Text only | Text with Images

IDNetters Forums

Technical News & Discussion => IDNet Help => Topic started by: davej99 on Jul 22, 2010, 12:23:53

Title: My router's security alert
Post by: davej99 on Jul 22, 2010, 12:23:53
I have my netgear router set to email me security alerts, which happens very rarely.
Today I got, "UDP Packet - Source:113.194.156.234,1026 Destination:My IDNET IP Address - [DOS]."
Source seems to be in China. I guess this is quite common, but I was wondering what was going on.
:dunno:
Dave
Title: Re: My router's security alert
Post by: Steve on Jul 22, 2010, 14:56:48
I think they are quite common and the routers firewall has done its job.
Title: Re: My router's security alert
Post by: Rik on Jul 22, 2010, 15:15:58
I'd agree with Steve, Dave, the router is simply telling you it's done its job.
Title: Re: My router's security alert
Post by: psp83 on Jul 22, 2010, 16:10:44
Its nothing to worry about, my router gets loads. This is some from my router log..

QuoteMon, 2010-07-19 15:56:50 - UDP Packet - Source:76.216.36.221,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:50 - UDP Packet - Source:89.241.177.150,10731 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:68.55.8.19,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:24.46.85.32,55064 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:74.58.246.196,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:217.44.8.5,15924 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:86.10.56.157,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:188.216.205.6,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:65.100.146.232,39473 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:86.22.161.125,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:51 - UDP Packet - Source:86.29.78.35,60694 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:97.84.3.247,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:92.64.111.58,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:195.36.236.228,65409 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:90.205.107.181,34555 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:92.156.172.86,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:184.36.109.22,60190 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:52 - UDP Packet - Source:72.218.76.170,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:86.149.138.212,27197 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:68.55.8.19,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:24.46.85.32,55064 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:74.58.246.196,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:88.170.88.119,1024 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:217.44.8.5,15924 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:89.241.177.150,10731 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:65.100.146.232,39473 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:94.0.38.12,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:76.189.209.37,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:53 - UDP Packet - Source:173.58.44.192,10086 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:86.10.56.157,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:99.22.74.216,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:195.36.236.228,65409 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:86.42.200.118,28267 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:74.77.86.112,3983 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:88.140.10.171,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:54 - UDP Packet - Source:86.149.138.212,27197 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:55 - UDP Packet - Source:68.55.8.19,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:55 - UDP Packet - Source:68.9.160.181,43523 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:55 - UDP Packet - Source:88.170.88.119,1024 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:55 - UDP Packet - Source:96.252.154.142,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:55 - UDP Packet - Source:89.241.177.150,10731 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:82.37.145.63,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:76.189.209.37,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:86.10.56.157,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:95.150.13.76,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:76.110.239.239,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:82.40.0.49,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:74.77.86.112,3983 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:88.183.116.205,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:75.84.172.80,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:184.36.109.22,60190 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:56 - UDP Packet - Source:92.232.56.199,5411 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:77.100.106.107,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:94.4.208.194,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:68.33.39.84,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:88.170.88.119,1024 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:96.252.154.142,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:98.237.5.130,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:57 - UDP Packet - Source:173.24.230.26,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:99.22.74.216,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:88.140.10.171,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:88.183.116.205,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:74.79.128.52,25732 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:89.241.177.150,10731 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:86.42.200.118,28267 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:68.55.8.19,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:58 - UDP Packet - Source:184.36.109.22,60190 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:92.232.56.199,5411 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:71.82.64.153,18126 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:174.110.147.196,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:76.111.234.239,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:88.170.88.119,1024 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:98.19.83.169,61870 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:90.215.80.51,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:70.180.199.252,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:195.36.236.228,65409 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:173.24.230.26,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:56:59 - UDP Packet - Source:90.205.107.181,34555 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:00 - UDP Packet - Source:88.140.10.171,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:00 - UDP Packet - Source:89.241.177.150,10731 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:00 - UDP Packet - Source:86.42.200.118,28267 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:00 - UDP Packet - Source:79.82.156.226,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:00 - UDP Packet - Source:74.77.86.112,3983 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:00 - UDP Packet - Source:184.36.109.22,60190 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:96.2.100.105,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:71.82.64.153,18126 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:76.111.234.239,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:68.9.160.181,43523 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:70.123.158.95,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:77.204.56.49,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:24.46.85.32,55064 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:95.150.13.76,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:195.36.236.228,65409 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:01 - UDP Packet - Source:90.205.107.181,34555 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:174.110.147.196,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:88.183.116.205,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:92.232.56.199,5411 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:86.42.200.118,28267 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:212.183.51.9,62550 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:62.30.169.62,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:79.82.156.226,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:184.36.109.22,60190 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:02 - UDP Packet - Source:173.24.230.26,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:76.216.36.221,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:75.84.172.80,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:24.144.173.22,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:89.241.177.150,10731 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:86.19.102.118,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:24.46.85.32,55064 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:70.123.158.95,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:95.150.13.76,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:86.42.200.118,28267 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:03 - UDP Packet - Source:90.205.107.181,34555 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:174.110.147.196,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:155.33.106.134,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:76.14.98.111,17935 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:94.4.208.194,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:212.183.51.9,62550 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:62.30.169.62,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:04 - UDP Packet - Source:74.77.86.112,3983 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:76.216.36.221,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:173.24.230.26,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:75.84.172.80,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:24.144.173.22,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:86.19.102.118,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:24.46.85.32,55064 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:88.140.10.171,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:195.36.236.228,65409 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:05 - UDP Packet - Source:88.170.88.119,1024 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:06 - UDP Packet - Source:71.82.64.153,18126 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:06 - UDP Packet - Source:70.180.199.252,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:06 - UDP Packet - Source:76.14.98.111,17935 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:06 - UDP Packet - Source:94.4.208.194,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:06 - UDP Packet - Source:212.183.51.9,62550 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:06 - UDP Packet - Source:74.77.86.112,3983 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:07 - UDP Packet - Source:24.144.173.22,3074 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:07 - UDP Packet - Source:24.46.85.32,55064 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:07 - UDP Packet - Source:98.19.83.169,61870 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:07 - UDP Packet - Source:86.42.200.118,28267 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:07 - UDP Packet - Source:88.170.88.119,1024 Destination:***.***.***.*** - [DOS]
Mon, 2010-07-19 15:57:08 - UDP Packet - Source:90.215.80.51,3074 Destination:***.***.***.*** - [DOS]
Title: Re: My router's security alert
Post by: Rik on Jul 22, 2010, 16:30:42
That's a lot of asterisks you had to type, Paul.
Title: Re: My router's security alert
Post by: Simon on Jul 22, 2010, 16:41:29
I bet he's seeing stars now!  ;D
Title: Re: My router's security alert
Post by: Rik on Jul 22, 2010, 16:44:18
:grn:
Title: Re: My router's security alert
Post by: psp83 on Jul 22, 2010, 16:47:53
Quote from: Rik on Jul 22, 2010, 16:30:42
That's a lot of asterisks you had to type, Paul.

I cheated  :P

Ran it through a PHP script using regex to replace it  ;D
Title: Re: My router's security alert
Post by: Rik on Jul 22, 2010, 16:48:22
I thought you may have done. ;)
Title: Re: My router's security alert
Post by: Simon on Jul 22, 2010, 16:56:20
:clever:
Title: Re: My router's security alert
Post by: Steve on Jul 22, 2010, 16:56:43
I thought you must have gone and got a Mac. ;D
Title: Re: My router's security alert
Post by: Rik on Jul 22, 2010, 16:58:05
 ;D
Title: Re: My router's security alert
Post by: psp83 on Jul 22, 2010, 17:10:48
Quote from: Steve on Jul 22, 2010, 16:56:43
I thought you must have gone and got a Mac. ;D

Only Mac I'm gunna get at the mo is a Big Mac from mcdonalds ;D

But if you want to buy me a Mac then feel free to get me one  ;) :D
Title: Re: My router's security alert
Post by: davej99 on Jul 22, 2010, 20:41:52
I guess my question is who or what is trying to access my router and why.
Title: Re: My router's security alert
Post by: Glenn on Jul 22, 2010, 20:48:41
http://www.ip-adress.com/whois/113.194.156.234 is all I can get.
Title: Re: My router's security alert
Post by: Steve on Jul 22, 2010, 20:49:22
http://en.wikipedia.org/wiki/Denial-of-service_attack
Title: Re: My router's security alert
Post by: esh on Jul 22, 2010, 21:31:18
In the department, there are several hundred machines. At 11am on Monday, IP addresses from China start trying to access each and every one of them at a rate of 1 per second until 3pm, then it stops. Do not ask why. This is just life on the internet these days.

(More detailed answer: they want control of your system for spamming, or they want your credit card/password details, or they just want to screw up your computer. Or a combination thereof. If the connection requests come from many systems at once at a very high rate then they can exhaust your connection resources and 'deny' you access to the internet.)
Title: Re: My router's security alert
Post by: Niall on Jul 22, 2010, 22:16:12
I got so bored of reading about my router successfully blocking those attacks, I turned email logs off. You get them every day without fail, no matter what you do.
Title: Re: My router's security alert
Post by: klipp on Jul 23, 2010, 00:20:59
If you use peer to peer software and haven't port forwarded your allocated data port, then the router will log it as DOS which is kinda misleading.
Title: Re: My router's security alert
Post by: pctech on Jul 23, 2010, 07:52:39
Netgear router logs are very detailed but it is showing it is doing its job.

Unless you've enabled ping on the WAN port they won't get a response at all so they'll just move on but in any case they do not 'see' any ports as all ports on these routers operate as stealth so they won't get anywhere.



Title: Re: My router's security alert
Post by: Niall on Jul 23, 2010, 19:16:20
Quote from: klipp on Jul 23, 2010, 00:20:59
If you use peer to peer software and haven't port forwarded your allocated data port, then the router will log it as DOS which is kinda misleading.

The Netgear routers report them even if you do that (meaning they're genuine, not it misreports) as most of the time they are genuinely blocking these attacks.
Title: Re: My router's security alert
Post by: joll200x on Jul 25, 2010, 20:54:57
without seeing the actual payload - its difficult to say if it's a genuine DoS attack. Chances are you're perfectly safe and are just doing something normal like downloading a torrent perhaps? Basic firewalls will see multiple fast connections to your IP address as a potential DoS attack. A more advanced firewall would be able tell the difference but Netgears don't have the most full featured firewall, but still enough to do the job.
Most DoS attacks wouldn't use UDP as a transport mechanism because they're don't carry enough overhead, if you were looking to DoS a webserver, for example, you'd use TCP on port 80 in the hope of either overloading the web server itself or the firewall protecting it.
Title: Re: My router's security alert
Post by: DorsetBoy on Jul 26, 2010, 06:32:48
I would turn off the email alerts and get on with other things. That report is just the router seeing "chatter" on the net. There is a huge amount of garbage and fragment sweeps bouncing around that firewalls see and will sometimes report on, if it were an attack there would have been thousands of those reports per minute.
Title: Re: My router's security alert
Post by: davej99 on Jul 27, 2010, 09:45:53
Thanks for the insight, everyone. I now have this picture of chancers working up and down the street trying car doors hoping to find one unlocked. I get very few alerts indeed, maybe one a quarter, so I will leave the facility switched on till it becomes a pain. I guess I have an IP address that is not a target for some reason. In the past I have noticed with other ISPs, who allocate an different IP address each logon, that some attract many hits and some almost none. For me the big lesson is the importance of a strong router firewall. So thanks again. Karmas, all round.
Title: Re: My router's security alert
Post by: Rik on Jul 27, 2010, 09:52:10
I used to see that with dynamic IP addresses, Dave. It gave you a fair idea where they'd been used before.
Text only | Text with Images