#1  
Old July 31st, 2010, 02:17 PM
iGirl iGirl is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 18
iGirl is on a distinguished road
Default N300 - WNR2000v2 - Dos Attack: STORM - problem?

We have a newly installed WLAN router and I'm just making sure we are not leaving any gaps in security.

These are these Dos Attack message i'm seeing in the log.
Wondering if this activity is a concern or not? Bots? Google?
I checked and IPs 192.168.1.x all seemed to be linked to the manufacturers of routers.

Below is a paste from the log - Our IP address has been replaced in the log with xx.xxx.xx.xx -

[Admin login] from source 192.168.1.2, Saturday, Jul 31,2010 13:05:41
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 13:00:33
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 13:00:09
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 12:59:47
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 12:44:04
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 12:43:32
[DHCP IP: (192.168.1.3)] to MAC address 00:17:31:36:7E:8D, Saturday, Jul 31,2010 12:36:38
[Internet connected] IP address: xx.xxx.xx.xx, Saturday, Jul 31,2010 12:36:33
[DHCP IP: (192.168.1.5)] to MAC address 00:0D:4B:4C:12:41, Saturday, Jul 31,2010 08:38:45
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 05:04:24
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 05:03:50
[DHCP IP: (192.168.1.2)] to MAC address 00:26:08:0B:8C:46, Saturday, Jul 31,2010 04:17:00
[DHCP IP: (192.168.1.3)] to MAC address 00:17:31:36:7E:8D, Saturday, Jul 31,2010 00:36:31
[Internet connected] IP address: xx.xxx.xx.xx, Saturday, Jul 31,2010 00:36:18
Reply With Quote
  #2  
Old July 31st, 2010, 02:28 PM
NetGearUser84 NetGearUser84 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 279
NetGearUser84 is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

Is your router password protected ?

The 192.168.1.2 in your logs is a device connected to your router.
Reply With Quote
  #3  
Old July 31st, 2010, 02:45 PM
iGirl iGirl is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 18
iGirl is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

Quote:
Originally Posted by jmizoguchi View Post
Whole log here then -

[Admin login] from source 192.168.1.2, Saturday, Jul 31,2010 13:05:41
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 13:00:33
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 13:00:09
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 12:59:47
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 12:44:04
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 12:43:32
[DHCP IP: (192.168.1.3)] to MAC address 00:17:31:36:7E:8D, Saturday, Jul 31,2010 12:36:38
[Internet connected] IP address: 98.150.37.96, Saturday, Jul 31,2010 12:36:33
[DHCP IP: (192.168.1.5)] to MAC address 00:0D:4B:4C:12:41, Saturday, Jul 31,2010 08:38:45
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 05:04:24
[DoS attack: STORM] attack packets in last 20 sec from ip [192.168.1.2], Saturday, Jul 31,2010 05:03:50
[DHCP IP: (192.168.1.2)] to MAC address 00:26:08:0B:8C:46, Saturday, Jul 31,2010 04:17:00
[DHCP IP: (192.168.1.3)] to MAC address 00:17:31:36:7E:8D, Saturday, Jul 31,2010 00:36:31
[Internet connected] IP address: 98.150.37.96, Saturday, Jul 31,2010 00:36:18
Reply With Quote
  #4  
Old July 31st, 2010, 02:48 PM
iGirl iGirl is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 18
iGirl is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

Quote:
Originally Posted by NetGearUser84 View Post
Is your router password protected ?

The 192.168.1.2 in your logs is a device connected to your router.
Yes, the router is password protected - no external WiFi snoopers can get in AFAIK.

I haven't changed the router administrative password yet - but that's coming in just a bit.
Reply With Quote
  #5  
Old July 31st, 2010, 02:56 PM
iGirl iGirl is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 18
iGirl is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

Router : 192.168.1.1
DNS Servers: "" "" "" (May change to open DNS)
IPv4 address : 192.168.1.2




Running from OSX 10.6.4
Reply With Quote
  #6  
Old July 31st, 2010, 03:39 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

are you running torrents?
Reply With Quote
  #7  
Old July 31st, 2010, 04:43 PM
iGirl iGirl is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 18
iGirl is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

No torrents running, no virus software.

I have a couple of things like Yahoo Messenger, Google Notifier, Mail running as well as Safari and a few windows, but just closed many to be sure.

No Chat, Skype or other programs... Little Snitch is running and I'm not seeing much activity. The only other I/O thing I have running in the background is Dropbox, but that seems to be on a different IP, although it lists the broadcast host as 192.168.1.2

Lastly, How about file sharing? I have AFP and SMB set up.
Reply With Quote
  #8  
Old July 31st, 2010, 04:58 PM
NetGearUser84 NetGearUser84 is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 279
NetGearUser84 is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

It's something on your network. So if you're sure there are no unauthorized users/systems connected to your router and you're completely sure your system(s) are not infected with any type of virus/spyware/malware then it's nothing to worry about. If you really want to figure out what's causing it you'll want to only allow one system on the network at a time and see what's running on there.
Reply With Quote
  #9  
Old July 31st, 2010, 05:12 PM
iGirl iGirl is offline
Junior Member
NETGEAR Newbie
 
Join Date: Jul 2010
Posts: 18
iGirl is on a distinguished road
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

"virus/spyware/malware"

! Light bulb goes off -

The only other thing then is my husband's PC - it could be infected with something - even just sitting idle, running. Will shut it down next week after he is gone to a client's and then will follow up. (He needs it "on" currently for remote access...)

Thanks everyone - this has been a very friendly, helpful and responsive board!
Reply With Quote
  #10  
Old July 31st, 2010, 08:29 PM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: N300 - WNR2000v2 - Dos Attack: STORM - problem?

Quote:
Originally Posted by iGirl View Post
"virus/spyware/malware"

! Light bulb goes off -

The only other thing then is my husband's PC - it could be infected with something - even just sitting idle, running. Will shut it down next week after he is gone to a client's and then will follow up. (He needs it "on" currently for remote access...)

Thanks everyone - this has been a very friendly, helpful and responsive board!
look for the IP on pC

ipconfig. if the IP 192.168.1.2 then likely it is coming from the PC with virus related
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 07:09 AM.