Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




2594 posts

Uber Geek
+1 received by user: 311

Trusted

# 139256 2-Feb-2014 16:18
Send private message

I seem to be getting a lot of DOS attacks according to my Router (Netgear DGND3700v2) logs, which in turn (I think) is making the internet very slow and even timing out nearly all webpages I get to.

I even tried tracing one of the IP addresses and it came back saying it was from Symantec in the US! 

How do I stop these?

Here are a sample of them:

 [DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:15:06
[DoS attack: ACK Scan] from source: 134.170.0.216:443 Sunday, February 02,2014 15:14:33
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:13:06
[DoS attack: RST Scan] from source: 54.243.92.111:443 Sunday, February 02,2014 15:12:07
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:11:06
[DoS attack: ACK Scan] from source: 38.127.167.38:443 Sunday, February 02,2014 15:09:46
[DoS attack: ACK Scan] from source: 38.127.167.38:443 Sunday, February 02,2014 15:07:46
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:07:06
[DoS attack: RST Scan] from source: 17.151.236.9:993 Sunday, February 02,2014 15:06:09
[DoS attack: ACK Scan] from source: 38.127.167.38:443 Sunday, February 02,2014 15:05:45
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:05:06
[DoS attack: RST Scan] from source: 54.243.92.111:443 Sunday, February 02,2014 15:04:41
[admin login] from source 192.168.0.5 Sunday, February 02,2014 15:04:00
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 15:03:58
[DoS attack: ACK Scan] from source: 199.59.148.139:443 Sunday, February 02,2014 15:03:33
[DoS attack: ACK Scan] from source: 91.190.218.62:12350 Sunday, February 02,2014 15:02:47
[DoS attack: ACK Scan] from source: 134.170.0.199:443 Sunday, February 02,2014 15:02:25
[DoS attack: ACK Scan] from source: 216.17.8.52:443 Sunday, February 02,2014 15:02:04
[DoS attack: ACK Scan] from source: 91.190.218.62:12350 Sunday, February 02,2014 15:01:42
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 15:01:18
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:00:57
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 15:00:37
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 15:00:14
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:59:48
[DoS attack: ACK Scan] from source: 199.59.148.139:443 Sunday, February 02,2014 14:59:27
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:58:37
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:58:12
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 14:57:51
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 14:57:29
[DHCP IP: (192.168.0.7)] to MAC address 00:37:6D:CA:B8:E1 Sunday, February 02,2014 14:57:12
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 14:57:09
[Time synchronized with NTP server time-d.netgear.com] Sunday, February 02,2014 14:56:52
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:56:48
[DoS attack: ACK Scan] from source: 216.17.8.52:443 Sunday, February 02,2014 14:56:27
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:56:04
[DHCP IP: (192.168.0.6)] to MAC address 90:B2:1F:C2:BA:B5 Sunday, February 02,2014 14:55:57
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:55:41
[DoS attack: ACK Scan] from source: 111.221.72.69:443 Sunday, February 02,2014 14:55:21
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:55:20
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:55:19




Create new topic
2355 posts

Uber Geek
+1 received by user: 413

Trusted
Subscriber

  # 978942 2-Feb-2014 16:20
2 people support this post
Send private message

Probably just your router giving false alarms, my old netgear used to do the same from time to time. Half those IPs in the list are Akamai anyway

19282 posts

Uber Geek
+1 received by user: 2600
Inactive user


  # 978943 2-Feb-2014 16:22
Send private message

No DOS attack I bet

 
 
 
 




2594 posts

Uber Geek
+1 received by user: 311

Trusted

  # 978944 2-Feb-2014 16:23
Send private message

This is the first time it has ever happened to me. After this just started, most of the web pages are timing out, or are very very slow to get to.

I've just tried Posting this a few times but it kept saying "web page unavailable".






