: linux-help@xxxxxxxxx

Generally your client keeps track of its last-used IP address, and requests
that again from the DHCP server.  Unless some other machine has already
received that IP address, the DHCP server will gladly give it to you again,
even if the previous lease has expired.

----- Original Message -----
From: "bbales" <bbales@xxxxxxx>
To: <linux-help@xxxxxxxxx>
Sent: Tuesday, August 03, 2004 12:57 PM
Subject: [linux-help] Re: Port 18593 attacks

> On Monday 02 August 2004 17:58, you wrote:
> > Powering it off will release the IP;  But ONLY when the lease expires
> > and it does not get renewed.  Bruce said that, and I have experienced
> > it.
> >
> > Usually a lease gets renewed some (specified) time before it expires, so
> > the modem will need to be powered off for at least the lease period in
> > order to force the issuance of a new IP.
> >
> > On Fedora Core 2, pump has been removed and dhcp client is serviced by
> > dhclient. Old lease info is kept in the dhclient.leases file.  Removing
> > or emptying that file may force assignment of a new lease without
> > waiting for the lease to expire.  I am unable to test because I do not
> > use dhcp, but info dhclient has lots of information (including how to
> > explicitly release a lease).
> >
> > Also look at dhclient.conf file.
> The 12 hour power off didn't work.  Cox told me the lease was up at 5:50
so I
> pulled the plug from 5:00 PM until 10:30 this morning.  Same IP address.
> two minutes I got hits on other ports - then the hits were all (or 96%) to
> 18593.  Got 514 in 90 minutes.
> The owner of the lease is a Frazierwall box with a very limited Linux
> so I doubt if it has dhclient.  I'm still investigating.
> John and Adam suggest releasing the lease and dropping another ethernet
> in.  I could do that if I knew how to release the lease.  The box has
> but no man page.
> As far as I can tell, this isn't hurting anything.  If Frazierwall didn't
> in a list of blocked connections I wouldn't have known it was happening.
> I'd still like to get it stopped.
> bruce
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,

[Prev in Thread] Current Thread [Next in Thread]