Results 1 to 11 of 11

Thread: My router is getting hammered with DOS attacks

  1. #1
    Member
    Join Date
    Feb 2009
    Location
    Cardiff
    Posts
    152
    Thanks
    35
    Thanked
    9 times in 6 posts
    • Jonessie's system
      • Motherboard:
      • Asus Rampage II Extreme, Intel X58
      • CPU:
      • Intel i7 920, D0 SLBEJ S1366, Bloomfield, 2.66 GHz
      • Memory:
      • 2x6GB (3x2GB) Corsair Dominator GT, DDR3 PC3-14900 (1866)
      • Storage:
      • 2TB SATA SEAGATE
      • Graphics card(s):
      • 2x1GB Sapphire HD 5870, PCI-E 2.0, 4800MHz GDDR5, GPU 850MHz, Crossfire
      • PSU:
      • ENERMAX REVOLUTION 850W
      • Case:
      • ThermalTake SPEDO Advanced Package
      • Operating System:
      • Windows 7 Ultimate 64-bit
      • Monitor(s):
      • Dell SP2309W (HDMI) 2048x1152
      • Internet:
      • VM 50MB Broadband :)

    Angry My router is getting hammered with DOS attacks

    WTF is going on here, for the last couple of weeks now I have been hammered by DOS Attack RST and ACK Scan that slows my network down and I cannot browse because of some little inane keeps attacking me on a regular basis now and I'm starting to get really off. The only reason I can see why somebody is tring to access is because I have a NAS attached to my network which is on from 08:00 - 10:30 Mon - Sun when they are attacking port 80 and 443. I know that Netgear are paranoid when it comes to DOS Attacks and at times you can just ignore them. But when they are becoming more frequent it's now becoming a problem. This is short compared with yesterday. Somedays I will not get anything and no attacks just normal activity.

    Really annoying. There are a few ways to compbat this and one of them is to disconnect your router and then turn it back on again to receive a new IP Address, or clone your MAC Address which I don't have the option to do so.

    Any suggestions please because it's really annoying. Oh and before you ask. No I don't use P2P and now I don't download files, only legit. The only sharing source I have is my NAS and that is it.

    [DoS Attack: ACK Scan] from source: 94.245.120.169, port 443, Wednesday, February 16,2011 17:20:43
    [DoS Attack: ACK Scan] from source: 90.223.232.82, port 80, Wednesday, February 16,2011 13:43:50
    [DoS Attack: RST Scan] from source: 82.6.158.85, port 46240, Wednesday, February 16,2011 10:30:46
    [DoS Attack: RST Scan] from source: 95.48.36.190, port 54242, Wednesday, February 16,2011 03:24:54
    [DoS Attack: ACK Scan] from source: 63.231.127.101, port 80, Wednesday, February 16,2011 03:10:09
    [DoS Attack: ACK Scan] from source: 87.82.51.73, port 80, Wednesday, February 16,2011 01:43:53
    [DoS Attack: ACK Scan] from source: 87.82.51.73, port 80, Wednesday, February 16,2011 00:59:35
    JONESSIE
    Never use an iPod Touch to type because you need fingers like chopsticks.

  2. #2
    Loves Wifey dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,343
    Thanks
    403
    Thanked
    448 times in 330 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 7
      • Monitor(s):
      • See My Sig
      • Internet:
      • 20mbit Sky LLU

    Re: My router is getting hammered with DOS attacks

    sorry missed what you said ignore.

    Are you sure it's DOS and not some other service? are you torrenting? which port?
    System 001: Asus Z68 Deluxe, 2600k i7, EK Supreme HF - Full Copper CPU Block, GTX 670 FTW 2GB x 2 SLI, EK 680 GPU Blocks/EK Bridge, 16GIG Corsair Vengence DDR3 RAM CL9 @ 1600mhz, Corsair HX1000, Dell U2412M (+2 other Dell IPS'), Logitech 5.1, Samsung F3 1TB x 2, Samsung 840 Pro 256GB SSD (System), Samsung 830 128GB SDD (Games), Antec 1200 case, Thermochill 120.4 rad, Vario Pump, Windows 8.1.1 x64, Cyberpower 1500VA UPS[main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  3. Received thanks from:

    Jonessie (16-02-2011)

  4. #3
    Member
    Join Date
    Feb 2009
    Location
    Cardiff
    Posts
    152
    Thanks
    35
    Thanked
    9 times in 6 posts
    • Jonessie's system
      • Motherboard:
      • Asus Rampage II Extreme, Intel X58
      • CPU:
      • Intel i7 920, D0 SLBEJ S1366, Bloomfield, 2.66 GHz
      • Memory:
      • 2x6GB (3x2GB) Corsair Dominator GT, DDR3 PC3-14900 (1866)
      • Storage:
      • 2TB SATA SEAGATE
      • Graphics card(s):
      • 2x1GB Sapphire HD 5870, PCI-E 2.0, 4800MHz GDDR5, GPU 850MHz, Crossfire
      • PSU:
      • ENERMAX REVOLUTION 850W
      • Case:
      • ThermalTake SPEDO Advanced Package
      • Operating System:
      • Windows 7 Ultimate 64-bit
      • Monitor(s):
      • Dell SP2309W (HDMI) 2048x1152
      • Internet:
      • VM 50MB Broadband :)

    Re: My router is getting hammered with DOS attacks

    Quote Originally Posted by dangel View Post
    sorry missed what you said ignore.

    Are you sure it's DOS and not some other service? are you torrenting? which port?
    I am aware that Netgear router can state there are attacks when it's just standard communication between servers between your router and the net. if you trace the top IP address is traces back to Microsoft, which makes me think these are standard communications. But... a standard communication should not have an adverse affact on your performance. Port 80 was running so slow I was reverted back to a dialup speed.
    JONESSIE
    Never use an iPod Touch to type because you need fingers like chopsticks.

  5. #4
    Loves Wifey dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,343
    Thanks
    403
    Thanked
    448 times in 330 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 7
      • Monitor(s):
      • See My Sig
      • Internet:
      • 20mbit Sky LLU

    Re: My router is getting hammered with DOS attacks

    It is odd - this:

    http://www.grc.com/port_443.htm

    ...is a good place to start when finding out what's likely to be going on. 80 and 443 are normal - the latter (larger) numbers looked a bit torrenty (hence the question) to me and if you're doing that if the upload rate isn't throttled it'll drown your connection. Thinking out loud rather than saying this is anywhere near the answer.. You've either got a local problem or it's really happening - hard to say! You're sure there's no outgoing traffic whilst this is happening?

    BTW torrents can be used legally - it's just a protocol after all!
    System 001: Asus Z68 Deluxe, 2600k i7, EK Supreme HF - Full Copper CPU Block, GTX 670 FTW 2GB x 2 SLI, EK 680 GPU Blocks/EK Bridge, 16GIG Corsair Vengence DDR3 RAM CL9 @ 1600mhz, Corsair HX1000, Dell U2412M (+2 other Dell IPS'), Logitech 5.1, Samsung F3 1TB x 2, Samsung 840 Pro 256GB SSD (System), Samsung 830 128GB SDD (Games), Antec 1200 case, Thermochill 120.4 rad, Vario Pump, Windows 8.1.1 x64, Cyberpower 1500VA UPS[main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  6. Received thanks from:

    Jonessie (16-02-2011)

  7. #5
    Loves Wifey dangel's Avatar
    Join Date
    Aug 2005
    Location
    Cambridge, UK
    Posts
    8,343
    Thanks
    403
    Thanked
    448 times in 330 posts
    • dangel's system
      • Motherboard:
      • See My Sig
      • CPU:
      • See My Sig
      • Memory:
      • See My Sig
      • Storage:
      • See My Sig
      • Graphics card(s):
      • See My Sig
      • PSU:
      • See My Sig
      • Case:
      • See My Sig
      • Operating System:
      • Windows 7
      • Monitor(s):
      • See My Sig
      • Internet:
      • 20mbit Sky LLU

    Re: My router is getting hammered with DOS attacks

    Which router model? which firmware?

    http://forum1.netgear.com/showthread.php?p=329710


    ..sounds a bit like you.
    System 001: Asus Z68 Deluxe, 2600k i7, EK Supreme HF - Full Copper CPU Block, GTX 670 FTW 2GB x 2 SLI, EK 680 GPU Blocks/EK Bridge, 16GIG Corsair Vengence DDR3 RAM CL9 @ 1600mhz, Corsair HX1000, Dell U2412M (+2 other Dell IPS'), Logitech 5.1, Samsung F3 1TB x 2, Samsung 840 Pro 256GB SSD (System), Samsung 830 128GB SDD (Games), Antec 1200 case, Thermochill 120.4 rad, Vario Pump, Windows 8.1.1 x64, Cyberpower 1500VA UPS[main]
    System 002: A8 3850 APU, ASUS uATX FM1A75 MB, 4GB Corsair Vengeance DDR3, Corsair psu, OCZ Agility 3, 1TB F3, Dell 2001FP 20" LCD, £7's worth of 5.1 speakers (they rock) Windows 7 x64[wife/server]
    System 003: AsRock MB, APU, 8 GIG Corsair, Silverstone HTPC case, stock cooler, GT220 1gbDDR3, WD Green 3TB, Kingston 40gb SSD, MCE Remote, Panasonic 50" LCD (87BDX) via HDMI Windows 8.1.1 (32) [media centre]
    System 004: Asus UL50AT Intel Core 2 Duo,4GB, Intel Gen 2 80GB SSD, Win 8.1.1 x64 [no justification]
    System 005: HP Proliant N40L Microserver, 4x2TB drives, fan mod, Pico PSU mod, Win7 x86 [file server]
    System 006: Dell Optiplex 9010, i7, 8gb, 128gb Samsung 830 x 2 (boot and VM drive), 1TB WD HDD, ATI something, Windows 8.1.1 x64 RTM [work]


  8. Received thanks from:

    Jonessie (16-02-2011)

  9. #6
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    8,287
    Thanks
    1,308
    Thanked
    645 times in 563 posts

    Re: My router is getting hammered with DOS attacks

    Is that the whole log? From what's there I highly doubt it's a DOS attack. If the log was filled (probably thousands or tens of thousands of entries) with the same message over and over from the same IPs then it would be worth looking into, but just from that log it looks like the random crap bouncing round the net that shows up on most routers. Try that grc scan to see if any ports are exposed to the net. Are you sure it's nothing else that might be causing the slow-down?

  10. Received thanks from:

    Jonessie (16-02-2011)

  11. #7
    Member
    Join Date
    Feb 2009
    Location
    Cardiff
    Posts
    152
    Thanks
    35
    Thanked
    9 times in 6 posts
    • Jonessie's system
      • Motherboard:
      • Asus Rampage II Extreme, Intel X58
      • CPU:
      • Intel i7 920, D0 SLBEJ S1366, Bloomfield, 2.66 GHz
      • Memory:
      • 2x6GB (3x2GB) Corsair Dominator GT, DDR3 PC3-14900 (1866)
      • Storage:
      • 2TB SATA SEAGATE
      • Graphics card(s):
      • 2x1GB Sapphire HD 5870, PCI-E 2.0, 4800MHz GDDR5, GPU 850MHz, Crossfire
      • PSU:
      • ENERMAX REVOLUTION 850W
      • Case:
      • ThermalTake SPEDO Advanced Package
      • Operating System:
      • Windows 7 Ultimate 64-bit
      • Monitor(s):
      • Dell SP2309W (HDMI) 2048x1152
      • Internet:
      • VM 50MB Broadband :)

    Re: My router is getting hammered with DOS attacks

    Quote Originally Posted by watercooled View Post
    Is that the whole log? From what's there I highly doubt it's a DOS attack. If the log was filled (probably thousands or tens of thousands of entries) with the same message over and over from the same IPs then it would be worth looking into, but just from that log it looks like the random crap bouncing round the net that shows up on most routers. Try that grc scan to see if any ports are exposed to the net. Are you sure it's nothing else that might be causing the slow-down?
    Me neither, I agree it's random crap, just ignore it... I know from past experience with Netgear routers they can be a little paranoid and tell lies when you are getting attacked, when it's actually data communication between servers not actually DOS Attacks but standard communication. I knew I should have stayed with Lynksys... Oops I mean CISCO Lynksys as they are now days. You cannot got wrong with a Lynksys router.

    Thank you all for your input I really appreciate your comments.
    JONESSIE
    Never use an iPod Touch to type because you need fingers like chopsticks.

