#1  
Old February 3rd, 2008, 08:04 PM
bryank bryank is offline
Junior Member
NETGEAR Newbie
 
Join Date: Feb 2008
Posts: 5
bryank is on a distinguished road
Angry attacks on router!

hell0, since i installed my router- friday, every day my router gets attacked? this is sunday/mondays log... is this normal?

[DOS attack: ACK Scan] attack packets in last 20 sec from ip [199.166.4.89], Monday, Feb 04,2008 04:58:00
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [199.166.4.89], Monday, Feb 04,2008 04:56:03
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [24.64.155.83], Monday, Feb 04,2008 04:54:06
[LAN access from remote] from 24.64.155.83:18753 to 192.168.1.20:1028 Monday, Feb 04,2008 04:54:03
[LAN access from remote] from 24.64.155.83:18753 to 192.168.1.20:1027 Monday, Feb 04,2008 04:54:03
[LAN access from remote] from 24.64.155.83:18753 to 192.168.1.20:1026 Monday, Feb 04,2008 04:54:03
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [221.208.208.91], Monday, Feb 04,2008 04:53:45
[LAN access from remote] from 221.208.208.91:49459 to 192.168.1.20:1027 Monday, Feb 04,2008 04:53:42
[LAN access from remote] from 221.208.208.91:49459 to 192.168.1.20:1026 Monday, Feb 04,2008 04:53:42
[LAN access from remote] from 221.208.208.91:49458 to 192.168.1.20:1027 Monday, Feb 04,2008 04:53:42
[LAN access from remote] from 221.208.208.91:49458 to 192.168.1.20:1026 Monday, Feb 04,2008 04:53:42
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [24.64.155.160], Monday, Feb 04,2008 04:48:18
[LAN access from remote] from 24.64.155.160:20199 to 192.168.1.20:1028 Monday, Feb 04,2008 04:48:15
[LAN access from remote] from 24.64.155.160:20199 to 192.168.1.20:1026 Monday, Feb 04,2008 04:48:15
[LAN access from remote] from 24.64.155.160:20199 to 192.168.1.20:1027 Monday, Feb 04,2008 04:48:15
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [83.46.158.100], Monday, Feb 04,2008 04:48:12
[LAN access from remote] from 83.46.158.100:2625 to 192.168.1.20:445 Monday, Feb 04,2008 04:48:09
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:46:51
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.104.71.5], Monday, Feb 04,2008 04:45:33
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:45:06
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [24.64.130.250], Monday, Feb 04,2008 04:44:57
[LAN access from remote] from 24.64.130.250:4956 to 192.168.1.20:1028 Monday, Feb 04,2008 04:44:54
[LAN access from remote] from 24.64.130.250:4956 to 192.168.1.20:1027 Monday, Feb 04,2008 04:44:54
[LAN access from remote] from 24.64.130.250:4956 to 192.168.1.20:1026 Monday, Feb 04,2008 04:44:54
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:44:51
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [24.64.236.96], Monday, Feb 04,2008 04:44:37
[LAN access from remote] from 24.64.236.96:19473 to 192.168.1.20:1027 Monday, Feb 04,2008 04:44:34
[LAN access from remote] from 24.64.236.96:19473 to 192.168.1.20:1026 Monday, Feb 04,2008 04:44:34
[LAN access from remote] from 24.64.236.96:19473 to 192.168.1.20:1028 Monday, Feb 04,2008 04:44:34
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.104.71.5], Monday, Feb 04,2008 04:43:22
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:43:06
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [66.249.93.164], Monday, Feb 04,2008 04:43:03
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.104.71.5], Monday, Feb 04,2008 04:42:55
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:42:51
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.233.183.104], Monday, Feb 04,2008 04:42:48
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [66.249.91.103], Monday, Feb 04,2008 04:42:48
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [199.166.4.89], Monday, Feb 04,2008 04:42:12
[DOS attack: UDP Port Scan] attack packets in last 20 sec from ip [24.64.165.247], Monday, Feb 04,2008 04:41:10
[LAN access from remote] from 24.64.165.247:10523 to 192.168.1.20:1028 Monday, Feb 04,2008 04:41:07
[LAN access from remote] from 24.64.165.247:10523 to 192.168.1.20:1027 Monday, Feb 04,2008 04:41:07
[LAN access from remote] from 24.64.165.247:10523 to 192.168.1.20:1026 Monday, Feb 04,2008 04:41:07
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:40:51
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.245.209.23], Monday, Feb 04,2008 04:39:33
[LAN access from remote] from 83.147.175.166:1597 to 192.168.1.20:80 Monday, Feb 04,2008 04:39:00
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.51.182], Monday, Feb 04,2008 04:38:51
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [206.82.202.46], Monday, Feb 04,2008 04:38:49
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.85.195.104], Monday, Feb 04,2008 04:38:33
[Admin login] from source 192.168.1.2, Monday, Feb 04,2008 04:38:33
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [206.82.202.46], Monday, Feb 04,2008 04:38:24
[Time synchronized with NTP server] Monday, Feb 04,2008 04:38:15
[Internet connected] IP address: 83.147.175.166, Monday, Feb 04,2008 04:38:14
[DHCP IP: (192.168.1.2)] to MAC address ##########, Monday, Feb 04,2008 04:38:12
[Internet disconnected] Monday, Feb 04,2008 04:38:10
[Initialized, firmware version: V1.0.32_1.0.32] Monday, Feb 04,2008 04:38:10
Reply With Quote
  #2  
Old February 3rd, 2008, 10:55 PM
Mars Mug's Avatar
Mars Mug Mars Mug is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: Stevenage UK
Posts: 12,487
Mars Mug is on a distinguished road
Default Re: attacks on router!

