My router is getting hammered with DOS attacks

[Jonessie]

WTF is going on here, for the last couple of weeks now I have been hammered by DOS Attack RST and ACK Scan that slows my network down and I cannot browse because of some little inane keeps attacking me on a regular basis now and I'm starting to get really off. The only reason I can see why somebody is tring to access is because I have a NAS attached to my network which is on from 08:00 - 10:30 Mon - Sun when they are attacking port 80 and 443. I know that Netgear are paranoid when it comes to DOS Attacks and at times you can just ignore them. But when they are becoming more frequent it's now becoming a problem. This is short compared with yesterday. Somedays I will not get anything and no attacks just normal activity.

Really annoying. There are a few ways to compbat this and one of them is to disconnect your router and then turn it back on again to receive a new IP Address, or clone your MAC Address which I don't have the option to do so.

Any suggestions please because it's really annoying. Oh and before you ask. No I don't use P2P and now I don't download files, only legit. The only sharing source I have is my NAS and that is it.

[DoS Attack: ACK Scan] from source: 94.245.120.169, port 443, Wednesday, February 16,2011 17:20:43
[DoS Attack: ACK Scan] from source: 90.223.232.82, port 80, Wednesday, February 16,2011 13:43:50
[DoS Attack: RST Scan] from source: 82.6.158.85, port 46240, Wednesday, February 16,2011 10:30:46
[DoS Attack: RST Scan] from source: 95.48.36.190, port 54242, Wednesday, February 16,2011 03:24:54
[DoS Attack: ACK Scan] from source: 63.231.127.101, port 80, Wednesday, February 16,2011 03:10:09
[DoS Attack: ACK Scan] from source: 87.82.51.73, port 80, Wednesday, February 16,2011 01:43:53
[DoS Attack: ACK Scan] from source: 87.82.51.73, port 80, Wednesday, February 16,2011 00:59:35

[dangel]

sorry missed what you said ignore.

Are you sure it's DOS and not some other service? are you torrenting? which port?

[Jonessie]

sorry missed what you said ignore.

Are you sure it's DOS and not some other service? are you torrenting? which port?

I am aware that Netgear router can state there are attacks when it's just standard communication between servers between your router and the net. if you trace the top IP address is traces back to Microsoft, which makes me think these are standard communications. But... a standard communication should not have an adverse affact on your performance. Port 80 was running so slow I was reverted back to a dialup speed.

[dangel]

It is odd - this:

http://www.grc.com/port_443.htm

...is a good place to start when finding out what's likely to be going on. 80 and 443 are normal - the latter (larger) numbers looked a bit torrenty (hence the question) to me and if you're doing that if the upload rate isn't throttled it'll drown your connection. Thinking out loud rather than saying this is anywhere near the answer.. You've either got a local problem or it's really happening - hard to say! You're sure there's no outgoing traffic whilst this is happening?

BTW torrents can be used legally - it's just a protocol after all!

[dangel]

Which router model? which firmware?

http://forum1.netgear.com/showthread.php?p=329710


..sounds a bit like you.

[watercooled]

Is that the whole log? From what's there I highly doubt it's a DOS attack. If the log was filled (probably thousands or tens of thousands of entries) with the same message over and over from the same IPs then it would be worth looking into, but just from that log it looks like the random crap bouncing round the net that shows up on most routers. Try that grc scan to see if any ports are exposed to the net. Are you sure it's nothing else that might be causing the slow-down?

[Jonessie]

Is that the whole log? From what's there I highly doubt it's a DOS attack. If the log was filled (probably thousands or tens of thousands of entries) with the same message over and over from the same IPs then it would be worth looking into, but just from that log it looks like the random crap bouncing round the net that shows up on most routers. Try that grc scan to see if any ports are exposed to the net. Are you sure it's nothing else that might be causing the slow-down?

Me neither, I agree it's random crap, just ignore it... I know from past experience with Netgear routers they can be a little paranoid and tell lies when you are getting attacked, when it's actually data communication between servers not actually DOS Attacks but standard communication. I knew I should have stayed with Lynksys... Oops I mean CISCO Lynksys as they are now days. You cannot got wrong with a Lynksys router.

Thank you all for your input I really appreciate your comments.

[Zak33]

if you have a dynamic IP... unplug the router, and plug it in again.. new IP.

If you still get them, then you might be sending somwething out there from your network to attract the gits...

if it's static IP.. ask for a new one

[spoon_]

if it's static IP.. ask for a new one

Or change the MAC and let it re-register with DHCP...

[Zak33]

Or change the MAC and let it re-register with DHCP...

not sure that'll work.. the IP is given by the ISP.. mine is always the same... DHCP won't change it

I'm not talking about the PC in the network environ.. I'm talking the routers IP on the net

[watercooled]

Changing your IP can't hurt, as a precaution, but an ACK scan every few hours isn't a DoS attack - take no notice of the router wording.

@Zak33: It depends what ISP you're with - what spoon suggested works with VM.