Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- BT Business Community
- Archive
- Re: Help - DOS attack
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Help - DOS attack
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
I've got a netgear DG834 router with a SmoothWall box behind it managing a VPN.
I keep getting attacked by what the Netgear router thinks is a DOS attack. The biggest attacks occur in the mornings which result in disconnection from the internet. I've got 8 static IP addresses and as you can see from the log, all 8 are being tested using different ports.
There's more than one attacker;
The IP address of one attacker is in spamhaus blacklist for spam and seems to originate from France. When I try the IP in a web browser using HTTPS, I get a Microsoft Exchange 2003 webmail login page. If I try the IP in Remote Desktop, I get a Windows Server 2003 login screen.
Another IP address originates from England and is listed in an offensive database for "Unserviced Port Request or part of a DDOS attack".
I replaced the router with another netgear DG834 but it also disconnects from the internet during the attack. I also tried replacing it with a Draytek 2820n but this router completely crashes during the attack.
I'm aware there's attacks across the internet all the time and providing we all have firewalls, they generally can be ignored but the problem I've got is it causes the internet to drop so we loose internet/VPN/email until I can restart the router.
0
Kudos
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Highlight
- Report Inappropriate Content
I've edited out the first part of my IP address for security reasons. I can post more logs if requested
Sat, 2011-10-22 14:43:57 - TCP Packet - Source:68.171.16.17,1411 Destination:00.00.00.235,5903 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1443 Destination:00.00.00.235,5907 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1463 Destination:00.00.00.235,5910 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1457 Destination:00.00.00.235,5909 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1517 Destination:00.00.00.236,5906 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1525 Destination:00.00.00.236,5907 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1554 Destination:00.00.00.236,5910 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1563 Destination:00.00.00.237,5900 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1603 Destination:00.00.00.237,5905 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1636 Destination:00.00.00.237,5909 - [DOS]
Sat, 2011-10-22 14:43:58 - TCP Packet - Source:68.171.16.17,1655 Destination:00.00.00.238,5901 - [DOS]
Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1700 Destination:00.00.00.238,5906 - [DOS]
Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1737 Destination:00.00.00.239,5900 - [DOS]
Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1745 Destination:00.00.00.239,5901 - [DOS]
Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1759 Destination:00.00.00.239,5903 - [DOS]
Sat, 2011-10-22 14:43:59 - TCP Packet - Source:68.171.16.17,1784 Destination:00.00.00.239,5906 - [DOS]
Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sat, 2011-10-22 14:49:31 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sat, 2011-10-22 15:45:50 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sat, 2011-10-22 21:49:41 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sun, 2011-10-23 01:40:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sun, 2011-10-23 02:48:49 - TCP Packet - Source:72.71.49.20,37694 Destination:00.00.00.238,22 - [DOS]
Sun, 2011-10-23 02:48:49 - TCP Packet - Source:72.71.49.20,37695 Destination:00.00.00.239,22 - [DOS]
Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sun, 2011-10-23 04:10:13 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sun, 2011-10-23 08:00:45 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sun, 2011-10-23 11:56:00 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sun, 2011-10-23 13:52:38 - TCP Packet - Source:94.169.235.159 Destination:00.00.00.233 - [PORT SCAN]
Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sun, 2011-10-23 15:33:49 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Sun, 2011-10-23 19:18:23 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Mon, 2011-10-24 02:25:54 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Mon, 2011-10-24 03:02:07 - TCP Packet - Source:221.215.106.147,17347 Destination:00.00.00.239,4899 - [DOS]
Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Mon, 2011-10-24 04:51:11 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59503 Destination:00.00.00.232,5910 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59507 Destination:00.00.00.233,5900 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59509 Destination:00.00.00.233,5901 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59515 Destination:00.00.00.233,5903 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59520 Destination:00.00.00.233,5904 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59525 Destination:00.00.00.233,5906 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59543 Destination:00.00.00.234,5901 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59561 Destination:00.00.00.234,5907 - [DOS]
Mon, 2011-10-24 05:51:08 - TCP Packet - Source:62.193.228.154,59581 Destination:00.00.00.235,5903 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59599 Destination:00.00.00.235,5909 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59621 Destination:00.00.00.236,5905 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59639 Destination:00.00.00.237,5900 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59659 Destination:00.00.00.237,5907 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59677 Destination:00.00.00.238,5902 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59695 Destination:00.00.00.238,5908 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59717 Destination:00.00.00.239,5904 - [DOS]
Mon, 2011-10-24 05:51:09 - TCP Packet - Source:62.193.228.154,59735 Destination:00.00.00.239,5910 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59501 Destination:00.00.00.232,5909 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59503 Destination:00.00.00.232,5910 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59507 Destination:00.00.00.233,5900 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59509 Destination:00.00.00.233,5901 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59515 Destination:00.00.00.233,5903 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59521 Destination:00.00.00.233,5905 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59539 Destination:00.00.00.234,5900 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59561 Destination:00.00.00.234,5907 - [DOS]
Mon, 2011-10-24 05:51:11 - TCP Packet - Source:62.193.228.154,59586 Destination:00.00.00.235,5904 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59599 Destination:00.00.00.235,5909 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59621 Destination:00.00.00.236,5905 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59639 Destination:00.00.00.237,5900 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59659 Destination:00.00.00.237,5907 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59677 Destination:00.00.00.238,5902 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59695 Destination:00.00.00.238,5908 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59717 Destination:00.00.00.239,5904 - [DOS]
Mon, 2011-10-24 05:51:12 - TCP Packet - Source:62.193.228.154,59731 Destination:00.00.00.239,5909 - [DOS]
Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,445 - [DOS]
Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.235,1433 - [DOS]
Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,135 - [DOS]
Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,445 - [DOS]
Mon, 2011-10-24 06:10:32 - TCP Packet - Source:213.246.181.180,6000 Destination:00.00.00.234,1433 - [DOS]
Mon, 2011-10-24 06:58:43 - LCP down.
Mon, 2011-10-24 06:58:50 - Initialize LCP.
Mon, 2011-10-24 06:58:51 - LCP is allowed to come up.
Mon, 2011-10-24 06:59:51 - Initialize LCP.
Mon, 2011-10-24 06:59:51 - LCP is allowed to come up.
Mon, 2011-10-24 07:00:52 - Initialize LCP.
Mon, 2011-10-24 07:00:52 - LCP is allowed to come up.
Mon, 2011-10-24 07:01:53 - Initialize LCP.
Mon, 2011-10-24 07:01:53 - LCP is allowed to come up.
Mon, 2011-10-24 07:02:53 - Initialize LCP.
Mon, 2011-10-24 07:02:53 - LCP is allowed to come up.
Mon, 2011-10-24 07:03:54 - Initialize LCP.
Mon, 2011-10-24 07:03:54 - LCP is allowed to come up.
Mon, 2011-10-24 07:04:55 - Initialize LCP.
Mon, 2011-10-24 07:04:55 - LCP is allowed to come up.
Mon, 2011-10-24 07:05:55 - Initialize LCP.
Mon, 2011-10-24 07:05:55 - LCP is allowed to come up.
Mon, 2011-10-24 07:06:56 - Initialize LCP.
Mon, 2011-10-24 07:06:56 - LCP is allowed to come up.
Mon, 2011-10-24 07:07:57 - Initialize LCP.
Mon, 2011-10-24 07:07:57 - LCP is allowed to come up.
Mon, 2011-10-24 07:34:41 - Administrator login successful - IP:00.00.00.233
Mon, 2011-10-24 07:34:59 - Initialize LCP.
Mon, 2011-10-24 07:34:59 - LCP is allowed to come up.
0
Kudos
