1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Netgear log dos attacks???

Discussion in 'General Security' started by HELPMEM8S, Apr 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. HELPMEM8S

    HELPMEM8S Thread Starter

    Joined:
    Feb 24, 2005
    Messages:
    4
    I remember when I used to look at the router logs for my wireless router I would see the name of websites visited from people who were using my wireless signal. There is supposed to only be one person using my wireless signal as I am using a ethernet cable attached to the router. When I click "attached devices" it only shows me and one other person, however the log seems to show there is more than one person attached besides the two of us.

    I am semi-computer literate but obviously semi-retarded because this router log is all a foreign language to me. So here is the log, if anyone can make some sense of it for me I would appreciate it. I guess I am mainly worried about the Denial Of Service Attacks but I would also like to know why the log doesn't read like it did last time I checked. Now that I think about it I don't know what I should be worried about.



    I am pretty sure the only "attached devices" are supposed to be

    ME[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 21:05:49
    GUY USING MY WIRELESS[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010

    I have no idea who this is supposed to be. Or like I said maybe I am just retarded.

    [DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Monday, March 29,2010 23:43:06

    March 30,2010 14:18:36
    [DoS Attack: RST Scan] from source: 75.21.100.39, port 4078, Tuesday, March 30,2010 13:01:56
    [DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Tuesday, March 30,2010 11:43:07
    [Time synchronized with NTP server] Tuesday, March 30,2010 10:49:43
    [DoS Attack: RST Scan] from source: 217.119.54.143, port 45707, Tuesday, March 30,2010 09:18:31
    [DoS Attack: RST Scan] from source: 118.136.244.67, port 1082, Tuesday, March 30,2010 07:00:37
    [DoS Attack: ACK Scan] from source: 65.55.87.123, port 80, Tuesday, March 30,2010 05:46:01
    [DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Tuesday, March 30,2010 05:45:42
    [DoS Attack: ACK Scan] from source: 65.55.87.123, port 80, Tuesday, March 30,2010 05:45:42
    [DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Tuesday, March 30,2010 05:43:42
    [UPnP set event: del_nat_rule] from source 192.168.1.5, Monday, March 29,2010 23:44:59
    [UPnP set event: add_nat_rule] from source 192.168.1.5, Monday, March 29,2010 23:43:07
    [DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Monday, March 29,2010 23:43:06
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 21:05:49
    [DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010 20:56:25
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 15:11:52
    [DoS Attack: FIN Scan] from source: 83.30.6.104, port 49547, Monday, March 29,2010 14:40:04
    [Time synchronized with NTP server] Monday, March 29,2010 10:49:42
    [DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010 06:20:28
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 02:35:42
    [DoS Attack: ACK Scan] from source: 65.55.183.7, port 80, Sunday, March 28,2010 21:12:01
    [DoS Attack: FIN Scan] from source: 97.113.145.180, port 61578, Sunday, March 28,2010 20:24:01
    [DoS Attack: ACK Scan] from source: 162.95.222.239, port 443, Sunday, March 28,2010 17:32:09
    [DoS Attack: RST Scan] from source: 12.130.102.24, port 443, Sunday, March 28,2010 15:59:00
    [Internet connected] IP address: 67.162.132.xxx, Sunday, March 28,2010 15:31:43
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Sunday, March 28,2010 14:24:59
    [Time synchronized with NTP server] Sunday, March 28,2010 10:49:41
    [DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Sunday, March 28,2010 09:45:02
    [DoS Attack: ACK Scan] from source: 65.54.95.13, port 80, Sunday, March 28,2010 08:35:09
    [DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Sunday, March 28,2010 02:24:52
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 23:44:31
    [UPnP set event: add_nat_rule] from source 192.168.1.5, Saturday, March 27,2010 23:16:24
    [DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Saturday, March 27,2010 23:16:23
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 23:06:35
    [DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Saturday, March 27,2010 21:45:00
    [DoS Attack: RST Scan] from source: 216.252.125.65, port 443, Saturday, March 27,2010 18:33:01
    [DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 11:06:34
    [DoS Attack: ACK Scan] from source: 174.140.157.25, port 80, Saturday, March 27,2010 10:50:18
    [Time synchronized with NTP server] Saturday, March 27,2010 10:49:40
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,876
    Just enable WPA2 encryption, set a 16 character passphrase and that will lock the intruders out of using your network. Also change the router's admin password, the default password for each router model is published.
     
  3. antimoth

    antimoth

    Joined:
    Aug 8, 2009
    Messages:
    361
    I would be bummed out if I found extra local IP's on my router. You and the guy that piggybacks off your service should be using WPA2 encryption, providing that the gear supports it. If not that, at least enable MAC address filtering on the wireless and a lesser encryption. While both of the latter are crackable, odds are whoever is there doesn't have the tools.

    There may also be less sinister reasons for extra IP's. A second laptop or a game console. A friend dropped by with a netbook. Dual boot machine with linux/windows using different computer names. Still, if you got an open wifi net, you are asking for it.

    As for the DOS attacks, google the syntax and read the links. The IP's in your log include Microsoft, Yahoo, and Blue Shield. Maybe they are not DOS attacks. I thought DOS was a 1000 hits per second. Yours are like one very few hours.
     
  4. HELPMEM8S

    HELPMEM8S Thread Starter

    Joined:
    Feb 24, 2005
    Messages:
    4
    im using wpa2 and my router password is unique. i know both of our computers are secure so thats why this is so confusing. my concern is that before when i looked at the logs from my netgear router i would see the websites people were viewing, now all i see is these wierd DOS attacks. any other ideas?
     
  5. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    00:0d:9d:5e:9a:xx is HP, 00:24:8d:d2:3c:xx is Sony, and 00:21:63:bb:87:xx is Askey Computer Corp. If you have a Sony PS3 and Askey VOIP phone or TV set top box, that would explain them.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/914119

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice