• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Router firewall blocks LOTS of DoS attempts

S

Slick5150

Diamond Member
I took a look at my router's security logs recently, and noticed it is pretty much constantly blocking DoS attacks. Here's a recent clip from the logs:

Tue Jul 5 13:56:53 2005 1 Blocked by DoS protection
Tue Jul 5 13:56:55 2005 1 Blocked by DoS protection
Tue Jul 5 13:56:55 2005 1 Blocked by DoS protection
Tue Jul 5 13:56:59 2005 1 Blocked by DoS protection
Tue Jul 5 13:57:00 2005 1 Blocked by DoS protection
Tue Jul 5 13:57:17 2005 1 Blocked by DoS protection
Tue Jul 5 13:57:17 2005 1 Blocked by DoS protection
Tue Jul 5 13:57:33 2005 1 Blocked by DoS protection
Tue Jul 5 13:57:33 2005 1 Blocked by DoS protection

They seem to originate mainly from 2 or 3 IP addresses. Is this kind of thing just normal, or is there something else going on here?
 
I would track down the IP addresses and call the ISP. Then tell them you are getting DoS attempts on your routers logs. If they are coming from over seas they might not do anything about it at all. But least you are trying to take action to help protect your network.
 
DoS stands for Denial of Service, correct? What exactly does that mean/what is this person trying to accomplish by doing it? How would I track down their ISP? Do a traceroute?

Should I be concerned, or just mildly annoyed?

Thanks for the help
 
I would check to see if the majority of them are actually coming from your ISP

Stolen from DSLReports.com:

"I beleive that the router is misconfigured and mistakenly sees DHCP broadcasts coming in from your ISPs LAN as Denial of Service attacks."
 
I would look for a verbose logging option, and see where the packets are coming from, and what port they are connecting too. I rarely get any true attacks/scans (and I report those to the abuse@domain emails). I do see ALOT of spam (500+ packets a day) aimed at the windows messenger ports, sql ports, etc.
 
Probably Regular Port noise (typical to Cable Internet).

Computers are not cognizant people just like Network Cable Unplug might indicate a problem that has nothing to do with Cable Unplugged so this noise might be labeled as DOS attack.

I usually tell end users not to look at the Router's log unless there is a very specific notable event that they need to check.

:sun:
 
Originally posted by: JackMDS
Probably Regular Port noise (typical to Cable Internet).

Computers are not cognizant people just like Network Cable Unplug might indicate a problem that has nothing to do with Cable Unplugged so this noise might be labeled as DOS attack.

I usually tell end users not to look at the Router's log unless there is a very specific notable event that they need to check.

:sun:
Click to expand...

Yeah, no need looking there. I call it "internet background noise". If the systems are secure there is no need to fret. Hosts and any public IP gets hit all the time, the scanning for vulnerabilities is constant now. always there, anytime day or night.
 
Thanks guys. I did find that one of the IPs that the router was blocking a lot from was in fact from my ISP. Not sure about the others, but I'm not going to worry about it.

 
You must log in or register to reply here.

TRENDING THREADS

Back
Top