Netgear log dos attacks???

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

HELPMEM8S

Thread Starter
Joined
Feb 24, 2005
Messages
4
I remember when I used to look at the router logs for my wireless router I would see the name of websites visited from people who were using my wireless signal. There is supposed to only be one person using my wireless signal as I am using a ethernet cable attached to the router. When I click "attached devices" it only shows me and one other person, however the log seems to show there is more than one person attached besides the two of us.

I am semi-computer literate but obviously semi-retarded because this router log is all a foreign language to me. So here is the log, if anyone can make some sense of it for me I would appreciate it. I guess I am mainly worried about the Denial Of Service Attacks but I would also like to know why the log doesn't read like it did last time I checked. Now that I think about it I don't know what I should be worried about.



I am pretty sure the only "attached devices" are supposed to be

ME[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 21:05:49
GUY USING MY WIRELESS[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010

I have no idea who this is supposed to be. Or like I said maybe I am just retarded.

[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Monday, March 29,2010 23:43:06

March 30,2010 14:18:36
[DoS Attack: RST Scan] from source: 75.21.100.39, port 4078, Tuesday, March 30,2010 13:01:56
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Tuesday, March 30,2010 11:43:07
[Time synchronized with NTP server] Tuesday, March 30,2010 10:49:43
[DoS Attack: RST Scan] from source: 217.119.54.143, port 45707, Tuesday, March 30,2010 09:18:31
[DoS Attack: RST Scan] from source: 118.136.244.67, port 1082, Tuesday, March 30,2010 07:00:37
[DoS Attack: ACK Scan] from source: 65.55.87.123, port 80, Tuesday, March 30,2010 05:46:01
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Tuesday, March 30,2010 05:45:42
[DoS Attack: ACK Scan] from source: 65.55.87.123, port 80, Tuesday, March 30,2010 05:45:42
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Tuesday, March 30,2010 05:43:42
[UPnP set event: del_nat_rule] from source 192.168.1.5, Monday, March 29,2010 23:44:59
[UPnP set event: add_nat_rule] from source 192.168.1.5, Monday, March 29,2010 23:43:07
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Monday, March 29,2010 23:43:06
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 21:05:49
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010 20:56:25
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 15:11:52
[DoS Attack: FIN Scan] from source: 83.30.6.104, port 49547, Monday, March 29,2010 14:40:04
[Time synchronized with NTP server] Monday, March 29,2010 10:49:42
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010 06:20:28
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 02:35:42
[DoS Attack: ACK Scan] from source: 65.55.183.7, port 80, Sunday, March 28,2010 21:12:01
[DoS Attack: FIN Scan] from source: 97.113.145.180, port 61578, Sunday, March 28,2010 20:24:01
[DoS Attack: ACK Scan] from source: 162.95.222.239, port 443, Sunday, March 28,2010 17:32:09
[DoS Attack: RST Scan] from source: 12.130.102.24, port 443, Sunday, March 28,2010 15:59:00
[Internet connected] IP address: 67.162.132.xxx, Sunday, March 28,2010 15:31:43
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Sunday, March 28,2010 14:24:59
[Time synchronized with NTP server] Sunday, March 28,2010 10:49:41
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Sunday, March 28,2010 09:45:02
[DoS Attack: ACK Scan] from source: 65.54.95.13, port 80, Sunday, March 28,2010 08:35:09
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Sunday, March 28,2010 02:24:52
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 23:44:31
[UPnP set event: add_nat_rule] from source 192.168.1.5, Saturday, March 27,2010 23:16:24
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Saturday, March 27,2010 23:16:23
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 23:06:35
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Saturday, March 27,2010 21:45:00
[DoS Attack: RST Scan] from source: 216.252.125.65, port 443, Saturday, March 27,2010 18:33:01
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 11:06:34
[DoS Attack: ACK Scan] from source: 174.140.157.25, port 80, Saturday, March 27,2010 10:50:18
[Time synchronized with NTP server] Saturday, March 27,2010 10:49:40
 
Joined
Sep 21, 2007
Messages
13,622
Just enable WPA2 encryption, set a 16 character passphrase and that will lock the intruders out of using your network. Also change the router's admin password, the default password for each router model is published.
 
Joined
Aug 8, 2009
Messages
361
I would be bummed out if I found extra local IP's on my router. You and the guy that piggybacks off your service should be using WPA2 encryption, providing that the gear supports it. If not that, at least enable MAC address filtering on the wireless and a lesser encryption. While both of the latter are crackable, odds are whoever is there doesn't have the tools.

There may also be less sinister reasons for extra IP's. A second laptop or a game console. A friend dropped by with a netbook. Dual boot machine with linux/windows using different computer names. Still, if you got an open wifi net, you are asking for it.

As for the DOS attacks, google the syntax and read the links. The IP's in your log include Microsoft, Yahoo, and Blue Shield. Maybe they are not DOS attacks. I thought DOS was a 1000 hits per second. Yours are like one very few hours.
 

HELPMEM8S

Thread Starter
Joined
Feb 24, 2005
Messages
4
im using wpa2 and my router password is unique. i know both of our computers are secure so thats why this is so confusing. my concern is that before when i looked at the logs from my netgear router i would see the websites people were viewing, now all i see is these wierd DOS attacks. any other ideas?
 

Frank4d

Retired Trusted Advisor
Joined
Sep 10, 2006
Messages
9,126
00:0d:9d:5e:9a:xx is HP, 00:24:8d:d2:3c:xx is Sony, and 00:21:63:bb:87:xx is Askey Computer Corp. If you have a Sony PS3 and Askey VOIP phone or TV set top box, that would explain them.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top