Results 1 to 4 of 4
  1. #1
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    UK
    Posts
    298
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Denial Of Service Attacks

    OK ...

    I have this weird issue (well I think it's weird) concerning my router (a 108 Mb wireless) which I set up to send me reports of any DoS attacks made against my IP (which is static). Initially I'd get maybe 10 or 20 or these things a day but more recently I am getting much higher numbers, a couple of nights ago I got over 700 of the things in my e-mail.

    Here is an example:

    <hr>ROUTER *Security Alert* [C1:08:09] Inbox
    myemail@gmail.com
    TCP Packet - Source:85.89.73.166,3273 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:80.177.169.246,37325 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:85.89.73.166,3273 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:70.185.133.95,2070 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:142.177.210.177,61311 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:80.177.169.246,37325 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:202.72.100.156,61745 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:85.89.73.166,3273 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:85.124.175.75,10683 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:62.241.236.187,1868 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:60.224.44.20,3823 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:87.194.31.206,54011 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:84.3.130.143,4944 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:83.108.155.221,29347 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:82.197.5.159,24228 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:68.38.97.224,2081 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:83.180.13.157,3371 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:68.38.97.224,2081 Destination:<MyIPAddress>,10000 - [DOS]
    TCP Packet - Source:71.14.5.90,2771 Destination:<MyIPAddress>,10000 - [DOS]<hr>

    Obviously this is a router hardware issue, nothing has (as far as I know) penetrated beyond it but what I want to know is firstly do I need to be concerned and secondly is there anything I can do about it?

    Thanks

    Kyu

  2. #2
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Denial Of Service Attacks

    Do you offer any services to web-based users that might have become popular with numerous people all at the same time? For example, file sharing, torrent downloads, etc. I don't know what port 10000 is normally used for, but were you offering any services on that port?

    (Generally speaking, these kinds of email alerts might not be worth getting unless you find that legitimate users are having difficulty accessing your servers.)

  3. #3
    3 Star Lounger
    Join Date
    Apr 2002
    Location
    UK
    Posts
    298
    Thanks
    6
    Thanked 0 Times in 0 Posts

    Re: Denial Of Service Attacks

    To my knowledge no ... I do use Bittorrent though.

    Kyu

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Denial Of Service Attacks

    I think the design of Bittorrent is that everyone grabs part of the file and then shares that part to others to save load on the host server. Thus, the pattern you saw may well be related to a torrent download. I don't use the stuff myself, so I can't experiment.

    The next time you download, you could run out a list of ports on your system to see whether there's a match between your listening port and the incoming requests. To do that:
    <hr>Start button, run, cmd <enter>

    netstat -bn

    netstat -an<hr>
    The first list will show all active connection with the [program.exe] file that created the connection listed. The second list will show ports on which something is listening, but which might not currently have an active connection. I think there are better tools for this, perhaps identified on the Software board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •