DOS attacks. help please

crazyDAJT · 13 Feb 2008 at 22:48

Ok a bit worried at the moment...

I have bean having a few problems with my internet connection dropping out. have bean looking at my log files in my wireless router.

to give you a taste

Wed, 2008-02-13 23:15:41 - TCP Packet - Source:71.181.171.152,50603 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:41 - TCP Packet - Source:71.181.171.152,50608 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:41 - TCP Packet - Source:71.181.171.152,50609 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:41 - TCP Packet - Source:71.181.171.152,50604 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:41 - TCP Packet - Source:71.181.171.152,50607 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:41 - TCP Packet - Source:189.131.229.182,1629 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:47 - TCP Packet - Source:71.181.171.152,50606 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:47 - TCP Packet - Source:71.181.171.152,50607 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:47 - TCP Packet - Source:71.181.171.152,50602 Destination:my ip,37729 - [DOS]
Wed, 2008-02-13 23:15:47 - TCP Packet - Source:71.181.171.152,50603 Destination:my ip,37729 - [DOS]

me thinks this is not good.

But what can I do about it, call sky??

EDIT: there are NO P2P users on my network and no bittorant. I currently have two laptops web browsing, that is it.

crazyDAJT · 13 Feb 2008 at 23:35

Dist said:
Are you sure you havnt had any torrents running previously in the day/week? sometimes even after you close a torrent client the connections can still continue for a long time, and this is often what routers confuse as a DOS attack.

If you are sure it has nothing to do with torrents, you can try getting a new IP if you have a dynamic IP address, im not sure how sky does this if thats your ISP, but with a lot of ISPs you can simply turn your modem off for 10-15min, then turn it on again and hope youve been assigned a new IP.

No torrenting in the last months, have done a fresh install about 4 weeks ago so the softwhere isn't even on my computer. my girlfriend doesn't even know what P2P is and I have a rule of absolutely now crap on my vista desktop PC, which is only 4 weeks old.

by the looks of my logs, i have bean given about 6 different IP's in the last 24hrs.

crazyDAJT · 13 Feb 2008 at 23:59

Wed, 2008-02-13 22:47:34 - UDP Packet - Source:24.83.111.222,60011 Destination*****,15041 - [DOS]
Wed, 2008-02-13 22:47:34 - UDP Packet - Source:85.179.192.103,34915 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:47:41 - UDP Packet - Source:80.197.250.187,35798 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:48:23 - UDP Packet - Source:77.250.48.179,60000 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:48:52 - UDP Packet - Source:88.172.111.119,32781 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:48:54 - UDP Packet - Source:81.35.35.53,49152 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:48:59 - UDP Packet - Source:85.14.81.69,27292 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:49:12 - TCP Packet - Source:69.112.124.141,45687 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:49:15 - TCP Packet - Source:90.200.60.252,3250 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:49:15 - TCP Packet - Source:69.112.124.141,45687 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:49:53 - UDP Packet - Source:82.69.117.120,10208 Destination:*****,15041 - [DOS]
Wed, 2008-02-13 22:49:55 - UDP Packet - Source:82.49.28.86,38604 Destination:*****,15041 - [DOS]

sample from earlier. i had a different IP then, different attacking IP and different port

crazyDAJT · 14 Feb 2008 at 23:58

Curiosityx said:
I would be more concerned if the log was empty. The ports are randomised above the standard range it does look like a p2p tracker though, you client isnt on port 15041 is it?

i don't have any P2P clients installed, at all.

I don't seam to be getting as many at the moment anymore, I have bean having to restart my router a lot at the moment, also it is running a bit slow.

but if its random port scans I'm not too worried.

crazyDAJT · 15 Feb 2008 at 22:10

bledd. said:
what make is your router, and what type of connection do you have?

I've found linksys routers never quit..

netgear, the one that came with sky, would like to use my Belkin one, as i think its better, but i believe this is next to impossible... maybe not impossible, i just don't know how.

crazyDAJT · 15 Feb 2008 at 22:12

artaxerxes said:
BBC iPLayer and E4 use kontiki which is akin to bit torrent in in some ways... do you have either of them installed?

Nope none of these installed..

got a few more on port 137, but no where near as many as i was having