Should my router be suffering this many DoS attacks?

retribution

retribution

retribution

Associate
Joined
23 May 2004
Posts
715
Location
Southampton/Beverley
My main Netgear DG834PN router often grinds to a slow. Looking at the logs, it suffers DoS attacks from different IP addresses every few seconds or so. The router seems to slow in correlation with these attacks.

So are they likely to actually be attacks? Anything I can do to stop them? (I'm guessing the router 'stops' them itself, but the pressure of them slows it down?)

Thanks
 
If you are using p2p and running a dht then there will be a lot of attempts to connect to you. Check the ports that are being targetted.
 
OK, I've looked into them a little closer. 15 minutes ago there were 10 DoS attacks in two seconds, all UDP packets going to port 17694.

This mean anything? I no little about ports/packets/etc :p

I'm pretty sure it won't just be torrents/p2p, as I've forward these ports and created exceptions for them etc, so they turn up on the logs just as 'matches' for an accepted service. Any other things it could be?

Thanks for your help
 
Last edited:
It's almost certainly something you're running slowing the router down, and all the "DoS attacks" are just the router's way of trying to make sense of that.
 
Difficult to know what programs are running in the background that could be causing it because it's a shared network with 7 other pcs/laptops on it.

Is it most likely that it will be a program someone is running that is causing it?

The last 30 minutes have been ridiculously slow.

This is what it looks like in the logs:

Fri, 2008-01-18 12:40:10 - UDP Packet - Source:69.70.201.206,62470 Destination:[my ip address],39174 - [DOS]

Every few seconds, another one crops up, from a different source with a different IP and port, always UDP and always (this time) to port 39174. Yesterday they were going to port 17964, but that was less frequent.

It's the different IP addresses and ports that confuse me, surely if it was p2p, then most of the addresses would be using the same port?

Thanks again
 
Always a different source IP address and port, always the same destination port, 39174. Been going on for two hours now.

Thanks for the reply
 
If you're using UPnP, then your router may have a log of what ip is using what port. Then you can at least narrow it down to the PC.

I still bet on p2p.
 
did you close and reopen your torrent client recently? Some clients like utorrent can randomize the port you use each time it starts up, and so incomming connections would be trying to connect to the wrong port. Also if you close the torrent client, there would still be many people (hundreds, if not thousands depending on the torrent) trying to connect to you and failing since you no longer have the client open.

retribution said:
It's the different IP addresses and ports that confuse me, surely if it was p2p, then most of the addresses would be using the same port?
Thanks again
Click to expand...

p2p can use whatever ports it wants (within reason), different clients would use different ports by default, and some clients even randomize the ports used, which is why different IPs use different ports.
 
Last edited:
Ok last time when it was happening, I rebooted the router and the DoS 'attacks' stopped, although this may have been a coincidence. They've started again, still port 39174, and rebooting this time hasn't made a difference.

There are two of us on the network that use P2P. I use ABC, which I've set up rules for etc in the router, and that uses port 32807. My housemate uses Azureus, and he has set it up to run on 51372. But like I said, I'm clueless as to how TCP/UDP works so maybe it could still be P2P? If it is, how can I stop it?

Raves: I'm not sure if I'm using UPnP, i'm not knowingly.

Thanks again!
 
You must log in or register to reply here.
Back
Top Bottom