You don’t say what router you have.

If your Internet access is Cable then you could change the MAC address the router reports to the ISP, either use the router default or the PC MAC address. A change of MAC will cause the ISP to issue you with a new IP address (after a reboot of the router, and this can take several minutes). If the problem persists after that then I suggest you scan the PC for viruses/malware/spyware etc.

Do you use P2P software?

The differing source IP addresses may mean that this is legitimate traffic, and your router is blocking it anyway.
__________________
I don't work for Netgear.

My name is Andy.
Reply With Quote
  #3  
Old February 3rd, 2008, 11:39 PM
WUSBDesign WUSBDesign is offline
Senior Member
NETGEAR Expert
 
Join Date: Jan 2008
Location: UK
Posts: 325
WUSBDesign is on a distinguished road
Default Re: attacks on router!

Have a go at "Shields Up!" at www.grc.com and make sure your router is in stealth mode. Explanations are all at this said web site.
Reply With Quote
  #4  
Old February 4th, 2008, 06:11 AM
bryank bryank is offline
Junior Member
NETGEAR Newbie
 
Join Date: Feb 2008
Posts: 5
bryank is on a distinguished road
Default Re: attacks on router!

i have a new NEXT N router, i only browse web and emails, notting to extream- whats p2p?
Reply With Quote
  #5  
Old February 4th, 2008, 10:04 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: attacks on router!

Quote:
Originally Posted by bryank View Post
i have a new NEXT N router, i only browse web and emails, notting to extream- whats p2p?
p2p... torrent
Reply With Quote
  #6  
Old February 4th, 2008, 10:04 AM
Mars Mug's Avatar
Mars Mug Mars Mug is offline
Moderator
NETGEAR Fanatic
 
Join Date: Nov 2006
Location: Stevenage UK
Posts: 12,487
Mars Mug is on a distinguished road
Default Re: attacks on router!

P2P is Peer to Peer type programs like torrents. If you run a torrents program or something similar and then shut the program down its quite common to see a number of hits on your Internet connection for a period of time afterwards as other computers still try to make a connection to yours and fail.
__________________
I don't work for Netgear.

My name is Andy.
Reply With Quote
  #7  
Old August 25th, 2008, 03:45 PM
NetgearLegacyUser NetgearLegacyUser is offline
Junior Member
NETGEAR Newbie
 
Join Date: Aug 2008
Posts: 2
NetgearLegacyUser is on a distinguished road
Default Re: attacks on router!

I used a free software utility (whoami? from visualware)that shows IP info and local and public IP address as well as DNS servers that are in use.

What I found interesting is that the IP that checks out to be Netgear came up as a DNS server when I do not use it for my ISP DNS server, nor do I have a different third party DNS server (not even the worlds fastest and most popular one) all I have in use are DNS servers that my ISP use that I was told to use.

So why does the Netgear DNS IP show up? 206.82.202.46

Also the first post in the thread shows the same IP address to be the one doing the DDOS attacks. Why?

http://private.dnsstuff.com/tools/wh...=206.82.202.46
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 05:28 PM.