Results 1 to 13 of 13

Thread: Help - DOS attack

  1. #1
    Registered User
    Join Date
    Oct 2011
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts

    Help - DOS attack

    I've got a netgear DG834 router with a SmoothWall box behind it managing a VPN.

    I keep getting attacked by what the Netgear router thinks is a DOS attack. The biggest attacks occur in the mornings which result in disconnection from the internet. I've got 8 static IP addresses and as you can see from the log, all 8 are being tested using different ports.

    There's more than one attacker;

    The IP address of one attacker is in spamhaus blacklist for spam and seems to originate from France. When I try the IP in a web browser using HTTPS, I get a Microsoft Exchange 2003 webmail login page. If I try the IP in Remote Desktop, I get a Windows Server 2003 login screen.

    Another IP address originates from England and is listed in an offensive database for "Unserviced Port Request or part of a DDOS attack".

    I replaced the router with another netgear DG834 but it also disconnects from the internet during the attack. I also tried replacing it with a Draytek 2820n but this router completely crashes during the attack.

    Please can anyone suggest anything?

  2. #2
    Registered User
    Join Date
    Oct 2011
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Help - DOS attack

    I've edited out the first part of my IP address for security reasons. I can post more logs if requested

    Sat, 2011-10-22 14:43:57 - TCP Packet - Source:68.171.16.17,1411 Destination:00.00.00.235,5903 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1443 Destination:00.00.00.235,5907 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1463 Destination:00.00.00.235,5910 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1457 Destination:00.00.00.235,5909 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1517 Destination:00.00.00.236,5906 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1525 Destination:00.00.00.236,5907 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1554 Destination:00.00.00.236,5910 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1563 Destination:00.00.00.237,5900 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1603 Destination:00.00.00.237,5905 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1636 Destination:00.00.00.237,5909 - [DOS]
    Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1655 Destination:00.00.00.238,5901 - [DOS]
    Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1700 Destination:00.00.00.238,5906 - [DOS]
    Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1737 Destination:00.00.00.239,5900 - [DOS]
    Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1745 Destination:00.00.00.239,5901 - [DOS]
    Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1759 Destination:00.00.00.239,5903 - [DOS]
    Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1784 Destination:00.00.00.239,5906 - [DOS]
    Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sun, 2011-10-23 02:48:49 - TCP Packet - Source:72.71.49.20,37694 Destination:00.00.00.238,22 - [DOS]
    Sun, 2011-10-23 02:48:49 - TCP Packet - Source:72.71.49.20,37695 Destination:00.00.00.239,22 - [DOS]
    Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sun, 2011-10-23 13:52:38 - TCP Packet - Source:94.169.235.159 Destination:00.00.00.233 - [PORT SCAN]
    Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Mon, 2011-10-24 03:02:07 - TCP Packet - Source:221.215.106.147,17347 Destination:00.00.00.239,4899 - [DOS]
    Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59503 Destination:00.00.00.232,5910 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59507 Destination:00.00.00.233,5900 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59509 Destination:00.00.00.233,5901 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59515 Destination:00.00.00.233,5903 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59520 Destination:00.00.00.233,5904 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59525 Destination:00.00.00.233,5906 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59543 Destination:00.00.00.234,5901 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59561 Destination:00.00.00.234,5907 - [DOS]
    Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59581 Destination:00.00.00.235,5903 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59599 Destination:00.00.00.235,5909 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59621 Destination:00.00.00.236,5905 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59639 Destination:00.00.00.237,5900 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59659 Destination:00.00.00.237,5907 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59677 Destination:00.00.00.238,5902 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59695 Destination:00.00.00.238,5908 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59717 Destination:00.00.00.239,5904 - [DOS]
    Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59735 Destination:00.00.00.239,5910 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59501 Destination:00.00.00.232,5909 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59503 Destination:00.00.00.232,5910 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59507 Destination:00.00.00.233,5900 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59509 Destination:00.00.00.233,5901 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59515 Destination:00.00.00.233,5903 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59521 Destination:00.00.00.233,5905 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59539 Destination:00.00.00.234,5900 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59561 Destination:00.00.00.234,5907 - [DOS]
    Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59586 Destination:00.00.00.235,5904 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59599 Destination:00.00.00.235,5909 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59621 Destination:00.00.00.236,5905 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59639 Destination:00.00.00.237,5900 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59659 Destination:00.00.00.237,5907 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59677 Destination:00.00.00.238,5902 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59695 Destination:00.00.00.238,5908 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59717 Destination:00.00.00.239,5904 - [DOS]
    Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59731 Destination:00.00.00.239,5909 - [DOS]
    Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
    Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
    Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
    Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
    Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
    Mon, 2011-10-24 06:58:43 - LCP down.
    Mon, 2011-10-24 06:58:50 - Initialize LCP.
    Mon, 2011-10-24 06:58:51 - LCP is allowed to come up.
    Mon, 2011-10-24 06:59:51 - Initialize LCP.
    Mon, 2011-10-24 06:59:51 - LCP is allowed to come up.
    Mon, 2011-10-24 07:00:52 - Initialize LCP.
    Mon, 2011-10-24 07:00:52 - LCP is allowed to come up.
    Mon, 2011-10-24 07:01:53 - Initialize LCP.
    Mon, 2011-10-24 07:01:53 - LCP is allowed to come up.
    Mon, 2011-10-24 07:02:53 - Initialize LCP.
    Mon, 2011-10-24 07:02:53 - LCP is allowed to come up.
    Mon, 2011-10-24 07:03:54 - Initialize LCP.
    Mon, 2011-10-24 07:03:54 - LCP is allowed to come up.
    Mon, 2011-10-24 07:04:55 - Initialize LCP.
    Mon, 2011-10-24 07:04:55 - LCP is allowed to come up.
    Mon, 2011-10-24 07:05:55 - Initialize LCP.
    Mon, 2011-10-24 07:05:55 - LCP is allowed to come up.
    Mon, 2011-10-24 07:06:56 - Initialize LCP.
    Mon, 2011-10-24 07:06:56 - LCP is allowed to come up.
    Mon, 2011-10-24 07:07:57 - Initialize LCP.
    Mon, 2011-10-24 07:07:57 - LCP is allowed to come up.
    Mon, 2011-10-24 07:34:41 - Administrator login successful - IP:00.00.00.233
    Mon, 2011-10-24 07:34:59 - Initialize LCP.
    Mon, 2011-10-24 07:34:59 - LCP is allowed to come up.

  3. #3
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    31,039
    Thanks
    1,880
    Thanked
    3,379 times in 2,716 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: Help - DOS attack

    What did your ISP say?

  4. #4
    Anthropomorphic Personification shaithis's Avatar
    Join Date
    Apr 2004
    Location
    The Last Aerie
    Posts
    10,857
    Thanks
    645
    Thanked
    872 times in 736 posts
    • shaithis's system
      • Motherboard:
      • Asus P8Z77 WS
      • CPU:
      • i7 3770k @ 4.5GHz
      • Memory:
      • 32GB HyperX 1866
      • Storage:
      • Lots!
      • Graphics card(s):
      • Sapphire Fury X
      • PSU:
      • Corsair HX850
      • Case:
      • Corsair 600T (White)
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • 2 x Dell 3007
      • Internet:
      • Zen 80Mb Fibre

    Re: Help - DOS attack

    Did you configure the "DoS defense Setup" section of the Draytek?
    Main PC: Asus Rampage IV Extreme / 3960X@4.5GHz / Antec H1200 Pro / 32GB DDR3-1866 Quad Channel / Sapphire Fury X / Areca 1680 / 850W EVGA SuperNOVA Gold 2 / Corsair 600T / 2x Dell 3007 / 4 x 250GB SSD + 2 x 80GB SSD / 4 x 1TB HDD (RAID 10) / Windows 10 Pro, Yosemite & Ubuntu
    HTPC: AsRock Z77 Pro 4 / 3770K@4.2GHz / 24GB / GTX 1080 / SST-LC20 / Antec TP-550 / Hisense 65k5510 4K TV / HTC Vive / 2 x 240GB SSD + 12TB HDD Space / Race Seat / Logitech G29 / Win 10 Pro
    HTPC2: Asus AM1I-A / 5150 / 4GB / Corsair Force 3 240GB / Silverstone SST-ML05B + ST30SF / Samsung UE60H6200 TV / Windows 10 Pro
    Spare/Loaner: Gigabyte EX58-UD5 / i950 / 12GB / HD7870 / Corsair 300R / Silverpower 700W modular
    NAS 1: HP N40L / 12GB ECC RAM / 2 x 3TB Arrays || NAS 2: Dell PowerEdge T110 II / 24GB ECC RAM / 2 x 3TB Hybrid arrays || Network:Buffalo WZR-1166DHP w/DD-WRT + HP ProCurve 1800-24G
    Laptop: Dell Precision 5510 Printer: HP CP1515n || Phone: Huawei P30 || Other: Samsung Galaxy Tab 4 Pro 10.1 CM14 / Playstation 4 + G29 + 2TB Hybrid drive

  5. #5
    Jay
    Jay is offline
    Gentlemen.. we're history Jay's Avatar
    Join Date
    Aug 2006
    Location
    Jita
    Posts
    8,365
    Thanks
    304
    Thanked
    568 times in 409 posts

    Re: Help - DOS attack

    turn off your router for 24 hours. They will then stop. Also make sure you don't allow ping replys so they can't tell if you are up or down.

    If you torrent i would stop doing that for a while as well as I think thye just look for IPs and hit them.
    □ΞVΞ□

  6. #6
    The late but legendary peterb - Onward and Upward peterb's Avatar
    Join Date
    Aug 2005
    Location
    Looking down & checking on swearing
    Posts
    19,378
    Thanks
    2,892
    Thanked
    3,403 times in 2,693 posts

    Re: Help - DOS attack

    213.246.181.180 is a secure VOIP server in the UK

    62.193.228.154 is based in France

    I haven't decoded the rest. Port 6000 is generally used for X-windows.

    These occurrences though are typical of opportunist ip probes, tresting for exploitable vulnerabilities. If you are behind a NAT firewall, and you haven't opened any ports for port forwarding, then, unless you are being particularly targeted, it is nothing to worry about.

    If you are using a router (like the Drayteks) with DoS detection/protection enabled, then you will get these reports. If you have protection enabled, it can also affect services like Skype.

    But tbh, it is probably just internet business as usual.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  7. #7
    Senior Member
    Join Date
    Feb 2008
    Posts
    925
    Thanks
    4
    Thanked
    161 times in 148 posts
    • smargh's system
      • Motherboard:
      • Gigabyte GA-EP45-UD3P
      • CPU:
      • Xeon E5450 with 775-to-771 Mod
      • Memory:
      • 16GB Crucial
      • Storage:
      • Intel X25-M G2 80GB/Adaptec 3405 4x 2TB Ultrastar RAID1 / 1x 6TB Hitachi He6 / Dying 2TB Samsung
      • Graphics card(s):
      • GTX 750 Ti
      • PSU:
      • Seasonic X-560
      • Case:
      • Lian-Li PC-A71
      • Operating System:
      • Windows 7 Ultimate 64bit
      • Monitor(s):
      • BenQ G2400WD
      • Internet:
      • Really Crap ADSL2 <3Mbit

    Re: Help - DOS attack

    Disable DoS detection. It only serves to be annoying & sometimes scaremongering - this kind of thing is a normal part of background radiation on the internets.

  8. #8
    Registered User
    Join Date
    Oct 2011
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Help - DOS attack

    Quote Originally Posted by kalniel View Post
    What did your ISP say?
    I'm waiting for a response and will let you know

    Quote Originally Posted by shaithis View Post
    Did you configure the "DoS defense Setup" section of the Draytek?
    I cant remember if I did or not. I've already reset its settings and set it up for another broadband line so I cant check.

    Quote Originally Posted by Jay View Post
    turn off your router for 24 hours. They will then stop. Also make sure you don't allow ping replys so they can't tell if you are up or down.

    If you torrent i would stop doing that for a while as well as I think thye just look for IPs and hit them.
    I cant switch it off for that long, it for a business and they'd go nuts.

    Quote Originally Posted by smargh View Post
    Disable DoS detection. It only serves to be annoying & sometimes scaremongering - this kind of thing is a normal part of background radiation on the internets.
    I thought about disabling DoS detection earlier actually and I'll try that next. There's another firewall behind the router anyway which should be more stable against attacks.

    I fully understand that attacks are normal, thats not the problem. The problem is that the attacks are so severe that the router disconnects itself from the internet. This happens at least 3 times a week and I've tried it with 3 different routers. If it was my router at home I'd be ok with it but its for a business and the staff are going nuts at me.

  9. #9
    Banhammer in peace PeterB kalniel's Avatar
    Join Date
    Aug 2005
    Posts
    31,039
    Thanks
    1,880
    Thanked
    3,379 times in 2,716 posts
    • kalniel's system
      • Motherboard:
      • Gigabyte Z390 Aorus Ultra
      • CPU:
      • Intel i9 9900k
      • Memory:
      • 32GB DDR4 3200 CL16
      • Storage:
      • 1TB Samsung 970Evo+ NVMe
      • Graphics card(s):
      • nVidia GTX 1060 6GB
      • PSU:
      • Seasonic 600W
      • Case:
      • Cooler Master HAF 912
      • Operating System:
      • Win 10 Pro x64
      • Monitor(s):
      • Dell S2721DGF
      • Internet:
      • rubbish

    Re: Help - DOS attack

    It's for an internet critical business and they're using a netgear home router? If ISP gives you the all clear maybe get some more serious hardware.

  10. #10
    Registered User
    Join Date
    Oct 2011
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Help - DOS attack

    Yes I bought the Draytek router which is for small and medium enterprises and the reviews I read were very good but it performed worse than the Netgear during the attack.

  11. #11
    Senior Member gss03's Avatar
    Join Date
    Jul 2003
    Location
    Scotland
    Posts
    725
    Thanks
    6
    Thanked
    28 times in 28 posts

    Re: Help - DOS attack

    In what way did the Draytek perform worse?

    I've used drayteks for years now (Vigor 2600, 2800, 2700, 2820) and never and issues with any of them.

  12. #12
    Registered User
    Join Date
    Oct 2011
    Posts
    5
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Help - DOS attack

    As I said in my original post, the Draytek 2820n completely crashes during the attack. I have to unplug the power and plug in back in. I've tried it with the latest firmware as well.

    The netgear doesn't crash, it just disconnects itself so I have to login and click 'connect'. Under normal circumstances it connects automatically but after the attack its affected in some way.

  13. #13
    ɯʎɔɐɹsɐʌʍ mycarsavw's Avatar
    Join Date
    Feb 2007
    Posts
    4,945
    Thanks
    1,097
    Thanked
    652 times in 481 posts
    • mycarsavw's system
      • Motherboard:
      • P8H77-M Pro
      • CPU:
      • i5 3350P
      • Memory:
      • 16Gb
      • Storage:
      • Lots
      • Graphics card(s):
      • R9 285
      • PSU:
      • HX 620w
      • Case:
      • FD Define Mini
      • Operating System:
      • W10
      • Monitor(s):
      • BenQ G2420HDBL + GL2450HT
      • Internet:
      • Sky

    Re: Help - DOS attack

    Which version of Smoothwall are you running?

    If it's Express, install this mod

    [3.0] Active IP Block MOD V1.0

    Block for 6mo after 3 'attacks'.

    Check the autoblock IPs regularly.
    |Kata: "Read title as 'fisting'. Not sure why I clicked. Relieved, really."|
    |TAKTAK: "It was so small that mine wouldn't fit into it"|

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. My router is getting hammered with DOS attacks
    By Jonessie in forum Networking and Broadband
    Replies: 10
    Last Post: 16-02-2011, 10:30 PM
  2. Replies: 10
    Last Post: 08-12-2009, 06:01 PM
  3. One man DoS/ bandwidth vampire attack?
    By Rave in forum General Discussion
    Replies: 8
    Last Post: 21-07-2009, 09:19 AM
  4. Attack site safeguard from google???
    By cpfc in forum Networking and Broadband
    Replies: 5
    Last Post: 09-12-2008, 06:26 PM
  5. Replies: 6
    Last Post: 18-05-2005, 02:49 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •