Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Router Keeps Getting DDoSed


  • Please log in to reply
5 replies to this topic

#1 DezoLord

DezoLord

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 28 December 2012 - 03:36 PM

Hello.

My router keeps getting DDoSed. I checked the logs and in it shows the IP address of the DDoSer and a message saying 'ports scan UDP'. My Comodo Firewalls sometimes shows that I get 200-350 outbound connections. This isn't normal, right?

Is there any way that I can stop these attacks? I tried everything, upgraded the router software and still nothing. I tried to get a new IP address but then a few hours later another DDoS appears.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:34 AM

Posted 28 December 2012 - 06:07 PM

DDoS = (Distributed Denial of Service) or DoS(Denial of Service) attacks
Hi -
Are you an Online Game Player, as this is one of the main reasons for this ??

Doesn't matter what your firewall is doing. They're (other players) bombarding it with multple requests and causing the connections to time out, in turn getting you knocked off.
That is one possible trick they are using.

DDoS Prevention Guide A bit of help and description of DDoS for you -

Regards -
Link Edited -

Edited by noknojon, 28 December 2012 - 06:08 PM.


#3 DezoLord

DezoLord
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 29 December 2012 - 05:33 AM

Yes, I do play games online every day but even if I don't play, just browse the internet, I still get attacked by them. I run Skype and TS though. I could be getting DDoSed from there.

I tried to follow all the steps in that guide and I still get DDoSed.

It's funny because I went to my friend who lives next door and who has the same modem, we checked the logs and there were no attacks whatsoever. It's like some idiot found out what my IP address is, went to a hackers' forums and post it there saying 'hey, let's all attack this IP address from now on'.

Edited by DezoLord, 29 December 2012 - 05:39 AM.


#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 PM

Posted 29 December 2012 - 05:40 AM

My router keeps getting DDoSed. I checked the logs and in it shows the IP address of the DDoSer and a message saying 'ports scan UDP'.


A Denial Of Service implies that your router gets overloaded and that you can't use it anymore. Is this what you experience?
Is there only one IP address that does these UDP scans? And is it the same IP address when you changed the IP address of your router?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 DezoLord

DezoLord
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:34 AM

Posted 29 December 2012 - 09:27 AM

In the modem Admin Panel, the logs show a message 'ports scan UDP', then the IP address of the attacker and the 'ATTACK' message. My internet becomes very slow even if I am not watching any videos or anything like that. Sometimes it just stays like that for a while and sometimes it just crashes and my modem restarts automatically then.

No, I get attacked from different IP address, I even checked where are they from etc...

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:34 PM

Posted 29 December 2012 - 11:37 AM

UDP scans use UDP packets, and the problem with UDP is that the source IP can be easily spoofed. If UDP packets are used to DoS your router, you can never be sure of the source of these attacks just be analyzing the packets.

I would recommend you contact the helpdesk of your ISP and open a ticket: that your Internet connection is slow.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users