DOS attack and IP address given by router outside scope

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Shadefly

Thread Starter
Joined
Mar 22, 2015
Messages
1
My wireless Router (Netgear WNDR3700v3) has the light constantly flashing for both the internet, wired and wireless connections. Internet access gets very sporadic so I started investigating. I found this is in the router logs:
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:51
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [184.51.126.26], Sunday, Mar 22,2015 15:25:48
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [23.66.231.65], Sunday, Mar 22,2015 15:25:47
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [64.233.176.83], Sunday, Mar 22,2015 15:22:18
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [173.194.219.102], Sunday, Mar 22,2015 15:14:03
[DoS attack: FIN Scan] attack packets in last 20 sec from ip [74.125.196.139], Sunday, Mar 22,2015 15:13:48


Another curious entry is below. it is curious because my DHCP scope is set to 192.168.1..2 to 192.168.1.99. how is the router assigning an IP to 192.168.100.1 and 192.168.100.10?


[Internet disconnected] Sunday, Mar 22,2015 17:36:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 17:36:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 17:36:05
[Internet disconnected] Sunday, Mar 22,2015 17:36:02

[Internet disconnected] Sunday, Mar 22,2015 15:11:24
[Service blocked: ICMP_echo_req] from source 192.168.100.1, Sunday, Mar 22,2015 15:11:14
[Internet connected] IP address: 192.168.100.10, Sunday, Mar 22,2015 15:11:05
[Internet disconnected] Sunday, Mar 22,2015 15:11:03


It seems to happen around the time synchronization to the NTP server.


Any suggestions on what I need to do to prevent this? I think the router is weeing a DOS attack and disconnecting from the internet. then reconnecting and checking time?
 
Joined
Sep 21, 2007
Messages
13,851
I think you may be connecting to the Guest Network, your router has that feature. Maybe the Guest Network uses a different IP address range.

An ACK scan and FIN scan are both scans: http://en.wikipedia.org/wiki/Port_scanner#ACK_scanning . Technically they are not DOS attacks, although they will affect your network use if the hacker is not trying hide his attempts to connect by scanning slowly.
 

TerryNet

Terry
Moderator
Joined
Mar 23, 2005
Messages
81,424
192.168.100.1 is surely your modem, and 192.168.100.10 is almost definitely the address the modem is assigning to the router's WAN when internet access has been lost.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top