• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Dos Attacks

N

NeViKoo7

Banned
Hi. I have a question about DoS attacks and I thoughtl... what better place to ask.

Anyway, for the past 6 months to a year, I haven't been able to play games on my highspeed (this didn't affect me much as I had school to worry about), but now that summer is around, I would lke to get back into gaming. Only problem is that I get disconnected or lag for 20 seconds while playing games (namely CS:S, HL2 DM, Battlefield 2 Demo). This is the same problem as before, but now I decided to look into it.

I check my security log on my router (Belking 54G) and I get this:

Sat Jul 30 21:48:37 2005 1 Blocked by DoS protection 24.14.198.10
Sat Jul 30 21:48:38 2005 1 Blocked by DoS protection 69.143.210.182
Sat Jul 30 21:48:39 2005 1 Blocked by DoS protection 68.71.201.237
Sat Jul 30 21:49:09 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:50:44 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:50:48 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:51:12 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:51:17 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:51:20 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:52:41 2005 1 Blocked by DoS protection 218.83.153.58
Sat Jul 30 21:52:41 2005 1 Blocked by DoS protection 218.83.153.58
Sat Jul 30 21:53:03 2005 1 Blocked by DoS protection 202.99.172.160
Sat Jul 30 21:53:25 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:54:23 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:54:25 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:54:27 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:54:53 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:55:19 2005 1 Blocked by DoS protection 72.35.224.35
Sat Jul 30 21:56:29 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:57:08 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:57:13 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:57:26 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:58:08 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:58:13 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:58:39 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 21:59:12 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 22:00:17 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 22:02:27 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 22:03:00 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 22:03:31 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 22:03:56 2005 1 Blocked by DoS protection 10.229.104.1
Sat Jul 30 22:03:57 2005 1 Blocked by DoS protection 207.226.112.55

And I think... Hmm... this could be a problem. Do you think these DoS attacks could be the cause of my connection problems?
 
Could be.

There is some amount of "background scanning/activity" that occurs on the internet and shouldn't affect normal operation.

The thing to look for is "are you open" If so you are an easy target and will get pounded. If you have a NAT router and do not have your machine in the DMZ or have checked DMZ and what not you should be shielded from most scanning.

Best bet - make sure you haven't enabled DMZ on the router, run a personal firewall, and run a full virus/spamware scan on each and every machine.
 
Originally posted by: spidey07
Could be.

There is some amount of "background scanning/activity" that occurs on the internet and shouldn't affect normal operation.

The thing to look for is "are you open" If so you are an easy target and will get pounded. If you have a NAT router and do not have your machine in the DMZ or have checked DMZ and what not you should be shielded from most scanning.

Best bet - make sure you haven't enabled DMZ on the router, run a personal firewall, and run a full virus/spamware scan on each and every machine.
Click to expand...

Yea, I have NAT on. SP2, all that jazz (firewall disabled though for SP2, but still active on router). This happened when I had a mini-LAN party here. We could LAN, but couldn't connect to online games (everyone would lag at the same time). Could this cause the lagging? (I am argueing w/ Comcast about it right now)
 
well the possibility is there but one can expect lagging on a consumer grade internet connection. Its not a problem if there is 1 or more second latency.

we (providers) really don't care about latency on a consumer grade connection. Its not guarnteed and any number of 100 different things can cause this kind of "lagging".
 
Originally posted by: spidey07
well the possibility is there but one can expect lagging on a consumer grade internet connection. Its not a problem if there is 1 or more second latency.

we (providers) really don't care about latency on a consumer grade connection. Its not guarnteed and any number of 100 different things can cause this kind of "lagging".
Click to expand...


I am not sure that desribing it as 'lagging' is correct. Seems as if I temporarily loose connection to the server (happens to me whilst browsing websites as well). Comcast tried to get me to release and renew my local IP (no clue why), then to powercycle. Still get the attacks. I mean, more than 3 per minute is a little.. much, even for people just scanning, isn't it?
 
the "DOS Blocked" in the logs means nothing. My firewall (Linux IPTABLES) blocks between 400-1200 packets a day. Most of those are 4-6 packets aimed at messenger service (1026/1027)

I would setup a script that will check ever 10 seconds for connectivity, and track it for a week. Try with router/without (direct connection)
 
Originally posted by: nweaver
the "DOS Blocked" in the logs means nothing. My firewall (Linux IPTABLES) blocks between 400-1200 packets a day. Most of those are 4-6 packets aimed at messenger service (1026/1027)

I would setup a script that will check ever 10 seconds for connectivity, and track it for a week. Try with router/without (direct connection)
Click to expand...

How woudl I go about this?
 
Originally posted by: NeViKoo7
Originally posted by: spidey07
well the possibility is there but one can expect lagging on a consumer grade internet connection. Its not a problem if there is 1 or more second latency.

we (providers) really don't care about latency on a consumer grade connection. Its not guarnteed and any number of 100 different things can cause this kind of "lagging".
Click to expand...


I am not sure that desribing it as 'lagging' is correct. Seems as if I temporarily loose connection to the server (happens to me whilst browsing websites as well). Comcast tried to get me to release and renew my local IP (no clue why), then to powercycle. Still get the attacks. I mean, more than 3 per minute is a little.. much, even for people just scanning, isn't it?
Click to expand...

Nope, quite normal actually...
 
Originally posted by: bsobel
Originally posted by: NeViKoo7
Originally posted by: spidey07
well the possibility is there but one can expect lagging on a consumer grade internet connection. Its not a problem if there is 1 or more second latency.

we (providers) really don't care about latency on a consumer grade connection. Its not guarnteed and any number of 100 different things can cause this kind of "lagging".
Click to expand...


I am not sure that desribing it as 'lagging' is correct. Seems as if I temporarily loose connection to the server (happens to me whilst browsing websites as well). Comcast tried to get me to release and renew my local IP (no clue why), then to powercycle. Still get the attacks. I mean, more than 3 per minute is a little.. much, even for people just scanning, isn't it?
Click to expand...

Nope, quite normal actually...
Click to expand...

What else could cause connectivity to fade in and out as it is?
Weak signal to the modem (what should it be?)?
I know the router and NICs aren't to blaim as they work at other's houses.


The primary IP that gets me is 10.229.104.1. DNSStuff says it is a private IP... hmm..

Location: [Private IP]

Preparation:
The reverse DNS entry for an IP is found by reversing the IP, adding it to "in-addr.arpa", and looking up the PTR record.
So, the reverse DNS entry for 10.229.104.1 is found by looking up the PTR record for
1.104.229.10.in-addr.arpa.
All DNS requests start by asking the root servers, and they let us know what to do next.
See How Reverse DNS Lookups Work for more information.

How I am searching:
Asking e.root-servers.net for 1.104.229.10.in-addr.arpa PTR record:
e.root-servers.net says to go to blackhole-2.iana.org. (zone: 10.in-addr.arpa.)
Asking blackhole-2.iana.org. for 1.104.229.10.in-addr.arpa PTR record: Got NODATA response type 3 [from 192.175.48.42].

Answer:
There is no PTR record for 1.104.229.10.in-addr.arpa (but 1.104.229.10.in-addr.arpa is valid).

To see the reverse DNS traversal, to make sure that all DNS servers are reporting the correct results, you can Click Here.
 
well that is probably from comcasts network - they user those addresses for their internal network like all providers.

If you could see exactly what the packet is you could find how what it is (sniffer/ethereal)

As far as losing your connection periodically that is just the nature of a consumer connection - no guarantees.
 
not sure how to in batch file, but it would be basicly something like this

ping www.google.com
if ping fails, echo "connection is down, $time" > log.txt

Something along those lines, just dumping that it's down and the current time. Log this for a while, see how often it's down. I had some troubles, and I set mine to run every 5 minutes, and it's not down too often (they fixed a line problem)
 
Originally posted by: deathkoba
DOS is very outdated so no security upgrades are available! At least upgrade to Windows Server 2000 if you need to run Windows.
Click to expand...

Was this a bad attempt at a joke or did you miss the point of the entire thread?
Bill
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top