2594 posts

Uber Geek
+1 received by user: 311

Trusted

'That VDSL Cat'
10481 posts

Uber Geek
+1 received by user: 2520

Trusted
Spark
Subscriber

  # 978957 2-Feb-2014 17:04
Send private message

sonyxperiageek: This is one of the IPs: http://whatismyipaddress.com/ip/111.221.124.25


 looks to be windows update.

none of these logs appear to be legit.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




2594 posts

Uber Geek
+1 received by user: 311

Trusted

  # 978972 2-Feb-2014 17:33
Send private message

Yeah... Dunno why Netgear would include these..




Mr Snotty
8728 posts

Uber Geek
+1 received by user: 4635

Moderator
Trusted
Lifetime subscriber

 
 
 
 


4025 posts

Uber Geek
+1 received by user: 1076

Trusted

  # 979011 2-Feb-2014 19:39
3 people support this post
Send private message

This pops up every now and then. Its a largely useless feature.
I had a laugh when i saw there was an actual DOS LED on the draytek vigor 130

463 posts

Ultimate Geek
+1 received by user: 131


  # 979020 2-Feb-2014 20:10
2 people support this post
Send private message

Any "scan" type activity should be classed as Reconnaissance.  The fact your router classes it as DoS just shows what a sad joke the security in consumer grade routers is. 

3360 posts

Uber Geek
+1 received by user: 716

Trusted

  # 979111 2-Feb-2014 22:55
Send private message

If you had a DDOS attack, your internet connection would pretty much be unusable, and your gigabyte data usage counter would be through the roof

One of our customers' kids was in an online game and kept winning against some foreign player. He threatened to launch a DDOS against our customer's ip address - and the kid kept antagonising him. So off he went, rented a botnet and we had something like 50mbits of pings coming in over about half an hour.
Told the kid next time someone threatens a DDOS attack, he either walks away or he can find a new ISP.





Ray Taylor
Taylor Broadband (rural hawkes bay)
www.ruralkiwi.com

There is no place like localhost
For my general guide to extending your wireless network Click Here






2594 posts

Uber Geek
+1 received by user: 311

Trusted

  # 979119 2-Feb-2014 23:10
Send private message

raytaylor: If you had a DDOS attack, your internet connection would pretty much be unusable, and your gigabyte data usage counter would be through the roof

One of our customers' kids was in an online game and kept winning against some foreign player. He threatened to launch a DDOS against our customer's ip address - and the kid kept antagonising him. So off he went, rented a botnet and we had something like 50mbits of pings coming in over about half an hour.
Told the kid next time someone threatens a DDOS attack, he either walks away or he can find a new ISP.



It was pretty unusable back at the time which is why I posted this in the forums. Now it seems fine, internet is back to normal speeds.




Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Dunedin selects Telensa to deliver smart street lighting for 15,000 LEDs
Posted 18-Jul-2019 10:21


Sprint announces a connected wallet card with built-in IoT support
Posted 18-Jul-2019 08:36


Educational tool developed at Otago makes international launch
Posted 17-Jul-2019 21:57


Symantec introduces cloud access security solution
Posted 17-Jul-2019 21:48


New Zealand government unveils new digital service to make business easier
Posted 16-Jul-2019 17:35


Scientists unveil image of quantum entanglement
Posted 13-Jul-2019 06:00


Hackers to be challenged at University of Waikato
Posted 12-Jul-2019 21:34


OPPO Reno Z now available in New Zealand
Posted 12-Jul-2019 21:28


Sony introduces WF-1000XM3 wireless headphones with noise cancellation
Posted 8-Jul-2019 16:56


Xero announces new smarter tools, push into the North American market
Posted 19-Jun-2019 17:20


New report by Unisys shows New Zealanders want action by social platform companies and police to monitor social media sites
Posted 19-Jun-2019 17:09


ASB adds Google Pay option to contactless payments
Posted 19-Jun-2019 17:05


New Zealand PC Market declines on the back of high channel inventory, IDC reports
Posted 18-Jun-2019 17:35


Air New Zealand uses drones to inspect aircraft
Posted 17-Jun-2019 15:39


TCL Electronics launches its first-ever 8K TV
Posted 17-Jun-2019 15:18



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.