Router logs show some suspicious activity

mickeemuse

Prominent
Oct 16, 2017
7
0
510
Okay so I hadn't an idea as to why my router has been having a multitude of issues in the recent years, but I think I may have come across the problem. I decided to go through my routers security log and found a thing or two, one of the issues "SYN FLOODING Attack" is apparently a form of dos attack and I've been disconnected from the internet time and time again while playing competitive Overwatch and here I was thinking it was just my internet being garbage. Then I came across "Ping of Death" in the log files. I'm looking for help in solving the issues presented in my log files. Here's a short list of the three commonly logged activities:
2017-10-13T21:18:37 (none) daemon.warn Sec_Attack: Ping of Death Attack: IN=br0 OUT=ptm0.1 SRC=192.168.1.8 DST=8.8.8.8 LEN=84 TOS=0x00 PREC=0x00 TTL=63 DF PROTO=ICMP TYPE=8 CODE=0 ID=25 SEQ=2;
2017-10-13T21:17:31 (none) daemon.warn Sec_Attack: SYN FLOODING Attack: IN=br0 OUT=n/a MAC=58:8b:f3:c5:66:ae:34:97:f6: da:e6:64:08:00 SRC=192.168.1.5 DST=192.168.1.1 LEN=52 TOS=0x00 PREC=0x00 TTL=128 DF PROTO=TCP SPT=53882 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0 ;
2017-10-13T21:17:31 (none) daemon.warn Sec_Attack: Port Scan Attack: IN=ptm0.1 OUT=n/a MAC=58:8b:f3:c5:66:b0:00:a7:42:07:b0:cb:08:00:45:00:05:c0:e5: d2:00:00:3d:06:c5:bb:ad:c2:98:97 SRC=173.194.152.151 LEN=1472 TOS=0x00 PREC=0x00 TTL=61 PROTO=TCP SPT=443 DPT=56204 WINDOW=139 RES=0x00 ACK URGP=0 MARK=0x8000000
Please help me fix whatever it is that's occurring. :??:
 
Attacks may be random or they may be targeted just at you.

If the attacks primarily occur when you are playing competitive Overwatch then I would suspect that another player is trying some sort of cheat.

Especially if you happen to be winning.

Contact Overwatch. They may be able to provide some guidance or help identify the culprit.

I would also expect that they can ban cheaters.

 
That's the thing, all the attacks that have a specified ip address/computer in mind it's always 192.168.1.5 (my computer) and it doesn't always happen in just competitive I've had matches where I'm doing moderately well and suddenly I have a ping of 2000. I have the security log files for the past few days, if they would be of any use I could post them.
 
Are you using "Port forwarding" with the router configured to send packets to your computer at 192.168.1.5 as a static IP?

You might try changing the static IP address to some other value. Have the static IP address outside of the available DHCP IP address range of course, but not so close the 192.168.1.5 value.

May force some hack or cheat to make more iterations to find the destination IP being targeted.

Will, in all honesty, defer that line of thinking to a more experienced cyber-security/white hat member.

Feel free to post the logs as well. Someone may spot something there. Just be sure that your public IP is not shown.

"Wheels within wheels within wheels..."




 
I don't have any "rules" as my router calls them having to do with port forwarding, although there is a footnote labeled "port forwarding" it just has nothing in it aside from a description. How would I go about changing my ip address as well as find out the available "DHCP IP address range"? I'll go ahead and post the logs but first I want to ask; what kind of security threat does displaying my public IP address pose? Sorry for asking so many questions I just know practically nothing about this stuff.
 
Your Public IP is basically the "entrance" to your home or business network and reachable from anywhere on the internet: Ukraine, China, North Korea,....

Public IP & security threats...

Please read the following "starter" link:

https://www.stream-technologies.com/blog/security-and-the-iot-public-ip-addressing

Then use Google to research any specific questions as necessary.

What make and model router are you using? Visit the manufacturer's website and look for the applicable User Manual/Guide.

There should be specific instructions regarding administrative access to your router (which you already have) and the various windows used to configure the router.

DHCP Address Ranges and Port-forwarding usually get a chapter or section of their own.

The concepts are very much the same with respect to any router. What tends to vary more is the wording, configuration screen layouts, and specific features (e.g., parental controls). Some router's offer more help and explanation for the available settings and options.

If you are careful, there is no harm in accessing your router and exploring the various screens and options. Just be careful not to change anything and keep some notes.

Then plan out what you intend to do. E.g. set up one port-forwarding. Work until successful and tested. Then use what you learned to set up a second port-forwarding. Should get easier as you go.

A key component is that you need to set up the recipient pc with a Static IP address to get port-forwarding to work. Setting up (reserving) a Static IP for any network device should also be presented in the User Guide/Manual. There are some requirements to do that as well.

And again, there are many online tutorials, including videos. Look for ones that match your router's make and model. There are some really helpful postings out there. Others not so much but good intent matters so you may need to suffer through a couple of those.... If really unbearable then skip and move on.


 

TRENDING THREADS

Latest posts