PDA

View Full Version : DoS attempts to my network


trigggl
07-23-11, 04:03 PM
Somehow, someone got my address and is trying to DoS me. The first attempt was on port 823 and subsequent attacks have been on 123. Anyone have any suggestions on what I should do about it if anything. My internet has been sluggish and unresponsive all day. I think I'll shut DynDNS off for a little while and pull a new address from Comcast.
Mr. Hankey
07-23-11, 04:23 PM
That should work great... until you re-enable dns
Bok
07-23-11, 04:32 PM
Contact your ISP and have them block it?

Do you run a firewall, smoothwall or something like that which can filter and drop the packets. Doesn't totally fix the problem but stops them getting any further at least.

Happens all the time to everyone though, I get it almost daily at times.
trigggl
07-23-11, 05:20 PM
Contact your ISP and have them block it?

Do you run a firewall, smoothwall or something like that which can filter and drop the packets. Doesn't totally fix the problem but stops them getting any further at least.

Happens all the time to everyone though, I get it almost daily at times.

As is usual with this sort of thing, it's coming from multiple addresses. This is from my router log.


[DoS Attack: RST Scan] from source: 204.13.248.152, port 60358, Saturday, July 23,2011 15:10:35
[DoS Attack: ACK Scan] from source: 188.40.175.125, port 80, Saturday, July 23,2011 14:53:49
[DoS Attack: ACK Scan] from source: 204.13.248.152, port 62210, Saturday, July 23,2011 14:53:03
[DoS Attack: ACK Scan] from source: 204.13.248.152, port 64711, Saturday, July 23,2011 14:50:55
[DoS Attack: ACK Scan] from source: 204.13.248.152, port 52646, Saturday, July 23,2011 14:48:47
[DoS Attack: ACK Scan] from source: 204.13.248.152, port 53754, Saturday, July 23,2011 14:46:39
[DoS Attack: ACK Scan] from source: 204.13.248.152, port 62866, Saturday, July 23,2011 14:44:31
[DoS Attack: ACK Scan] from source: 204.13.248.152, port 59790, Saturday, July 23,2011 14:42:29
[DoS Attack: ACK Scan] from source: 128.237.157.10, port 80, Saturday, July 23,2011 13:24:19
[DoS Attack: ACK Scan] from source: 129.123.104.64, port 80, Saturday, July 23,2011 13:14:44
[DoS Attack: TCP/UDP Chargen] from source: 72.26.125.125, port 123, Saturday, July 23,2011 12:55:52
[DoS Attack: TCP/UDP Chargen] from source: 64.73.32.134, port 123, Saturday, July 23,2011 12:55:23
[DoS Attack: TCP/UDP Chargen] from source: 208.75.88.4, port 123, Saturday, July 23,2011 12:54:31
[DoS Attack: TCP/UDP Chargen] from source: 69.50.219.51, port 123, Saturday, July 23,2011 12:44:45
[DoS Attack: Ascend Kill] from source: 64.22.125.169, port 123, Saturday, July 23,2011 12:08:10
[DoS Attack: Ascend Kill] from source: 72.18.205.157, port 123, Saturday, July 23,2011 12:07:05
[DoS Attack: TCP/UDP Echo] from source: 64.73.32.134, port 123, Saturday, July 23,2011 12:02:35
[DoS Attack: TCP/UDP Echo] from source: 72.26.125.125, port 123, Saturday, July 23,2011 12:01:55
[DoS Attack: TCP/UDP Echo] from source: 208.75.88.4, port 123, Saturday, July 23,2011 12:01:45
[DoS Attack: ACK Scan] from source: 134.161.240.170, port 873, Saturday, July 23,2011 10:26:56

I assume this isn't a normal frequency of attacks.