DOS attacks in my Netgear router log

DJMK4

DJMK4

DJMK4

Soldato
Joined
1 Dec 2004
Posts
23,047
Location
S.Wales
Seems iv been getting a few DOS security attacks in my netgear routers log. Is this something to be worried about or is it simply telling me that the firewall has blocked these attacks?

UDP Packet - Source:***.***.***.***,54551 Destination:192.168.0.4,38113 - [DOS]
UDP Packet - Source:***.***.***.***,54551 Destination:192.168.0.4,38113 - [DOS]
UDP Packet - Source:***.***.***.***.3,54551 Destination:192.168.0.4,38113 - [DOS]
UDP Packet - Source:***.***.***.***,49765 Destination:192.168.0.4,38113 - [DOS]
UDP Packet - Source:***.***.***.***,6881 Destination:192.168.0.4,38113 - [DOS]
 
It's blocked connection attempts. Could well be the leave-overs of whoever 192.168.0.4 is having using a p2p program recently.
 
I had the same sort of messages on my netgear router when using torrents. Even long after you close the torrent, and even if you close the port it was using, people who were on the same tracker could still be trying to connect for hours, sometimes even days, before their client realizes you are no longer available on that torrent.

Just ignore it, chances are its doing no harm and wont slow your connection down. If it does, simply turn the router off for a while, turn it back on and hope its stoped (or depending what connection you are on, you can simply get a new IP which will mean it will have stopped for sure)
 
Last edited:
My UTorrent client is left running even if I have no torrents running, this is because I load it on windows startup. Dont suppose it really makes a difference but i might close it from now on if im not using it.
 
bugger im getting those attacks right now as i type and its damn annoying, would turning off the router help? i mean with the change of ip?
 
DragonWoLf said:
bugger im getting those attacks right now as i type and its damn annoying, would turning off the router help? i mean with the change of ip?
Click to expand...
Rebooting the router might help but you'd be better off firstly trying to work out from the logs what was leaving the ports open. If you're running p2p software then check what port it's running on and see if that ties up with the ports that the traffic is on that's in your logs. Your router should allow you to web into it and see what ports are open (likely to be in a UPnP section). This should tie in with the p2p program you're using. If so, check how your p2p program chooses what port to use. If it's dynamic then simply restart the program and it should start using a different port which should help.

Hope that all makes sense, it's amazing how difficult it is to explain in writing something that seems simple in your head!!!!
 
05 September 2008 17:26:43 Unrecognized attempt blocked from 213.213.249.8:21164 to UDP port 51242
05 September 2008 17:26:43 Unrecognized attempt blocked from 80.193.154.57:58778 to TCP port 51242
05 September 2008 17:26:43 Unrecognized attempt blocked from 190.96.7.177:61170 to UDP port 51242
05 September 2008 17:26:44 Unrecognized attempt blocked from 62.201.93.83:2965 to TCP port 51242
05 September 2008 17:26:44 Unrecognized attempt blocked from 84.236.116.134:4152 to TCP port 51242
05 September 2008 17:26:44 Unrecognized attempt blocked from 65.96.131.244:53385 to TCP port 51242
05 September 2008 17:26:45 Unrecognized attempt blocked from 89.123.175.205:61147 to TCP port 51242
05 September 2008 17:26:45 Unrecognized attempt blocked from 70.123.172.16:63257 to TCP port 51242

Sure these are a tad more malicious. Havent ran any p2p etc. cant find what port 51242 is used for, i assume just a random port?

Had like 4 of these messages per second since my router connected to the net.
 
are you sure you haven't run any p2p at all? because ive had connection attempts hours, sometimes even days, after i closed my p2p program.

If its not slowing your connection down at all, then its nothing to worry about and chances are its not malicious.
 
You must log in or register to reply here.
Back
Top Bottom