  12. #8
    HEXUS.timelord. Zak33's Avatar
    Join Date
    Jul 2003
    Location
    I'm a Jessie
    Posts
    29,947
    Thanks
    1,730
    Thanked
    1,629 times in 1,015 posts
    • Zak33's system
      • Motherboard:
      • Gigabyte GA-MA77T-UD3
      • CPU:
      • Phenom II 1045 X6
      • Memory:
      • 16gig Ripsaw DDR3 1600@1333
      • Storage:
      • Intel SSD, Kingston HyperX SSD, Hitachi 1Tb
      • Graphics card(s):
      • MSI 6950 Twin Frozer II 2gig
      • PSU:
      • Coolermaster 800w
      • Case:
      • Silverstone Fortress FT01
      • Operating System:
      • Win7
      • Monitor(s):
      • Iiyama ProLite E2201W & Benq 22"
      • Internet:
      • Zen FTC uber speedy

    Re: My router is getting hammered with DOS attacks

    if you have a dynamic IP... unplug the router, and plug it in again.. new IP.

    If you still get them, then you might be sending somwething out there from your network to attract the gits...

    if it's static IP.. ask for a new one

    setoutyourstall.blogspot.co.uk

    Quote Originally Posted by Saracen View Post
    Delonghi gave me about 18 inches, which is not really enough

  13. #9
    <<== UT3 Player spoon_'s Avatar
    Join Date
    Nov 2008
    Location
    London
    Posts
    2,028
    Thanks
    112
    Thanked
    139 times in 131 posts

    Re: My router is getting hammered with DOS attacks

    Quote Originally Posted by Zak33 View Post

    if it's static IP.. ask for a new one
    Or change the MAC and let it re-register with DHCP...

  14. #10
    HEXUS.timelord. Zak33's Avatar
    Join Date
    Jul 2003
    Location
    I'm a Jessie
    Posts
    29,947
    Thanks
    1,730
    Thanked
    1,629 times in 1,015 posts
    • Zak33's system
      • Motherboard:
      • Gigabyte GA-MA77T-UD3
      • CPU:
      • Phenom II 1045 X6
      • Memory:
      • 16gig Ripsaw DDR3 1600@1333
      • Storage:
      • Intel SSD, Kingston HyperX SSD, Hitachi 1Tb
      • Graphics card(s):
      • MSI 6950 Twin Frozer II 2gig
      • PSU:
      • Coolermaster 800w
      • Case:
      • Silverstone Fortress FT01
      • Operating System:
      • Win7
      • Monitor(s):
      • Iiyama ProLite E2201W & Benq 22"
      • Internet:
      • Zen FTC uber speedy

    Re: My router is getting hammered with DOS attacks

    Quote Originally Posted by spoon_ View Post
    Or change the MAC and let it re-register with DHCP...
    not sure that'll work.. the IP is given by the ISP.. mine is always the same... DHCP won't change it

    I'm not talking about the PC in the network environ.. I'm talking the routers IP on the net

    setoutyourstall.blogspot.co.uk

    Quote Originally Posted by Saracen View Post
    Delonghi gave me about 18 inches, which is not really enough

  15. #11
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    8,287
    Thanks
    1,308
    Thanked
    645 times in 563 posts

    Re: My router is getting hammered with DOS attacks

    Changing your IP can't hurt, as a precaution, but an ACK scan every few hours isn't a DoS attack - take no notice of the router wording.

    @Zak33: It depends what ISP you're with - what spoon suggested works with VM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Draytek Vigor 2800G mini-review
    By Taz in forum Networking and Broadband
    Replies: 11
    Last Post: 01-11-2013, 06:41 PM
  2. Replies: 10
    Last Post: 08-12-2009, 05:01 PM
  3. Multiple static IPs going to your router
    By latrosicarius in forum Networking and Broadband
    Replies: 3
    Last Post: 22-11-2008, 03:13 PM
  4. Can one wireless router connect to another for internet viewing ?
    By mike63uk in forum Networking and Broadband
    Replies: 2
    Last Post: 05-02-2008, 08:41 PM
  5. Pipex problems, DOS attacks or ? ?
    By Carnagerover in forum Networking and Broadband
    Replies: 14
    Last Post: 25-01-2007, 01:14 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •