DOS Attack - Making the internet slow!

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › DOS Attack - Making the internet slow!

sonyxperiageek

2959 posts

Uber Geek

Trusted

#139256 2-Feb-2014 16:18

I seem to be getting a lot of DOS attacks according to my Router (Netgear DGND3700v2) logs, which in turn (I think) is making the internet very slow and even timing out nearly all webpages I get to.

I even tried tracing one of the IP addresses and it came back saying it was from Symantec in the US!

How do I stop these?

Here are a sample of them:

[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:15:06
[DoS attack: ACK Scan] from source: 134.170.0.216:443 Sunday, February 02,2014 15:14:33
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:13:06
[DoS attack: RST Scan] from source: 54.243.92.111:443 Sunday, February 02,2014 15:12:07
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:11:06
[DoS attack: ACK Scan] from source: 38.127.167.38:443 Sunday, February 02,2014 15:09:46
[DoS attack: ACK Scan] from source: 38.127.167.38:443 Sunday, February 02,2014 15:07:46
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:07:06
[DoS attack: RST Scan] from source: 17.151.236.9:993 Sunday, February 02,2014 15:06:09
[DoS attack: ACK Scan] from source: 38.127.167.38:443 Sunday, February 02,2014 15:05:45
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:05:06
[DoS attack: RST Scan] from source: 54.243.92.111:443 Sunday, February 02,2014 15:04:41
[admin login] from source 192.168.0.5 Sunday, February 02,2014 15:04:00
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 15:03:58
[DoS attack: ACK Scan] from source: 199.59.148.139:443 Sunday, February 02,2014 15:03:33
[DoS attack: ACK Scan] from source: 91.190.218.62:12350 Sunday, February 02,2014 15:02:47
[DoS attack: ACK Scan] from source: 134.170.0.199:443 Sunday, February 02,2014 15:02:25
[DoS attack: ACK Scan] from source: 216.17.8.52:443 Sunday, February 02,2014 15:02:04
[DoS attack: ACK Scan] from source: 91.190.218.62:12350 Sunday, February 02,2014 15:01:42
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 15:01:18
[DoS attack: ACK Scan] from source: 143.127.93.118:80 Sunday, February 02,2014 15:00:57
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 15:00:37
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 15:00:14
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:59:48
[DoS attack: ACK Scan] from source: 199.59.148.139:443 Sunday, February 02,2014 14:59:27
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:58:37
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:58:12
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 14:57:51
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 14:57:29
[DHCP IP: (192.168.0.7)] to MAC address 00:37:6D:CA:B8:E1 Sunday, February 02,2014 14:57:12
[DoS attack: ACK Scan] from source: 119.224.143.11:443 Sunday, February 02,2014 14:57:09
[Time synchronized with NTP server time-d.netgear.com] Sunday, February 02,2014 14:56:52
[DoS attack: ACK Scan] from source: 119.224.143.25:443 Sunday, February 02,2014 14:56:48
[DoS attack: ACK Scan] from source: 216.17.8.52:443 Sunday, February 02,2014 14:56:27
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:56:04
[DHCP IP: (192.168.0.6)] to MAC address 90:B2:1F:C2:BA:B5 Sunday, February 02,2014 14:55:57
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:55:41
[DoS attack: ACK Scan] from source: 111.221.72.69:443 Sunday, February 02,2014 14:55:21
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:55:20
[DoS attack: ACK Scan] from source: 54.225.250.198:4244 Sunday, February 02,2014 14:55:19

Sony

insane

3242 posts

Uber Geek

ID Verified

Trusted

#978942 2-Feb-2014 16:20

Probably just your router giving false alarms, my old netgear used to do the same from time to time. Half those IPs in the list are Akamai anyway

johnr

19282 posts

Uber Geek
Inactive user

#978943 2-Feb-2014 16:22

No DOS attack I bet

sonyxperiageek

2959 posts

Uber Geek

Trusted

#978944 2-Feb-2014 16:23

This is the first time it has ever happened to me. After this just started, most of the web pages are timing out, or are very very slow to get to.

I've just tried Posting this a few times but it kept saying "web page unavailable".

Sony

sonyxperiageek

2959 posts

Uber Geek

Trusted

#978945 2-Feb-2014 16:24

This is one of the IPs: http://whatismyipaddress.com/ip/111.221.124.25

Sony

hio77

12999 posts

Uber Geek

ID Verified

Trusted

Lizard Networks

#978957 2-Feb-2014 17:04

sonyxperiageek: This is one of the IPs: http://whatismyipaddress.com/ip/111.221.124.25

looks to be windows update.

none of these logs appear to be legit.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

sonyxperiageek

2959 posts

Uber Geek

Trusted

#978972 2-Feb-2014 17:33

Yeah... Dunno why Netgear would include these..

Sony

michaelmurfy

meow
13271 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#978975 2-Feb-2014 17:43

Buy a Mikrotik

Problem solved.

Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

eXDee

4032 posts

Uber Geek

Trusted

#979011 2-Feb-2014 19:39

This pops up every now and then. Its a largely useless feature.
I had a laugh when i saw there was an actual DOS LED on the draytek vigor 130

hashbrown

463 posts

Ultimate Geek

#979020 2-Feb-2014 20:10

Any "scan" type activity should be classed as Reconnaissance. The fact your router classes it as DoS just shows what a sad joke the security in consumer grade routers is.

raytaylor

4017 posts

Uber Geek

Trusted

#979111 2-Feb-2014 22:55

If you had a DDOS attack, your internet connection would pretty much be unusable, and your gigabyte data usage counter would be through the roof

One of our customers' kids was in an online game and kept winning against some foreign player. He threatened to launch a DDOS against our customer's ip address - and the kid kept antagonising him. So off he went, rented a botnet and we had something like 50mbits of pings coming in over about half an hour.
Told the kid next time someone threatens a DDOS attack, he either walks away or he can find a new ISP.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

sonyxperiageek

2959 posts

Uber Geek

Trusted

#979119 2-Feb-2014 23:10

raytaylor: If you had a DDOS attack, your internet connection would pretty much be unusable, and your gigabyte data usage counter would be through the roof

One of our customers' kids was in an online game and kept winning against some foreign player. He threatened to launch a DDOS against our customer's ip address - and the kid kept antagonising him. So off he went, rented a botnet and we had something like 50mbits of pings coming in over about half an hour.
Told the kid next time someone threatens a DDOS attack, he either walks away or he can find a new ISP.

It was pretty unusable back at the time which is why I posted this in the forums. Now it seems fine, internet is back to normal speeds.

Sony