I'm I getting DOS attacks on my router?

nikebee

nikebee

nikebee

Soldato
Joined
9 Nov 2004
Posts
13,984
Location
Pembrokeshire
Should I be worried...

Just spotted this in my logs, this is the second time in as many weeks these have appeared now.

Sat, 2007-10-27 15:23:40 - UDP Packet - Source:24.64.60.215,15269 Destination:*.*.*.*,1027 - [DOS]
Sat, 2007-10-27 15:23:40 - UDP Packet - Source:24.64.60.215,15269 Destination:*.*.*.*,1028 - [DOS]
Sun, 2007-10-28 03:33:20 - UDP Packet - Source:24.64.15.45,28143 Destination:*.*.*.*,1027 - [DOS]
Sun, 2007-10-28 03:33:20 - UDP Packet - Source:24.64.15.45,28143 Destination:*.*.*.*,1028 - [DOS]
Sun, 2007-10-28 10:23:54 - UDP Packet - Source:24.64.250.25,33063 Destination:*.*.*.*,1027 - [DOS]
Sun, 2007-10-28 10:23:54 - UDP Packet - Source:24.64.250.25,33063 Destination:*.*.*.*,1028 - [DOS]
Sun, 2007-10-28 14:32:23 - TCP Packet - Source:117.55.241.227,2542 Destination:*.*.*.*,135 - [DOS]
Sun, 2007-10-28 17:36:44 - Send out NTP request to time-g.netgear.com
Sun, 2007-10-28 17:36:42 - Receive NTP Reply from time-g.netgear.com
Mon, 2007-10-29 01:24:37 - UDP Packet - Source:221.1.220.36,40294 Destination:*.*.*.*,1031 - [DOS]
Mon, 2007-10-29 01:24:37 - UDP Packet - Source:221.1.220.36,40294 Destination:*.*.*.*,2 - [DOS]
Mon, 2007-10-29 01:24:37 - UDP Packet - Source:221.1.220.36,40294 Destination:*.*.*.*,4081 - [DOS]
Mon, 2007-10-29 01:24:37 - UDP Packet - Source:221.1.220.36,40294 Destination:*.*.*.*,1032 - [DOS]
Mon, 2007-10-29 05:07:50 - UDP Packet - Source:24.64.35.41,21455 Destination:*.*.*.*,1027 - [DOS]
Mon, 2007-10-29 05:07:50 - UDP Packet - Source:24.64.35.41,21455 Destination:*.*.*.*,1028 - [DOS]
Mon, 2007-10-29 16:38:47 - TCP Packet - Source:74.208.101.24,3471 Destination:*.*.*.*,5904 - [DOS]
Mon, 2007-10-29 16:38:47 - TCP Packet - Source:74.208.101.24,3472 Destination:*.*.*.*,5905 - [DOS]
Mon, 2007-10-29 16:38:47 - TCP Packet - Source:74.208.101.24,3473 Destination:*.*.*.*,5906 - [DOS]
Mon, 2007-10-29 16:38:47 - TCP Packet - Source:74.208.101.24,3474 Destination:*.*.*.*,5907 - [DOS]
Mon, 2007-10-29 16:38:47 - TCP Packet - Source:74.208.101.24,3475 Destination:*.*.*.*,5908 - [DOS]
Mon, 2007-10-29 16:38:50 - TCP Packet - Source:74.208.101.24,3468 Destination:*.*.*.*,5901 - [DOS]
Mon, 2007-10-29 16:38:50 - TCP Packet - Source:74.208.101.24,3472 Destination:*.*.*.*,5905 - [DOS]
Mon, 2007-10-29 16:38:50 - TCP Packet - Source:74.208.101.24,3471 Destination:*.*.*.*,5904 - [DOS]
Mon, 2007-10-29 16:38:50 - TCP Packet - Source:74.208.101.24,3467 Destination:*.*.*.*,5900 - [DOS]
Mon, 2007-10-29 16:38:50 - TCP Packet - Source:74.208.101.24,3469 Destination:*.*.*.*,5902 - [DOS]
Mon, 2007-10-29 19:30:22 - UDP Packet - Source:221.1.220.36,48061 Destination:*.*.*.*,2 - [DOS]
Mon, 2007-10-29 19:30:22 - UDP Packet - Source:221.1.220.36,48061 Destination:*.*.*.*,1033 - [DOS]
Mon, 2007-10-29 20:30:05 - LCP down.
Mon, 2007-10-29 20:30:36 - Initialize LCP.
Mon, 2007-10-29 20:30:36 - LCP is allowed to come up.
Mon, 2007-10-29 20:31:36 - Initialize LCP.
Mon, 2007-10-29 20:31:36 - LCP is allowed to come up.
Mon, 2007-10-29 20:32:37 - Initialize LCP.
Mon, 2007-10-29 20:32:37 - LCP is allowed to come up.
Mon, 2007-10-29 20:33:37 - Initialize LCP.
Mon, 2007-10-29 20:33:37 - LCP is allowed to come up.
Mon, 2007-10-29 20:33:47 - CHAP authentication success
Mon, 2007-10-29 20:35:46 - LCP down.
Mon, 2007-10-29 20:35:53 - Initialize LCP.
Mon, 2007-10-29 20:35:53 - LCP is allowed to come up.
Mon, 2007-10-29 20:35:59 - CHAP authentication success
Mon, 2007-10-29 21:48:09 - LCP down.
Mon, 2007-10-29 21:48:15 - Initialize LCP.
Mon, 2007-10-29 21:48:15 - LCP is allowed to come up.
Mon, 2007-10-29 21:48:19 - CHAP authentication success
Mon, 2007-10-29 21:51:29 - LCP down.
Mon, 2007-10-29 21:51:35 - Initialize LCP.
Mon, 2007-10-29 21:51:35 - LCP is allowed to come up.
Mon, 2007-10-29 21:51:40 - CHAP authentication success
Mon, 2007-10-29 22:04:50 - LCP down.
Mon, 2007-10-29 22:04:56 - Initialize LCP.
Mon, 2007-10-29 22:04:57 - LCP is allowed to come up.
Mon, 2007-10-29 22:05:00 - CHAP authentication success
Tue, 2007-10-30 23:36:51 - Administrator login successful - IP:192.168.0.2
Tue, 2007-10-30 23:37:10 - LCP down.
Tue, 2007-10-30 23:37:27 - Initialize LCP.
Tue, 2007-10-30 23:37:27 - LCP is allowed to come up.
Tue, 2007-10-30 23:37:28 - LCP down.
Tue, 2007-10-30 23:37:31 - Initialize LCP.
Tue, 2007-10-30 23:37:31 - LCP is allowed to come up.
Tue, 2007-10-30 23:37:35 - CHAP authentication success
Tue, 2007-10-30 23:45:58 - Administrator login successful - IP:192.168.0.2
Tue, 2007-10-30 23:46:05 - LCP down.
Tue, 2007-10-30 23:46:09 - Initialize LCP.
Tue, 2007-10-30 23:46:09 - LCP is allowed to come up.
Tue, 2007-10-30 23:46:16 - CHAP authentication success
Click to expand...

The router couldn't connect to the internet for a good period of time tonight, as you can see... but I'm more worried about the DOS and IP addresses at the beginning to be honest.

The *.*.*.* is of course my IP blanked out, I've got a static IP by the way.
I use it to access my machines from work... so it is needed.

Is there cause for concern, and is there anything I can do?



edit:

Poo just realised I posted this in GD... can a Mod move to networking or where-ever is appropriate. Cheers :o :)
 
Last edited:
unless you have a mortal enemy i wouldn't worry, doesn't look like a proper dos attack and it looks like your router is interpreting the hammering wrongly. if you use p2p then it could be that tthe connections arn't dying properly and are trying to still connect to your machine.

the sequential port 3471,3472 etc numbers on one of the ip's seem to be indicative of this.
 
Indeed...

Is it just the router throwing a hissy fit and making a mountain out of a mole hill perhaps?

Is is there genuine cause for concern?
 
Dogoid said:
unless you have a mortal enemy i wouldn't worry, doesn't look like a proper dos attack and it looks like your router is interpreting the hammering wrongly. if you use p2p then it could be that tthe connections arn't dying properly and are trying to still connect to your machine.

the sequential port 3471,3472 etc numbers on one of the ip's seem to be indicative of this.
Click to expand...

Hi there....
No P2P on this machine.

The only PC up and running all the time is the MediaCentre (this machine) in the living room.

With my machine out of action (borked PSU), the girlfriends on only when she needs it.

Only other things connecting to the internet would be the Wii (not right now) and the 360 (again not on).

I'm leaning towards the "It's probably nothing" side of things at the moment, but I'd rather be safe than sorry.
 
its nothing, probably other machines still trying to connect after a session of online gaming or something, you get my drift. 1 ip hammering you 10 times in a row in my book isn't a dos attack. you can sleep at night :D
 
No online gaming on the 360 (although it does go only to download demos and content), wii is online but no gaming of course...

MediaCentre is internet,tv,music,dvd's only....


But yeah sorry to be pedantic, I do understand what you mean. :)

It's probably a session from something thats hanging around (Media Centre Guide update maybe... or even a download/upload from the 360 perhaps?).

Some of them are right weird times though.

4:30pm on a Monday, all the machines in the house would be off and I'd be at work....

Hmm...
 
Looks like a port scan moving through ports sequentially like that, but that's hardly evidence of anything. Most ISPs get their IP ranges scanned regularly.
 
You must log in or register to reply here.
Back
Top Bottom