Text only | Text with Images

IDNetters Forums

Technical News & Discussion => Networking & Routers => Netgear => Topic started by: mankatron2009 on Feb 22, 2010, 12:30:06

Title: DoS attack security logs
Post by: mankatron2009 on Feb 22, 2010, 12:30:06
Hi all,

Since logging online this morning, my router has gone bonkers sending an almost constant flood of emails alerting me to DoS attacks. I get these alerts infrequently but I've had 50+ email alerts in under an hour, from a number of different IP addresses.

For instance:

TCP Packet - Source:69.48.39.178,63517 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:69.114.51.117,43547 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:213.89.194.28,40744 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:71.10.224.82,52147 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:82.171.56.210,18899 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:72.231.166.180,35945 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:70.69.57.0,60406 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:82.139.115.10,3675 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:68.198.155.96,54232 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:69.48.39.178,63517 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:85.24.222.173,40728 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:24.131.215.182,63179 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:212.117.169.36,33942 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:66.90.77.250,48801 Destination:**.**.***.***,50889 - [DOS]
TCP Packet - Source:24.6.141.24,35535 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:85.24.222.173,40728 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:24.131.215.182,63179 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:71.10.224.82,52147 Destination:**.**.***.***,34382 - [DOS]
TCP Packet - Source:98.151.246.202,54897 Destination:**.**.***.***,50846 - [DOS]

I've ran the Norton online scan a couple of times and it shows everything as safe.

Any help greatly appreciated, thanks :)
Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 12:34:22
Your router firewall is just doing it's job, there's nothing to worry about (though I'd turn off the email alerts ;)).
Title: Re: DoS attack security logs
Post by: mankatron2009 on Feb 22, 2010, 12:38:27
I thought as much, cheers. The sheer volume of 'em made me a bit paranoid!

Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 12:47:26
It happens from time to time. Is your router 'stealthed', ie set not to respond to ICMP traffic. That helps in time.
Title: Re: DoS attack security logs
Post by: mankatron2009 on Feb 22, 2010, 12:49:23
No, I don't think it is - I had a look for the setting and couldn't find it, though I may be looking for the wrong thing. I'm on a DG834G.
Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 12:53:39
It's so long since I looked at a Netgear that I can't remember whether it has the option and, if it does, where it is. Sorry. :(
Title: Re: DoS attack security logs
Post by: Gary on Feb 22, 2010, 13:01:55
My DGND3300 has a setting to not respond to ICMP traffic, but my Firewall on this router has some more advanced features. I'll have a quick look in my router and find out where it is so mankatron2009 can see if he has the same section
Title: Re: DoS attack security logs
Post by: JB on Feb 22, 2010, 13:03:30
I run a linux server so that I can access my home system when abroad. The number of (aparently) automated failed attempts to get into the system (as shown in the auth log) is incredible.
Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 13:04:53
Quote from: Gary on Feb 22, 2010, 13:01:55
My DGND3300 has a setting to not respond to ICMP traffic, but my Firewall on this router has some more advanced features. I'll have a quick look in my router and find out where it is so mankatron2009 can see if he has the same section

Thanks, Gary.
Title: Re: DoS attack security logs
Post by: Gary on Feb 22, 2010, 13:11:53
The DG834 has inbuilt firewall rules to not respond, Rik I have Denial-of-service (DoS) attack prevention as well, but the DG834G is set to not respond and is fully stealthed from what I can tell, shields up should show that it does not respond as well, I had a similar router many years ago and it was fully stealthed when tested.
Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 13:12:38
 :thumb: :thumb: :)
Title: Re: DoS attack security logs
Post by: mankatron2009 on Feb 22, 2010, 13:32:13
Thanks all.

Whilst I'm here, can I just mention how much I love IDNet as an ISP? After bad experiences with Nildram and a horrific nightmare with O2 - who still persist in giving me a headache six months since I left - I have had no issues with IDNet at all and am lucky to get such good speeds out here in the sticks.

Three cheers for IDNet!  :thumb:
Title: Re: DoS attack security logs
Post by: Baz on Feb 22, 2010, 14:42:53
I have a GD834PN and had the same paranoia  ;D ;D  with help from Rik I found the setting you are looking for,maybe, is in 'Advanced' sectionthen 'WAN Set up' and in there is a tick box for 'Respond To Ping On Internet Port'. is that the one Rik.mine is unticked.

HTH
Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 15:43:03
Thanks, Baz.  :-*
Title: Re: DoS attack security logs
Post by: Rik on Feb 22, 2010, 15:43:37
Quote from: mankatron2009 on Feb 22, 2010, 13:32:13
Three cheers for IDNet!  :thumb:

We'll second that. :)
Text only | Text with Images