[Gllug] Router under attack: help/advice needed

[Caroline Ford]

Skype is p2p and uses your connection when it is running to route calls.

Sent from a mobile device.

On 5 Oct 2009, at 08:59, T Menezes <t.menezes at tm.uklinux.net> wrote:

> Hi,
>
> Thanks everyone for their help.
>
> I was scratching my head over this and realised that there is a  
> relation
> to Skype:
>
> All the incoming ports on the router are blocked, but I have a
> permissive outwards policy (which I know is not ideal). I am not  
> running
> any servers, not even on the intranet.
>
> What bugs me is that the router (Netgear) security emails tell me that
> the destination address is the IP address of my laptop, not that of  
> the
> router's external interface. Shouldn't the router be doing NAT and  
> only
> showing the IP address provided by my ISP?
>
> I was puzzled, so I decided to change the details of the home  
> intranet.
> And lo and behold, the security emails from the router read the new
> internal IP address of my laptop. The thing is that it only took  
> like 1
> minute for the attacker to pick up the internal IP address.
>
> At the time I only had my laptop connected to the home network. I  
> had a
> think and Skype was the only programme that I had (knowingly)  
> plugged to
> the internet. So I turned it off, changed the details of the intranet
> again and re-connected to the internet. Now, it took a good 8 hours to
> start getting more security emails from the router. More  
> interestingly,
> the emails started as soon as my wife turned her laptop on (which
> automatically starts Skype when Windows boots up and she logs in).
>
> Any thoughts anyone?
>
> Thanks
> TM
> -- 
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug