[cobalt-security] Cube 3 sending DOS attacks?

["Ed Hodder" <ehodder@xxxxxxxxxxxxxxx>]

Hi,

 

I've got a Cube 3. Recently, when the host for a website I run went down, I ported the site over to the Cube and was serving from there while the host sorted out their problems.

 

Things were going relatively well, but one person complained about BlackIce giving him denial of service attack warnings. Here's his note.

 

I had 47 IP Fragment overlays when going to that page immeadiately. I went
to the login page to se if that also would set the firewall of an it did as
well. That page continues to rack up DdOS fragments as I type this.

Severity (icon), Time, Attack, Intruder, Count,
2, 2001-01-23 22:41:13, IP fragment overlap,
adsl-64-109-192-161.cleveland.oh.ameritech.net, 52
2, 2001-01-23 21:59:41, IP fragment overlap,
adsl-64-109-192-161.cleveland.oh.ameritech.net, 50

The last two number are the attack amounts.

 

I believe the particular page he was talking about was http://theartboard.linksysnet.com/cgi-bin/comicart-l/login.cfm

 

Yes, I've installed Cold Fusion Express on the box. I needed to get the site up quickly and rather than reconstuct the whole thing in PHP and MySQL, which I would like to do, this was the quickest solution. Other than that, the box is straight from Cobalt.

 

The Cube is hooked up through Ameritech DSL. I use a Linksys BEFSR41 and the TZO service. Any ideas? I'm a Linux newbie so if I need to look for particular hacks please be as specific as possible. Advice like 'next, jump over a tall building (you may need to construct the tall building to do this) won't be helpful :)

 

Ed Hodder