DOS attacks?

DJMK4 · 18 Nov 2006 at 16:06

been getting a lot of these logs in my router

Sat, 2006-11-18 15:58:35 - UDP Packet - Source:65.31.73.48,55321 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:58:35 - UDP Packet - Source:84.122.242.116,41565 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:58:59 - UDP Packet - Source:84.153.112.200,43394 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:00 - UDP Packet - Source:84.122.242.116,41565 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:15 - UDP Packet - Source:86.105.196.26,46712 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:20 - UDP Packet - Source:213.5.30.191,49152 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:21 - UDP Packet - Source:88.108.119.210,55462 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:39 - UDP Packet - Source:86.105.196.26,46712 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:41 - UDP Packet - Source:84.166.200.36,10140 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:41 - UDP Packet - Source:86.128.83.96,45732 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 15:59:54 - UDP Packet - Source:84.136.103.22,39077 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 16:01:50 - UDP Packet - Source:68.158.43.197,33600 Destination:87.127.89.*,6881 - [DOS]
Sat, 2006-11-18 16:02:39 - UDP Packet - Source:24.18.202.192,36461 Destination:87.127.89.*6881 - [DOS]
Sat, 2006-11-18 16:02:39 - UDP Packet - Source:86.194.223.165,65054 Destination:87.127.89.*,6881 - [DOS]

Not sure if thats my brother trying to download from Bit torrent (thats the ports he uses for his bT client) but the forwarding is not set-up on the router as yet.

csmager · 18 Nov 2006 at 17:52

They'll be bittorrent - it'd think they were DOS as there'll be literally hundreds of them.

Talbs13 · 19 Nov 2006 at 11:27

MAllen · 19 Nov 2006 at 13:10

Don't forget you will often get junk in your logs from the _previous_ person connected to your IP Address.

Imagine this.... Fred is logged on to the ISP using Bit Torrent. He has lots of open connections with people downloading files from him. Fred then turns off his PC. Now Charlie attaches to the same ISP and then gets allocated the IP Address Fred was using. This then means that all the people who were downloading torrents from Fred, will now try to get them from Charlie. This can look like DoS. But will only happen in the first few minutes of a connection as the attempted downloads get lots of errors and eventually time out and giveup.

I expect that is what you are seeing.

Beansprout · 19 Nov 2006 at 13:11

Oooh that's not a DoS

A DoS would do about that many packets in a split second

perplex · 19 Nov 2006 at 14:21

Thanks for your IP, now I *CAN* DoS your guts :cool:

.

Talbs13 · 19 Nov 2006 at 16:50

Do your worse >: )