Router logs showing DoS attacks

[AvengeOne]

Hi, recently I've been looking at my router settings and I came across the log files and showed them labeled as Dos attack. Here they are.

[DoS Attack: TCP/UDP Chargen] from source: 37.220.39.171, port 41642, Thursday, March 27,2014 11:13:23
[DoS Attack: TCP/UDP Chargen] from source: 91.188.117.154, port 47197, Thursday, March 27,2014 06:41:38
[DoS Attack: IMAP Scan] from source: 86.52.255.54, port 52150, Thursday, March 27,2014 00:08:11
[DoS Attack: IMAP Scan] from source: 86.52.255.54, port 52150, Thursday, March 27,2014 00:07:40
[DoS Attack: IMAP Scan] from source: 86.52.255.54, port 52150, Thursday, March 27,2014 00:07:37
[DoS Attack: FIN Scan] from source: 86.52.255.54, port 52150, Thursday, March 27,2014 00:07:21
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.78, port 48757, Wednesday, March 26,2014 23:14:17
[DoS Attack: ACK Scan] from source: 216.133.234.22, port 2099, Wednesday, March 26,2014 20:44:09
[DoS Attack: ACK Scan] from source: 216.133.234.22, port 2099, Wednesday, March 26,2014 20:43:59
[DoS Attack: TCP/UDP Chargen] from source: 142.0.44.28, port 45606, Wednesday, March 26,2014 13:40:43
[DoS Attack: RST Scan] from source: 66.84.17.10, port 80, Wednesday, March 26,2014 13:15:35
[Internet disconnected] Wednesday, March 26,2014 13:11:05
[Internet disconnected] Wednesday, March 26,2014 13:09:35
[DoS Attack: ACK Scan] from source: 54.201.240.175, port 80, Wednesday, March 26,2014 12:04:16
[DoS Attack: ACK Scan] from source: 54.201.240.175, port 80, Wednesday, March 26,2014 12:02:45
[DoS Attack: ACK Scan] from source: 8.26.193.246, port 80, Wednesday, March 26,2014 11:54:01
[DoS Attack: RST Scan] from source: 144.76.96.49, port 15500, Wednesday, March 26,2014 05:36:28
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.78, port 44234, Tuesday, March 25,2014 23:15:17

Also when I go into my cmd and type netstat -n, I get all of these other foreign address's. I did some research and it is said that if you consecutively have 5 or more :80 or :443 that you could be getting DoS attacks or DDoS attacks. I have about 47 :80 consecutively right now mainly from one foreign source, 199.9.254.152:80 the STATE labels mostly all of them as TIME_WAIT. So should I be worried and contact my ISP about this?

 

[bill001g]

Port 80 can not be getting to your machine unless you port mapped it which I doubt. You are reading it all backwards

It is YOU that is going to 199.9.254.152 You must be watching video at justin.tv

When you have no port mapping your machines are basically safe. The routers logs are spaced over many days so this is just the normal probing that goes on all the time. You will know when someone is attacking your router it will have many log entries per second not per day.

 

[AvengeOne]

Oh okay then I'm just over thinking what is happening then. Well I haven't watched any videos at justin.tv but on twitch.tv I have. I thought it was interesting because I thought they were seperate, so I was thinking, "Why is my computer going to justin.tv when I've been watching videos on twitch.tv. Anyways, thank you for clearing this up since I am not very familiar on how my computer's IP interacts with the other servers. What you posted makes a lot more sense then what I have read. Thank you. But when an IP's STATE is on TIME_WAIT does that have an impact on my internet speed or connection at all?

 

[bill001g]

Timewait in theory could cause a memory constraint but windows is pretty smart and will clear these if it detect a problem. It just indicates that a connection closed cleanly and keeps it around under the theory that a lost packet may show up.....not that it will do anything other than discard it anyway.

Not sure why they keep these open for so long. There are ways to adjust the timers but unless you are seeing a issue i would leave it alone since they are done by editing the registry.