#1  
Old January 6th, 2011, 09:06 AM
ranthony ranthony is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 73
ranthony is on a distinguished road
Default [DoS Attack: ACK Scan]

I'm seeing frequent Dos attacks in my router log file. The IP's all come from known addresses, one from my job while connected via citrix, one from my blackberry from rcp.na.blackberry.com - 216.9.242.89 and often from internal IP's from devices on my local Lan.

Also, where do I set the time on the WNDR3700? The logs indicate an incorrect time. For instance I see the login, [admin login] from source 192.168.1.2, Thursday, January 06,2011 10:03:37 which is me but the time is wrong.

Thanks
Reply With Quote
  #2  
Old January 6th, 2011, 09:14 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: [DoS Attack: ACK Scan]

Try disable SPI under wan setup and see if log will be different

You may see port scan instead of SPi


You fix your time issue with time zone also in the router interface
Usually under schedule tab
Reply With Quote
  #3  
Old January 6th, 2011, 09:54 AM
ranthony ranthony is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 73
ranthony is on a distinguished road
Default Re: [DoS Attack: ACK Scan]

Quote:
Originally Posted by jmizoguchi View Post
Try disable SPI under wan setup and see if log will be different

You may see port scan instead of SPi


You fix your time issue with time zone also in the router interface
Usually under schedule tab
Thanks. The time has been corrected.

Nothing is checked under WAN Setup. Are you suggesting I check, Disable SIP ALG beneath NAT Filtering?
Reply With Quote
  #4  
Old January 6th, 2011, 10:01 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: [DoS Attack: ACK Scan]

Look for port scan
Reply With Quote
  #5  
Old January 6th, 2011, 10:09 AM
ranthony ranthony is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 73
ranthony is on a distinguished road
Default Re: [DoS Attack: ACK Scan]

Quote:
Originally Posted by jmizoguchi View Post
Look for port scan
I see, Disable Port Scan and DoS Protection which is not checked.
Reply With Quote
  #6  
Old January 6th, 2011, 10:53 AM
ranthony ranthony is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 73
ranthony is on a distinguished road
Default Re: [DoS Attack: ACK Scan]

Looks good now, thanks
Reply With Quote
  #7  
Old January 6th, 2011, 10:57 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: [DoS Attack: ACK Scan]

okay,,, figure that was it.. nice to have port scan but if you have third party firewall as alternative on pc,would be helpful for you
Reply With Quote
  #8  
Old January 6th, 2011, 11:10 AM
Devor's Avatar
Devor Devor is offline
Senior Member
NETGEAR Addict
 
Join Date: Dec 2010
Location: Ffynnon Garw
Posts: 1,997
Devor is on a distinguished road
Default Re: [DoS Attack: ACK Scan]

Hmm, I don't understand why one would want to disable "Port Scan and DoS Protection". Is it because it tidies up the log?

Seems to me you want that enabled for security reasons and the log is telling you that it's good that you had it enabled. I've seen a couple log entries appear in the log like ranthony mentioned, but from China, the USA and other countries. I presumed that my network was safer having "Port Scan and DoS Protection" enabled. Is this not the case?
Reply With Quote
  #9  
Old January 6th, 2011, 11:15 AM
jmizoguchi's Avatar
jmizoguchi jmizoguchi is offline
Junior Member
 
Join Date: Feb 2007
Location: Kentucky, USA
Posts: 0
jmizoguchi is an unknown quantity at this point
Default Re: [DoS Attack: ACK Scan]

usually china is the worse on hitting US network... if ones can have firewall on PC, they can uncheck it wishes but should not effect the usage of those in the log unless is creates issue of not able to use BB or connect to work...
Reply With Quote
  #10  
Old January 6th, 2011, 11:28 AM
ranthony ranthony is offline
Junior Member
NETGEAR Newbie
 
Join Date: Oct 2010
Posts: 73
ranthony is on a distinguished road
Default Re: [DoS Attack: ACK Scan]

Quote:
Originally Posted by Devor View Post
Hmm, I don't understand why one would want to disable "Port Scan and DoS Protection". Is it because it tidies up the log?

Seems to me you want that enabled for security reasons and the log is telling you that it's good that you had it enabled. I've seen a couple log entries appear in the log like ranthony mentioned, but from China, the USA and other countries. I presumed that my network was safer having "Port Scan and DoS Protection" enabled. Is this not the case?
Good point. I thought about the same and left it unchecked so that I'm aware if someone else hits me. Thx
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -8. The time now is 06:23 AM.