Seems like I get hit with DOS attack every other day. Have a Netgear WR2000 with WPA2 setup.
When I search the ip's some of them are facebook, 4chan, wallbase, 4walled, rapidshare, filesonic, fileserve, etc. How do I prevent or block DOS Attacks? A better router or what? Im a noob when it comes to networking.
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
1266050703201.jpg
You personally get hit with a DOS attack every other day?
Well not every other day but at least 3 times a week. Atleast that's what my router tells me.
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
i noticed an increase in attacks too. mine come from 2 companies in china and 2 in russia as well as photobucket
it doesn't look like they getting through. i had some port scans too.
with DoS attacks there is not much you can do, even with another router unless you got with some super expensive enterprise class router/ firewall
DJ Falcone 2x Technics SL1200 MK5, Behringer DJX750 Mixer, Alienware m17 laptop.
What leads you to believe they are DoS attacks? These are usually attacks on a service you are hosting (web, usually). If you can, post a section of your log. I'm interested in seeing what's happening. Do you have the router settings accessible from externally? Someone might be trying to break in and mess with you... Post logs and I'll see what I can offer as an amateur...
Desktop (and Cruncher #1):AMD Phenom II x6 1090T @ 4.03Ghz | Gigabyte MA790FXT-UD5P (F8n) | G.Skill Ripjaws 2x4GB @ 9-9-9-24-1T 1680MHz | Radeon HD 5850 & 5830 | Silverstone ST75F 750W | 60GB OCZ Vertex 2 3x1TB WD RE3 (Raid 5) | Lian Li PC-A70B
Cruncher (#2): Intel Core I7 920 (stock) | EVGA X58 SLI | G.Skill Pi 3x2GB | 2x Radeon HD 6870 | Corsair HX850 | Some Janky HDD | LanCool PC-K7
Cruncher (#3): Intel Core I7 2600k (stock) | BioStar TH67+ | G.Skill Ripjaws 2x4GB | Antec Basiq550 | Some Janky HDD | Antec 300
Server: Intel Atom | 2x2GB DDR3 | ThermalRight TR2-430 | Some Less Janky Laptop HDD | Fractal Core-1000
Mobile: Lenovo X120e
Yea all of the attacks are on port 80 (web service) I don't host any server or anything. Yea I can access my router settings threw the internet. (routerlogin.com) I have change the password to login in as well.
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
Ok. Are you on a static IP from your ISP? If so, see if you can get it changed. Maybe someone is poking around in your area of IP addresses, looking for an open box? I would be lead to believe that your router is somehow advertising that port 80 is open, so people, or bots, are trying to get in. I used to get people trying to hack a bsd box I had, and I'd look at the logs and they ran a bunch of dictionary scripts to try to log in as user of some sort. I would look at your router settings and make sure that it's not allowing remote access to the router config. I used to do a lot of port and IP scanning at home and find people's routers open all over the place. The default settings for the dsl provider was to leave both the web interface on port 80, and a telnet interface on port 21 open, and only a few people changed access or the password. How many hits are you getting every other day? 10, 100, 100000? a DoS would be in the range of the last there, if not more probably. I'm suggesting that there is something leading these computers to your router. The website you linked to is a support page for Netgear, not a router config page...
Try this:
1. Go to http://www.whatismyip.com/
2. Type that IP address into your browser window, and note what comes up
3. If something comes up, then something's facing the internet from your router, and might be subject to spiders, scanners, script kiddies, and other internet bugs
Sorry if I am assuming too low of a level of information for you. Let me know how it goes!
Desktop (and Cruncher #1):AMD Phenom II x6 1090T @ 4.03Ghz | Gigabyte MA790FXT-UD5P (F8n) | G.Skill Ripjaws 2x4GB @ 9-9-9-24-1T 1680MHz | Radeon HD 5850 & 5830 | Silverstone ST75F 750W | 60GB OCZ Vertex 2 3x1TB WD RE3 (Raid 5) | Lian Li PC-A70B
Cruncher (#2): Intel Core I7 920 (stock) | EVGA X58 SLI | G.Skill Pi 3x2GB | 2x Radeon HD 6870 | Corsair HX850 | Some Janky HDD | LanCool PC-K7
Cruncher (#3): Intel Core I7 2600k (stock) | BioStar TH67+ | G.Skill Ripjaws 2x4GB | Antec Basiq550 | Some Janky HDD | Antec 300
Server: Intel Atom | 2x2GB DDR3 | ThermalRight TR2-430 | Some Less Janky Laptop HDD | Fractal Core-1000
Mobile: Lenovo X120e
I dont know if I have a static IP.
Get about 2 to 3 attacks, and once in a great while the attacks (20 attacks) wont stop, so I unplug the modem and restart my router.
I turned off UPnP?
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
Got two attacks today.
[DoS Attack: ACK Scan] from source: 199.59.165.24, port 80, Wednesday, September 21,2011 18:35:39
[DoS Attack: ACK Scan] from source: 199.59.165.24, port 80, Wednesday, September 21,2011 18:15:58
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
Ok... That means that you devices on your network won't automagically detect each other for services. Did you try the thing I suggested by getting your Internet facing IP address and going to it in a web browser? That will tell you if your router (or something else on your network) is putting something out toward the Internet (and maybe causing people to sniff you out). Just to make things clear, you are getting 2-3 DoS attacks a day, or 2-3 single hits on port 80 a day? I would say that's probably a normal occurrence (well kinda, probably some script kiddies port scanning). A real DoS attack would be a few magnitudes higher, and probably cripple your Internet connection. You could try security through obfuscation. By this I mean you could make your router ignore pings and other queries that may reveal a machine is connected at that IP. Do you have any new software installed, that may be a fraud and trying to allow someone to get control of your system?
Desktop (and Cruncher #1):AMD Phenom II x6 1090T @ 4.03Ghz | Gigabyte MA790FXT-UD5P (F8n) | G.Skill Ripjaws 2x4GB @ 9-9-9-24-1T 1680MHz | Radeon HD 5850 & 5830 | Silverstone ST75F 750W | 60GB OCZ Vertex 2 3x1TB WD RE3 (Raid 5) | Lian Li PC-A70B
Cruncher (#2): Intel Core I7 920 (stock) | EVGA X58 SLI | G.Skill Pi 3x2GB | 2x Radeon HD 6870 | Corsair HX850 | Some Janky HDD | LanCool PC-K7
Cruncher (#3): Intel Core I7 2600k (stock) | BioStar TH67+ | G.Skill Ripjaws 2x4GB | Antec Basiq550 | Some Janky HDD | Antec 300
Server: Intel Atom | 2x2GB DDR3 | ThermalRight TR2-430 | Some Less Janky Laptop HDD | Fractal Core-1000
Mobile: Lenovo X120e
Im getting single attacks and I had 2 attacks that stopped the internet.
And I did what you said and nothing came up.
Some others that have hit.
66.220.151.72
81.8.63.26
199.59.165.24
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
Not a true DoS attack (flood) the router is analyzing traffic and for some reason whoever wrote its software mis-labeled a port scan (ACK Scan, which can be a single packet) as a DoS attack, two very different things. Still something is hitting your router with potentially hostile traffic, fortunately, your router is capable of seeing this and most likely is automatically IP blocking the source.
Yeah.. this is normal activity on the webPeople looking for devices to compromise scan entire IP ranges with the hopes of getting lucky.
I dont think its blocking the ips from doing it again, because Ill been hit a couple of times by the same Ip.Originally Posted by G H Z
Now on AVG 2011 if I go to a site like 4chan or 4walled or wallbase, AVG with detect tracking cookies?
GIGABYTE 790XT - AMD 955 3.4Ghz - CM V8 - OCZ Reaper 8GB 1500Mhz - Sapphire 4890 2GB 950/1125
Posting Permissions
Reply With Quote
Bookmarks