D-link smells "Fish"y...

edited August 2004 in Hardware
OK. I was going through my router config page and took a look at my log.

Here's some of waht I found...
Aug/03/2004 17:54:11 Ping of Death Detect 141.150.253.229:81 24.228.72.200:60016 Packet Dropped

So I ran a whois at www.dslreports.com/whois and found that it was Verizon DSL through a NJ hop or whatever you call it. This got me suspicious, so I ran pings on command prompt for the various Fish sites. All were something starting with 66, probably Dynamic DNS's, until I ran fishnet.no-ip.org. So "that bastard" I think and sign on to AIM...

So, I was going to confront Fish about this, but like sane people, he was in bed. So, I asked Q, but with a blanket of secrecy because I still planned to confront Fish in the morning. Here's Q and my convo:
SurfinSHELL 23: hey
CompaqSx: Hi
SurfinSHELL 23: can I discuss something with you that you solemly sware not to discuss AT ALL with Fish?
CompaqSx: I can try...
SurfinSHELL 23: you promise?
CompaqSx: I'll do what I can
SurfinSHELL 23: wanna explain this from my router log?
SurfinSHELL 23: Aug/03/2004 17:54:11 Ping of Death Detect 141.150.253.229:81 24.228.72.200:60016 Packet Dropped
CompaqSx: Someone tried to crash your W95 machine
SurfinSHELL 23: not W95
CompaqSx: That's what they trageted
SurfinSHELL 23: now go to cmd, ping fishnet.no-ip.org
CompaqSx: and it's command, not cmd
SurfinSHELL 23: whatever
CompaqSx: Do you have a DLink?
SurfinSHELL 23: yea
CompaqSx: HaH!
CompaqSx: You've got one of the bad firmwares!
SurfinSHELL 23: so, update it?
SurfinSHELL 23: or wht
CompaqSx: Can you get to the forumn now?
SurfinSHELL 23: why is Fish scanning me?
SurfinSHELL 23: yea
CompaqSx: Fish ISN'T scanning
SurfinSHELL 23: there's more, btw
Aug/03/2004 15:41:42 Ping of Death Detect 141.150.253.229:81 24.228.72.200:63702 Packet Dropped
Aug/03/2004 15:41:16 Ping of Death Detect 141.150.253.229:81 24.228.72.200:63698 Packet Dropped
Aug/03/2004 15:41:16 Ping of Death Detect 141.150.253.229:81 24.228.72.200:63697 Packet Dropped
Aug/03/2004 15:41:16 Ping of Death Detect 141.150.253.229:81 24.228.72.200:63696 Packet Dropped
Aug/03/2004 15:41:15 TearDrop Attack Detect 141.150.253.229:81 24.228.72.200:63694 Packet Dropped
Aug/03/2004 15:41:15 Ping of Death Detect 141.150.253.229:81 24.228.72.200:63692 Packet Dropped
Aug/03/2004 15:41:15 Ping of Death Detect 141.150.253.229:81 24.228.72.200:63690 Packet Dropped
CompaqSx: Your routers firmwares fuqued up
CompaqSx: It's well documented
SurfinSHELL 23: not in any documents I read, apparently
CompaqSx: Alot of DLink routers freak out easily
CompaqSx: http://shadow.sentry.org/~trev/dsl50x.html
CompaqSx: And I know that it's fuqued
CompaqSx: Because PINGs don't have port #s!
SurfinSHELL 23: whoops
SurfinSHELL 23: But why is this coming from Fish's IP?
CompaqSx: Because you're visiting the forumn
CompaqSx: Hence post :81
CompaqSx: *port
SurfinSHELL 23: but I can go on other sites without them showing up...
CompaqSx: That's because the firmware is fuqued
CompaqSx: That's the only thing
CompaqSx: PINGs use ICMP and ICMP does NOT have port numbers
CompaqSx: Your router thinks that a standard IP packet is a PING
SurfinSHELL 23: hmph
SurfinSHELL 23: but only in fish's ip?
CompaqSx: I don't know, why it's him, but it's definately not a portscann
CompaqSx: PING of Death in aincent
CompaqSx: Like 8 years old
CompaqSx: Maybe 2% of the Internet is vulnerable
CompaqSx: And to send from that port means that the forumn whould have to be down
SurfinSHELL 23: o
CompaqSx: Face it, it's your poor-afs router, NOT Fish's attack
SurfinSHELL 23: alright alright alright
SurfinSHELL 23: what's a TearDrop Attack?
CompaqSx: It's a DoS for 3.1, 95 and NT
SurfinSHELL 23: oh
SurfinSHELL 23: yikes.. firmware is from Dec 03
CompaqSx: You send a bunch of packet fragments with certain headers and when they get reassemebed then system crashed
SurfinSHELL 23: o
CompaqSx signed on at 4:00:23 AM.
SurfinSHELL 23: grrr... cant upgrade now
CompaqSx: You should post this
SurfinSHELL 23: to... make an ass of myself for having year old firmware?
CompaqSx: No, so someone else doesn't go through this too
CompaqSx: You don't have to say "Dec 03"
SurfinSHELL 23: alright
SurfinSHELL 23: what forum?
CompaqSx: Talk HardwarE?
SurfinSHELL 23: ok

Bottom line- update your firmware. I will update mine in the morning, as I need to look at a number on the physical router. D-Link users, especially, should update their firmware, but everyone should check once in a while.

Comments

  • I still love that story. I hate to brag about it but my crap CompUSA router has NEVER had ANY problems! I love it!

    -Q
  • Well, it was kind of better than the Belkin. I never even reviewed the log on that on. My firmware is upgraded now. :)
  • routers sound like fun.... i should get one...
Sign In or Register to comment.