Contact your service provider. They will take the appropriate steps; anything you do to him would be ambiguous froma legal standpoint, and may violate your TOS (two wrongs not making a right, and all that. -- Henry Sieff Network Nanny Orthodontic Centers of America (504) 834-4392 ext.135 > -----Original Message----- > From: TUDOR PANAITESCU [mailto:tpanaitescuat_private] > Sent: Sunday, October 03, 1999 6:38 AM > To: firewall-wizardsat_private > Subject: Bogus DHCP server in the network.... > > > Hello fellow wizards, > > Here's the picture. I am a client of Adelphia PowerLink > CableTV. They use DHCP > for giving IP addresses. In the last weeks a bogus DHCP > server showed up into > the network giving addresses in 192.168.244.128/25. The guy > is using aliasing > on his Ethernet interface, he has an address aquired from the > ISP in the ISP's > range and he configured his interface with 192.168.244.129 > too. I have his > MAC. He gives DNS services. The system the hacker uses is > totally protected, > no ports are "visible" to allow to try to do something to his > system (can syn > flood be a solution?). Some time ago the hacker provided > forwarding also but > now he's not forwarding anymore anoying lots of people in the > net as they > don't have access to the INTERNET. I believe it is a UNIX > box, most likely > LINUX with NAT. Now here comes the question: is anything > there we can do to > block this guy ? > > Any answer will be greately appreciated. I will sumarize also > for archiving > purposes. > > TIA & best regards, > Tudor > > ____________________________________________________________________ > Get free email and a permanent address at > http://www.netaddress.com/?N=1 >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:42:17 PDT