Denial of Service attack? on a Mac?

claire_elis

Registered
hello fellow mac users.

ive been having a problem with my computer - it's one of three on a home network, the other two are PCs. Recently, my internet access slowed to a SNAILS PACE (~ 30 kbps!) while my roomates are still experiencing net life as usual (4 Mbps...)

im not very tech saavy, but after three dys of research and trouble shooting, and ruling out gazillions of possibilties, its come to my attention that i may be suffering a DENIAL OF SERVICE attack.

so i looked into this, and i cant really understand ANY of the material ive read on this topic.

HELP!!!!!!!! how can i reliably diagnose and solve this problem? :(

i have an eMac running 10.2.8, connected to an Asante FR 1004 router, and a cable modem connected to that...
 
So the internet isn't slow on the PCs at all?

Anyways, the only way your Mac could be getting DoS'ed while behind a router, is if you either have ports forwarded to your Mac, or your PCs are infected with viruses and are trying to DoS it.

It is possible that your router is being DoS'ed but I wouldn't know why someone would try that.

And just to clarify. You can DoS attack anything with a network connetion, because it is exactly what it is called, denying service by flooding the network connection.
 
claire_elis said:
im not clear on this whole 'port' thing; how do i know if i have 'ports forwarding to my mac' ?

If you don't know what it is it probably isn't a problem because you have to manually set it up in the router config.

Have you tried any of the other PCs yet. How about connecting the Mac directly to the modem?
 
It is a safe bet that if you don't know about ports, then you haven't set up the router to forward anything to your computer. That is, your computer is not experiencing DOS from outside your network.

If your other pcs are fine by all accounts, then no one can be DOS'ing your router either or those pcs would be experiencing the same problems.

I have a hard time believing the PCs are causing this as they would also be experiencing slowdow I would imagine. Just to be sure, why not disconnect them from the network and see if your problem eases up?

Most likely, you are running some software that is hogging your bandwidth. I can't imagine what, but you can fire up Activity Monitor.app and check out the network graph. If you are experiencing a lot of network traffic (either sent or received) you at least have somewhere to start.

If the network traffic is moderate, then it is most probably a connection problem.
 
I would hazard a guess that if you dont know about ports, then your router is probably in a relatively standard configuration (unless you live with tech people who keep fiddling with it).

One thing you could get and try and maybe should have (i swear by it...not at it) is Little Snitch http://www.obdev.at/products/littlesnitch/

You can install this, restart your mac, and the moment something tries to send out or call home it will alert you. That will give you a pretty good idea of whats going on. Its also simple to use.
 
when i connect the mac directly to the modem, my connection speed is fine.

(which of corse points to the problem being in the router or network, but in my dealings with the router compnay, they basically said that the router is working fine, that looking at my router's log, its either a DoS, or a spyware/malware on the PCs.)

When i disconnect the 2 pcs from the network, the problem is still there.

I ran AD-Aware and AVG anti virus on both PCs, found some spyware, no viruses, cleaned it all up, and the problem still exist.

When I run activity monitor on my Mac, everything looks fine. IE: no traffic except for when im loading a page, although to be honest, im still a little shaky on decoding all those green/orange/red lines....

Also, I installed lil snitch (demo version) and im not getting any messages from that yet, either.

*sigh* Im gonna try re-intalling my OS (archive and install - not preserving prefs, ect) and see if that makes any difference.


BUT: is it possible that a DoS attack would target my router's IP, then my computer's IP after that? (the router distributes each computer its own 'ip' within the router's range) which would account for why the PCS are running fine, and only my Mac is encountering the problem?
 
If you connect directly (without the router) it works fine, correct? Then a OS resinstall won't do any good. That test alone, all but eliminates a defect in the computer.

It also seems you aren't getting odd network traffic to/from your mac so It wouldn't make sense for it to be a DOS. By your statements here it almost has to be a problem in the router.

Try assigning your mac a different IP through the router. If nothing else, go get a different router just to test it out. Just make sure you can return it after opening it.
 
FWIW, I concur wholeheartedly with cfleck that reinstalling is a waste of time. Since you have normal speed when connected directly to the modem, that isolates the problem to the router and the cable connecting your Mac to the router. Try connecting your Mac using the ethernet cable normally connected to one of the PCs and see what your connection speed is. If it is normal, go buy a new ethernet cable and be sure to get a good one. A good ethernet, USB, or Firewire cable is never the cheapest on the store shelf either regardless of the "rating" on the package. But for ethernet Cat 5e is generally preferable to plain Cat 5 and Cat 6, if you can find it, is better than Cat 5e.
 
Surely if it were a DOS attack all of the machines using that router would be affected, regardless of whether it was directed at your mac-it would still be flooding through the router causing all connections to be slow/fail.
If the wired connection has no problems then it could simply be interference from an external source. (an old cordless phone we had in the cellar at work caused my wireless to cut out everytime it rang!!)
Try changing the wireless channel on the router.
 
hehe: Jh2112: its not a wireless router.

Well, i reinstalled my OS (before reading your warnings....) and as predicted: no change.

so i just went out and bought a new router - a wireless D-Link. now we'll see if it works.....
 
Well, the new router has everything back to normal.

I guess this means that the problem really WAS with the old router. Blah, asante, grrrrrr.

thanks for all your help guys! this website ROCKS.
 
Question, tho.

It seems possible to me that the new router has solved the problem for one of 2 reasons.
1. the old router was just plain 'broke' in some bizarre, specific way.
OR
2. the new router changed the network's IP, therefore stopping a DoS.

does this make sense?

How can you protect against a DoS? (in terms I can understand...)
How can I protect against spyware from entering my nework? (should a scanner such as ad-aware on the PCs be enough?)
 
Back
Top