Router Log? LOTS of DoS attacks recieved????

TikTok12

Commendable
Jun 11, 2016
3
0
1,510
It started today, it just got me on edge because the log reports seemed to relate to the times that my internet completely disconnected aswell.

I have heard that they can be false reports, but i dont think so this time as the internet does infact cut out.

This is basically what it looks like:

[DoS attack: RST Scan] from source: 216.58.220.138:443 Saturday, June 11,2016 20:28:16
[DoS attack: RST Scan] from source: 216.58.199.42:443 Saturday, June 11,2016 20:26:42
[DoS attack: ACK Scan] from source: 161.69.226.21:443 Saturday, June 11,2016 20:24:35
[DoS attack: ACK Scan] from source: 161.69.226.21:443 Saturday, June 11,2016 20:24:13
[DoS attack: ACK Scan] from source: 103.36.84.12:80 Saturday, June 11,2016 20:22:30
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Saturday, June 11,2016 20:21:32
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Saturday, June 11,2016 20:21:06
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Saturday, June 11,2016 20:20:40
[DoS attack: RST Scan] from source: 216.58.199.68:443 Saturday, June 11,2016 20:19:01
[DoS attack: ACK Scan] from source: 63.251.252.12:443 Saturday, June 11,2016 20:17:51
[DoS attack: ACK Scan] from source: 173.241.248.220:80 Saturday, June 11,2016 20:17:17
[DoS attack: ACK Scan] from source: 173.241.248.143:80 Saturday, June 11,2016 20:16:54
[DoS attack: ACK Scan] from source: 173.241.248.143:80 Saturday, June 11,2016 20:16:34
[DoS attack: ACK Scan] from source: 60.254.143.174:80 Saturday, June 11,2016 20:16:10

thats not all of it, but its basically the jist of what is showing in the logs.

Im not that good with this kind of thing, so thats why i came here. I appreciate anyone who attempts to help.

i have a netgear D6200 router
 
Solution


But does it really matter. It really makes no difference if you get 100 or a million, all the message does is make you concerned about things and you have no way to do anything about. If you call your ISP they will pretty much not care unless it somehow affects them. Even then they themselves can do nothing to stop it if it is coming in from another ISP especially one in a country that there is little legal oversight.

I am mixed if even having these messages on a consumer router has much value. If you follow good security it really does not matter if you are...

TikTok12

Commendable
Jun 11, 2016
3
0
1,510




thanks buddy much appreciated, im guessing just simply changing password will not fully stop it though?

 

Kewlx25

Distinguished
They're not DOS attacks, they're just background noise that goes on 24/7. A single computer with a 10Mb upload can scan the entire Internet about once a day. Given that there are tens to hundreds of thousands of compromised computers, it's expected to always seen unsolicited traffic. I typically see about 10-30 per second. A DOS attack would be thousands to hundreds of thousands per second.
 

TikTok12

Commendable
Jun 11, 2016
3
0
1,510



Thanks for the info buddy, i guess the internet disconnects were just coincidence, and yeah the log entries arent coming in as fast as you said they would be if it was a DoS attack.

So now, im curious, how come its listed as a DoS attack?

 
Technically port scans are not DOS unless they are done a lot. A port scan is normally a first pass to attempt to find a exploitable OS and then attempt to further compromise the system. It is more of hacking attempt than trying to deny service.

Since most people have a router running NAT in their house a port scan will never reach the internal machines so it has little risk.

Hard to say why the router company call it that. They are very weak on their security background or more likely they want to make it simplistic on the end consumers and just call everything a DOS attack. A actual attack generally is UDP traffic send on random ports. UDP you can send extremely fast since it requires no response to send more data.

There are other forms of DoS attacks but the NAT again prevent almost all of them from actually doing any damage because the internal machines never see them and the router itself tends to not be possible to compromise.
 


But does it really matter. It really makes no difference if you get 100 or a million, all the message does is make you concerned about things and you have no way to do anything about. If you call your ISP they will pretty much not care unless it somehow affects them. Even then they themselves can do nothing to stop it if it is coming in from another ISP especially one in a country that there is little legal oversight.

I am mixed if even having these messages on a consumer router has much value. If you follow good security it really does not matter if you are attacked or not.
 
Solution


actually it does. the more you get of course 100 or even 1000 isn't much but it takes away from your available speed. so lets say I could continently try to attack you its going to slow your internet down from a source that has a higher bandwidth. of course it would be a few hundred times a sec. to get to that point.
 

BuddhaSkoota

Admirable


I believe bill001g's point is that one has no control over the fact that these packets are received, not that it doesn't affect service to some degree.
 

Kewlx25

Distinguished


1000 packets
times
100 bytes
times
8 bits in a byte
divided
3600 seconds in an hour
equals
222 bits per second average

Not kilobits, just bits. Even if you had 33.6Kb dialup, you wouldn't notice.

ping -t www.google.com consumes more bandwidth.
 

William_147

Commendable
Aug 12, 2016
1
0
1,510
ITS not dos attack your router is set to scann ur trafic at intervals dos attack ack afk scan is your router default protection protectiong you for all sites you choise to go on for potential threts so basically you got nothing to worry about i see thes scans on my own router every time i change page u try it keep router open on one pc and change between sites on another u will see the scans