Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple DoS Attacks in Netgear Router Log, Unusual Internet activity


  • Please log in to reply
45 replies to this topic

#1 Arstone112

Arstone112

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 02 December 2010 - 03:49 AM

Hi. As of the last month or so, I have been noticing very irregular problems with my internet connection. Sometimes at very random occasions, my computers internet is cut out. If I disable and re-enable my network LAN adapter, the problem automatically fixes itself. However, perhaps a day down the track or a few hours later, it may happen again. Lately the problem has been becoming increasingly abnormal. I've been noticing slower speeds on World of Warcraft (the online game I play) as well as random disconnects from it. I've also noticed as of late some disconnects from Ventrilo on its own (being unable to connect back to it for a couple of minutes). During these times, sometimes either all of the internet on my computer or simply some programs and websites wont load. (For example, during a time when I was getting extremely frequent disconnects from World of Warcraft, I was also finding it tough to get a good connection to the affiliated websites with the game).

Today I logged into my router and had a look at the logs, and noticed that there were alot of very unusual pieces of information which said "DoS Attack".

For example, here is just a couple from the log:

[DoS Attack: RST Scan] from source: 174.1.185.198, port 49810, Wednesday, December 01,2010 10:55:46
[DoS Attack: RST Scan] from source: 72.187.176.59, port 3724, Wednesday, December 01,2010 10:55:07
[DoS Attack: RST Scan] from source: 68.14.157.42, port 44049, Wednesday, December 01,2010 10:54:52
[DoS Attack: RST Scan] from source: 24.92.108.20, port 3724, Wednesday, December 01,2010 10:54:29
[DoS Attack: RST Scan] from source: 71.83.93.144, port 50144, Wednesday, December 01,2010 10:54:16
[DoS Attack: RST Scan] from source: 173.19.248.60, port 3724, Wednesday, December 01,2010 10:54:13

[DoS Attack: ACK Scan] from source: 90.223.232.93, port 80, Wednesday, December 01,2010 09:22:53
[DoS Attack: ACK Scan] from source: 87.82.51.93, port 80, Wednesday, December 01,2010 09:22:45
[DoS Attack: RST Scan] from source: 138.108.22.10, port 80, Wednesday, December 01,2010 09:22:43
[DoS Attack: ACK Scan] from source: 87.82.51.93, port 80, Wednesday, December 01,2010 09:22:33

These ones below are all the same IP, not sure what that might mean:

[DoS Attack: RST Scan] from source: 138.108.22.10, port 80, Thursday, December 02,2010 09:54:38
[DoS Attack: RST Scan] from source: 138.108.22.10, port 80, Thursday, December 02,2010 09:44:37
[DoS Attack: RST Scan] from source: 138.108.22.10, port 80, Thursday, December 02,2010 09:34:37
[DoS Attack: RST Scan] from source: 138.108.22.10, port 80, Thursday, December 02,2010 09:24:37


There are MANY others. From what I can see, these all range from different IP addresses (except the last few) and I've no idea what it means. I do not understand if these issues are related or not. I have a Firewall turned on, as well as several anti virus. I can not confirm if the problem is localized to this PC. I've tried uninstalling and reinstalling ethernet drivers, resetting my router, etc. This however, does not explain why there are supposed DoS attacks in my router log and wether or not they are related. I am using Windows 7 64-Bit and a Netgear Router

If anyone could please help me, it would be great. This is really stressing me out and I am not sure wether or not to be worried... Thankyou so much for your response

Edited by Arstone112, 02 December 2010 - 08:22 AM.


BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 04 December 2010 - 05:03 PM

I cant imagine why someone would attempt to DDOS you. Are you using any torrent or P2P apps?

#3 fgeelo

fgeelo

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 December 2010 - 08:20 PM

This is unusual. I dont know wether or not it would be a cause for concern.

Edited by fgeelo, 04 December 2010 - 08:23 PM.


#4 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 04 December 2010 - 08:22 PM

I cant imagine why someone would attempt to DDOS you. Are you using any torrent or P2P apps?


Thanks for your reply, Grinler.

None at all. There have been people in this household using them in the past, but to the best of my knowledge that has not been for weeks, or months. The only thing I can think of that I use is the Blizzard Downloader, which I hear uses P2P technology? I am not sure.

Any further help is appreciated.

Edited by Arstone112, 04 December 2010 - 08:28 PM.


#5 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 05 December 2010 - 10:33 AM

Many firewalls see P2P connections as DDOS attacks due to the very large amount and small packet connections that these types of programs cause. Blizzard downloader appears to be using BitTorrent, so you may want to disable the option to use P2P with it and see if that resolves the issue.

#6 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 05 December 2010 - 07:02 PM

Thanks for your reply, Grinler.

I don't know. Is this the kind of thing that only happens whilst the P2P programs are in use? Because overnight I am still seeing DoS attacks in my routers log, even when my computer is off and I am not even using any kind of program like that. (Most of the time even when my computer is on, I'm not even using Blizzard Downloader)

Any further help is appreciated.

#7 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 05 December 2010 - 08:41 PM

Could be that its categorizing it as a dos scan, but you are just being portscanned. Portscanning is normal and nothing you can do about.

Is it the same IP address ddosing you every night?

#8 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 05 December 2010 - 09:30 PM

Thanks for your reply, Grinler.

From a quick scan through the logs, it would seem that *most* of the IP's are all different. I can't say for sure what IP's were recorded during the night, as my routers date and time settings appear to be off. I will have to record it tonight and see what happens. The only time I saw something specifically that had a similair IP, was in the logs I posted in my first post. (The last few).

So I'll get to having a look at that after I go to bed tonight. Until then, do you believe these would be linked to internet connectivity issues?

Thanks for your continued support, I'd be lost without your help!

#9 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 05 December 2010 - 09:35 PM

No i think these are simple port scans being performed on your computer, as well has 100s of thousands per night. Basically script kiddies run tools that scan large portions of IP space in hopes of finding vulnerable targets. Your firewall software is seeing them, blocking them, and stating that they are a possible ddos attack. They can most likely be ignored.

#10 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 06 December 2010 - 04:25 AM

Internet cut out randomly again today. Windows Troubleshooting took about 1 minute, turns up no results. Once again, fixed it by resetting my LAN adapter on my PC. Internet still alot slower than usual.

This is really frustrating :S

I've disabled my network adapter from going into sleep mode due to power consumption, as I've heard that's a problem sometimes. So apart from that, I don't know what to do. I *believe* it was just my PC that was affected by this, and not the entire network. I am not 100% sure, but I believe so.

Thanks for your help.

Edited by Arstone112, 06 December 2010 - 06:16 AM.


#11 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 06 December 2010 - 09:32 AM

Are you on a public IP address or a internal ip (192.168.x)

#12 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 06 December 2010 - 07:50 PM

How would I check that?

#13 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 06 December 2010 - 09:12 PM

Ahh this is a netgear router and not a software firewall. Then you are on a internal ip.

Which netgear router do you have? 3700?

#14 Arstone112

Arstone112
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:05:38 PM

Posted 06 December 2010 - 11:46 PM

Uh, yes, a WNDR3700. How did you guess?

Just had another disconnection before. It happened just as I opened dxdiag.exe, not sure if it was a coincidence. Swapped ethernet cables this time, to see if it was a problem with that. Unusual thing that happened was, when I connected the new cord, it immediately reconnected, then cut out, then reconnected. (This still doesn't indicate if its fixed the problem, though) But yeah, weird behavior.

#15 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:38 PM

Posted 07 December 2010 - 10:52 AM

I have the WNDR3700 and when you mentioned internet disconnects and netgear it was an easy jump to that conclusion. I too get occasional disconnects, but mostly with wireless devices. Disconnects with this router, though, are not uncommon. Have you been upgrading the firmware on it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users