[SOLVED] getting constant ACK Flood attacks, Port Scans and others

Toggle sidebar Toggle sidebar
D

Disturbed666

Mar 6, 2019
1
0
10
This has been going on for a couple days now, noticed some connection issues (high latency in games, issues with Netflix, etc), peaked at the router logs and found this:

Code: 
Mar 06 00:07:59    Per-source ACK Flood Attack Detect (ip=172.217.165.10) Packet Dropped
Mar 06 00:07:59    Whole System ACK Flood Attack from WAN Rule:Default deny
Mar 06 00:07:59    Whole System UDP Flood Attack from WAN Rule:Default deny
Mar 06 00:06:59    Port Scan Attack Detect (ip=52.84.85.133) Packet Dropped
Mar 06 00:06:59    Per-source ACK Flood Attack Detect (ip=52.84.85.133) Packet Dropped
Mar 06 00:06:59    Whole System ACK Flood Attack from WAN Rule:Default deny
Mar 06 00:06:59    Whole System UDP Flood Attack from WAN Rule:Default deny
Mar 06 00:05:59    Per-source ACK Flood Attack Detect (ip=52.84.85.133) Packet Dropped
Mar 06 00:05:59    Whole System ACK Flood Attack from WAN Rule:Default deny
Mar 06 00:05:59    Whole System UDP Flood Attack from WAN Rule:Default deny


I have contacted my ISP twice and they insist there is nothing they can do to stop it, giving me only the usual nonsense of power cycling the modem and router, and installing anti-virus software (Canadian ISPs really don't care about their customers), I have tried disconnecting the PCs from the network and leaving the modem powered off for several hours, but within a minute of the modem reconnecting I start seeing more attacks in the router logs, where ever this attack is coming from it's being routed through servers owned by Bell, Facebook, Google, Cloudflare among others. Is there a magic word I can tell my ISP to get them to help or something (No I can't just cancel and go elsewhere, there is no other ISP available where I live), because I know there isn't much I can personally do from my tiny corner of the Internet
 
Solution
failboat
If you're looking at the WAN side all kinds of stuff will be on there. it's normal for constant attempts to gain access. your NAT should be blocking everything. be careful with any type of port forwarding, upnp, or "dmz host" settings. when you use those it's up to the host/service for protection. if you made a pc dmz host that had ssh using a weak pw. you would be owned in a few hours probably.

malware infects and spreads by constantly hitting new random targets. so it's not necessarily a targeted attack.
Sort by date Sort by votes
The ones you worry about happen constantly yours are 1 time per hour. The router is doing its job it is preventing these from getting to your pc. Someone is running port scans once a hour looking for machines to compromise. The traffic is so small it likely has not impact on your connection.
 
Upvote 0 Downvote
If you're looking at the WAN side all kinds of stuff will be on there. it's normal for constant attempts to gain access. your NAT should be blocking everything. be careful with any type of port forwarding, upnp, or "dmz host" settings. when you use those it's up to the host/service for protection. if you made a pc dmz host that had ssh using a weak pw. you would be owned in a few hours probably.

malware infects and spreads by constantly hitting new random targets. so it's not necessarily a targeted attack.
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom