DOS Attack

Brumboy · 29 Apr 2011 at 22:50

Alright something weird has been going on in the past few days, I've been a vitctim of Dos attacks.

Here is a log from my router:

[DOS Attack] : 1 [Teardrop] packets detected in last 20 seconds, source ip [88.115.245.32]
Thursday, Apr 28,2011 08:17:23
[DOS Attack] : 1 [ACK Scan] packets detected in last 20 seconds, source ip [92.123.154.223]
Thursday, Apr 28,2011 00:14:47
[DOS Attack] : 1 [FIN Scan] packets detected in last 20 seconds, source ip [92.123.154.223]
Tuesday, Apr 26,2011 23:39:05
[DOS Attack] : 1 [ACK Scan] packets detected in last 20 seconds, source ip [92.123.154.119]
Tuesday, Apr 26,2011 23:35:55
[Admin login] from source 192.168.0.2, Tuesday, Apr 26,2011 23:33:10

Anyone know why this is happening and what might be doing this?

I've considered emailing my ISP and changing my IP address. The only forum I visit is this one so not sure why this is happening to me!

Brumboy · 29 Apr 2011 at 22:57

Rroff said:
Doubt its a DOS attack targetted at you, router DOS detection is fairly strict and easily tripped, its probably just some random bot scanning PCs for open ports and other weaknesses or the person who had that IP last was connected to a lot of torrents and they are still clearing connections, etc.

Right that makes sense. I am constantly downloading torrents so that is probably it. Just thought it was weird when I checked my router log

Any tips to prevent this? I only have the standard Windows firewall.

Brumboy · 2 May 2011 at 19:39

Alright can anyone give me advice on what to do? it's really annoying now. I'm being disconnected every hour, can barely download anything and browse sites. I've emailed my ISP and they have changed my IP address. Is there anything else I can do? I'm using Windows Firewall and Microsoft Security Essentials. My brother uses a laptop, could that have anything to do with it?

[Admin login] from source 192.168.0.2, Monday, May 02,2011 18:34:30
[DOS Attack] : 103 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:34:12
[DOS Attack] : 3 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:32:40
[DOS Attack] : 5 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:31:57
[DOS Attack] : 154 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:31:33
[DOS Attack] : 3 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:31:09
[DOS Attack] : 4 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:30:22
[DOS Attack] : 45 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:30:01
[DOS Attack] : 4 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:29:39
[DOS Attack] : 3 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:27:22
[DOS Attack] : 53 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:27:01
[DOS Attack] : 10 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:26:37
[DOS Attack] : 10 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:25:49
[DOS Attack] : 63 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:25:28
[DOS Attack] : 32 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:25:06
[DOS Attack] : 27 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:22:05
[Admin login] from source 192.168.0.2, Monday, May 02,2011 18:20:52
[DOS Attack] : 1 [STORM] packets detected in last 20 seconds, source ip [192.168.0.2]
Monday, May 02,2011 18:20:35

Brumboy · 2 May 2011 at 23:24

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Ross>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 127.0.0.1:49844 127.0.0.1:80 SYN_SENT
TCP 127.0.0.1:56682 127.0.0.1:56683 ESTABLISHED
TCP 127.0.0.1:56683 127.0.0.1:56682 ESTABLISHED
TCP 127.0.0.1:56684 127.0.0.1:56685 ESTABLISHED
TCP 127.0.0.1:56685 127.0.0.1:56684 ESTABLISHED
TCP 192.168.0.2:49450 75.176.53.121:63691 ESTABLISHED
TCP 192.168.0.2:49527 116.15.26.188:55887 ESTABLISHED
TCP 192.168.0.2:49577 142.167.166.92:54126 TIME_WAIT
TCP 192.168.0.2:49639 95.211.88.54:80 TIME_WAIT
TCP 192.168.0.2:49658 209.85.143.104:80 ESTABLISHED
TCP 192.168.0.2:49667 193.107.16.156:2710 TIME_WAIT
TCP 192.168.0.2:49669 209.85.143.104:80 ESTABLISHED
TCP 192.168.0.2:49686 94.228.210.86:6969 TIME_WAIT
TCP 192.168.0.2:49694 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49695 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49696 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49698 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49700 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49708 69.237.48.255:23116 ESTABLISHED
TCP 192.168.0.2:49720 93.184.221.133:80 LAST_ACK
TCP 192.168.0.2:49721 93.184.221.133:80 LAST_ACK
TCP 192.168.0.2:49722 93.184.221.133:80 LAST_ACK
TCP 192.168.0.2:49723 93.184.221.133:80 LAST_ACK
TCP 192.168.0.2:49724 93.184.221.133:80 LAST_ACK
TCP 192.168.0.2:49734 193.107.209.242:2710 TIME_WAIT
TCP 192.168.0.2:49739 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49740 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49746 95.211.88.49:80 TIME_WAIT
TCP 192.168.0.2:49776 72.19.49.245:23315 ESTABLISHED
TCP 192.168.0.2:49777 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49778 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49779 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49780 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49781 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49782 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49783 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49784 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49786 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49788 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49789 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49793 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49794 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49795 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49797 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49801 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49812 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49813 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49815 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49816 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49818 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49819 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49821 91.151.218.11:80 TIME_WAIT
TCP 192.168.0.2:49828 94.228.210.47:6969 SYN_SENT
TCP 192.168.0.2:49829 80.236.122.63:33609 SYN_SENT
TCP 192.168.0.2:49830 209.85.143.101:80 ESTABLISHED
TCP 192.168.0.2:49832 208.73.210.29:6997 SYN_SENT
TCP 192.168.0.2:49833 93.103.129.64:61099 SYN_SENT
TCP 192.168.0.2:49834 117.194.196.220:59351 LAST_ACK
TCP 192.168.0.2:49837 89.107.187.165:6969 SYN_SENT
TCP 192.168.0.2:49838 66.29.81.115:80 SYN_SENT
TCP 192.168.0.2:49839 178.21.22.110:2710 SYN_SENT
TCP 192.168.0.2:49840 218.145.160.136:8080 SYN_SENT
TCP 192.168.0.2:49841 69.43.160.175:6969 SYN_SENT
TCP 192.168.0.2:64749 207.46.124.202:80 ESTABLISHED
TCP 192.168.0.2:65125 24.56.200.140:49694 FIN_WAIT_1
TCP 192.168.0.2:65126 184.79.233.190:48732 ESTABLISHED
TCP [2001:0:4137:9e76:24aa:48c:a1e1:cae0]:49703 [2001:0:4137:9e76:308a:1f7
a:e7c7:3773]:49694 ESTABLISHED
TCP [2001:0:4137:9e76:24aa:48c:a1e1:cae0]:49836 [2001:0:5ef5:79fd:2493:35f
a:2a41:3716]:47758 ESTABLISHED
TCP [2001:0:4137:9e76:24aa:48c:a1e1:cae0]:49842 [2001:0:4137:9e76:1035:16a
7:a17b:adec]:58513 SYN_SENT
TCP [2001:0:4137:9e76:24aa:48c:a1e1:cae0]:49843 [2002:7680:507::7680:507]:
46250 SYN_SENT

I've barely been able to do anything today, the internet speed drops every 2-3 minutes. I have to click "refresh" in the wireless network tray to make the internet do anything. I've restarted the router several times. I have no idea what could be causing this, it's extremely frustrating. Hope someone can help

Brumboy · 2 May 2011 at 23:28

Alright I'll do that now then. I've scanned my computer with a few spyware/virus/malware programs and I've not got any viruses.

Brumboy · 2 May 2011 at 23:35

C:\Users\Ross>netstat -n

Active Connections

Proto Local Address Foreign Address State
TCP 192.168.0.2:50272 192.168.0.1:5000 TIME_WAIT

I download torrents a lot and I've never had this problem before, I haven't changed any settings on utorrent or my router so I can't understand why my internet is messing up like this

Any idea what could be wrong mate?

Brumboy · 2 May 2011 at 23:42

Yeah it did a few times about a hour ago. I click a webpage, part of it loads, then it stops. I then click the little refresh icon when I click the wireless tray icon and the rest of the web page loads. Then it just hangs there and I have to wait a minute for the internet to come back or restart my router. When I have utorrent open my torrent speeds go up and down a lot (from 550kb to 30kb)

Brumboy · 2 May 2011 at 23:51

How I do that? I've gone into firewall rules on my netgear router and there's nothing there. Is there anything else I need to do mate?

Brumboy · 2 May 2011 at 23:54

Netgear Wireless ADSL2+ Modem Router DG834G

Brumboy · 3 May 2011 at 00:06

Alright then, I've disabled a few things on my router and my internet seems to be more stable now but I'll have to wait and see if it's like this tomorrow. Cheers for the help though mate and yeah I'll contact my ISP if this continues