1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

DOS attack and IP address given by router outside scope

Discussion in 'Networking' started by Shadefly, Mar 22, 2015.

Thread Status:
Not open for further replies.
  1. Shadefly

    Shadefly Thread Starter

    Joined:
    Mar 22, 2015
    Messages:
    1
    My wireless Router (Netgear WNDR3700v3) has the light constantly flashing for both the internet, wired and wireless connections. Internet access gets very sporadic so I started investigating. I found this is in the router logs:
    [DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:51
    [DoS attack: ACK Scan] attack packets in last 20 sec from ip [184.51.126.26], Sunday, Mar 22,2015 15:25:48
    [DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:47
    [DoS attack: FIN Scan] attack packets in last 20 sec from ip [64.233.176.83], Sunday, Mar 22,2015 15:22:18
    [DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.194.219.102], Sunday, Mar 22,2015 15:14:03
    [DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.196.139], Sunday, Mar 22,2015 15:13:48


    Another curious entry is below. it is curious because my DHCP scope is set to 192.168.1..2 to 192.168.1.99. how is the router assigning an IP to 192.168.100.1 and 192.168.100.10?


    [Internet disconnected] Sunday, Mar 22,2015 17:36:24
    [Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 17:36:14
    [Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 17:36:05
    [Internet disconnected] Sunday, Mar 22,2015 17:36:02

    [Internet disconnected] Sunday, Mar 22,2015 15:11:24
    [Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 15:11:14
    [Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 15:11:05
    [Internet disconnected] Sunday, Mar 22,2015 15:11:03


    It seems to happen around the time synchronization to the NTP server.


    Any suggestions on what I need to do to prevent this? I think the router is weeing a DOS attack and disconnecting from the internet. then reconnecting and checking time?
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,821
    I think you may be connecting to the Guest Network, your router has that feature. Maybe the Guest Network uses a different IP address range.

    An ACK scan and FIN scan are both scans: http://en.wikipedia.org/wiki/Port_scanner#ACK_scanning . Technically they are not DOS attacks, although they will affect your network use if the hacker is not trying hide his attempts to connect by scanning slowly.
     
  3. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,611
    First Name:
    Terry
    192.168.100.1 is surely your modem, and 192.168.100.10 is almost definitely the address the modem is assigning to the router's WAN when internet access has been lost.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1145295

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice