Pogoplug pro seems frozen
14 posts
• Page 2 of 2 • 1, 2
Re: Pogoplug pro seems frozen
by guidof » Thu Jan 17, 2013 9:56 pm
$this->bbcode_second_pass_quote('WarheadsSE', 'I') think something must be causing the TCP stack in the mii/gmac driver to hork. We need to see some logs.
Found in auth.log:
Jan 17 21:44:17 pogo01 sshd[1469]: Did not receive identification string from 192.168.1.19
192.168.1.19 is actually my PC IP address while I unsuccesfully tryng to connect using putty.
- guidof
- Posts: 13
- Joined: Thu Jan 10, 2013 5:08 pm
Re: Pogoplug pro seems frozen
by WarheadsSE » Thu Jan 17, 2013 10:18 pm
Do you have any firewall/sshguard/ etc of any kind on the device?
We can see at that point that there is something not-quite working in the network stack, but the question is what.
We can see at that point that there is something not-quite working in the network stack, but the question is what.
- WarheadsSE
- Developer
- Posts: 6807
- Joined: Mon Oct 18, 2010 2:12 pm
Re: Pogoplug pro seems frozen
by guidof » Fri Jan 18, 2013 5:46 pm
Looks like there would be an internet attack but I couldn't detect. Tcp connection never grow, also tried to block ICMP in the router, freeze again
- guidof
- Posts: 13
- Joined: Thu Jan 10, 2013 5:08 pm
Re: Pogoplug pro seems frozen
by guidof » Tue Jan 22, 2013 9:48 pm
$this->bbcode_second_pass_quote('WarheadsSE', 'D')o you have any firewall/sshguard/ etc of any kind on the device?
We can see at that point that there is something not-quite working in the network stack, but the question is what.
We can see at that point that there is something not-quite working in the network stack, but the question is what.
After several cross-check I'm almost sure that my pogoplug is a DoS attack victim.
A DoS intrusion has been logged into my netgear internet router in the router it self pogoplug's mac address change continuosly.
Unfortunately no further information has been reported.
From my netgear router:
$this->bbcode_second_pass_code('', '[DoS attack: ACK Scan] from source: 82.51.109.19:50725, Tuesday, January 22,2013 21:46:38 ')
And different mac address reported:
$this->bbcode_second_pass_code('', '00:25:B5:B5:B6:CB
00:25:3F:D1:B6:CB
00:25:15:15:B6:CB
')
Note that only the third and fourth words change, others are correct.
- guidof
- Posts: 13
- Joined: Thu Jan 10, 2013 5:08 pm