Neil Paisnel

Q: Router DoS attack reports

Many apologies if I waffle on a bit, but want to ty and get as much detail down as possible.

 

Please read all this post before you discard it off hand as not being an issue with my Mac.   I will explain why I am askign it here further down.

I have no idea, only a question..as to what is going on, and was unsure what sort of forum to post this on.  If any one can suggest anothe forum to post this, that offer also reatly appreciated

 

 

My home networks consists of:

Draytek  Vigor 2800G router        192.168.1.1

Router setup to e-mail to me reports of blocked attacks

Mac Pro 3.1 2008  OSX 10.6.8    192.168.1.10

Yamaha amp 192.168.1.11

Apple TV 192.168.1.12

FreeNAS server as Bit torrent Box..192.168.1.13

iPad http://192.168.1.15

http://192.168.1.16

 

 

Bridge --  Home to workshop bridge  Home 192.168.1.254   --wirelesee link to workshop  192.168.1.253   hardwired network to WiFI repeater  192.168.1.253

 

NAS4Free server  on second etho port  192.168.2.2 on gigabit network..solely as backup box..Chronosync backup agent.

 

 

This has been a working setup for , 3 years or more.

The NAS servers are in the  attic..headless servers, WebGUI access.

No recent config changes.

 

 

Bit torrent was working perfectly from theFreeNAS BT service till about the point these issues started...se below.

Now although the service is running, it wont upload or download, despite the private tracker sayin it is connectable.

Port forwarding from router not changed and it used to work..now it does not .

 

I can successfully run Vuze from the Mac and the upload/download as normal..so the BT issue is no tISP related.

 

 

I am suspectiing something wrong (virus? trojan? or similar?) with the Mac because the latest batch of Router e-mail attack reports seem to be eminating from inside my network..more precisely my Mac's IP address.

These only started appearing since the FreeNAS BT service stopped up or d/loading.

 

Maybe I am mis reading these e-mail reports ?

First I will post some of the latest router attack reports.  So mamn different ports being 'attempted..is something trying to find an open outbound port?

 

How can I find what is doign this?

 

DoS fin_wo_ack Block 192.168.1.10,56187 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 3791239635 0

DoS fin_wo_ack Block 192.168.1.10,56571 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 132707881 0

DoS fin_wo_ack Block 192.168.1.10,56989 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 3157945262 0

DoS fin_wo_ack Block 192.168.1.10,57422 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1415437543 0

DoS udp_flood Block(10s) 69.155.122.11,46339 -> 81.20.189.210,27735 PR 17(udp) len 20 398 

DoS fin_wo_ack Block 192.168.1.10,57567 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1322581772 0

DoS udp_flood Block(10s) 206.45.9.56,13534 -> 81.20.189.210,27735 PR 17(udp) len 20 1452 

DoS udp_flood Block(10s) 81.61.156.61,56379 -> 81.20.189.210,27735 PR 17(udp) len 20 1466 

DoS udp_flood Block(10s) 62.37.67.190,61499 -> 81.20.189.210,27735 PR 17(udp) len 20 1452 

DoS fin_wo_ack Block 192.168.1.10,57823 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1698743441 0

DoS fin_wo_ack Block 192.168.1.10,53001 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1043268739 0

DoS fin_wo_ack Block 192.168.1.10,53073 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 2144545329 0

DoS fin_wo_ack Block 192.168.1.10,53457 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 2131745624 0

DoS fin_wo_ack Block 192.168.1.10,53902 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 731003202 0

DoS fin_wo_ack Block 192.168.1.10,54305 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 2790893966 0

DoS fin_wo_ack Block 192.168.1.10,54374 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 77374595 0

DoS fin_wo_ack Block 192.168.1.10,54388 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 3299723843 0

DoS fin_wo_ack Block 192.168.1.10,54395 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1904232423 0

DoS teardrop Block 96.25.238.225,29508 -> 81.20.189.210,60823 PR 17(udp) len 20 1396 

DoS synfin_scan Block 173.194.41.108,9472 -> 81.20.189.210,58002 PR 6(tcp) len 20 1384 -USRAF 2054237737 3461047283

DoS fin_wo_ack Block 192.168.1.10,52415 -> 192.168.1.1,53 PR 6(tcp) len 20 40 -F 3590759364 0

DoS fin_wo_ack Block 192.168.1.10,52583 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 2144635017 0

DoS fin_wo_ack Block 192.168.1.10,52593 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1731652613 0

DoS fin_wo_ack Block 192.168.1.10,52627 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 4152980075 0

DoS fin_wo_ack Block 192.168.1.10,52652 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 1150097123 0

DoS fin_wo_ack Block 192.168.1.15,49735 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 4013975634 0

DoS fin_wo_ack Block 192.168.1.15,49739 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 3383698831 0

DoS fin_wo_ack Block 192.168.1.16,52028 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 2497208518 0

DoS fin_wo_ack Block 192.168.1.10,49449 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 590392538 0

DoS fin_wo_ack Block 192.168.1.10,49470 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 3006781907 0

 

 

 

 

 

Older reports are more like this..very little from inside the network

 

 

DoS trace_rt Block 67.59.145.22,10640 -> 213.133.201.161,33438 PR 17(udp) len 20 32 

DoS trace_rt Block 67.59.145.22,10640 -> 213.133.201.161,33438 PR 17(udp) len 20 32 

DoS trace_rt Block 67.59.145.22,10640 -> 213.133.201.161,33438 PR 17(udp) len 20 32 

DoS trace_rt Block 67.59.145.22,10640 -> 213.133.201.161,33438 PR 17(udp) len 20 32 

DoS trace_rt Block 67.59.145.22,10640 -> 213.133.201.161,33438 PR 17(udp) len 20 32 

DoS synfin_scan Block 74.125.24.99,1397 -> 213.133.201.161,44524 PR 6(tcp) len 20 1396 -USRAF 1056840379 1387151144

DoS fin_wo_ack Block 74.125.24.99,34962 -> 213.133.201.161,2790 PR 6(tcp) len 20 1396 -URF 3037983974 238724862

DoS fin_wo_ack Block 74.125.24.99,21001 -> 213.133.201.161,1241 PR 6(tcp) len 20 1396 -UF 2781011030 1626285575

DoS fin_wo_ack Block 192.168.1.10,49545 -> 192.168.1.1,53 PR 6(tcp) len 20 40 -F 1726033779 0

DoS fin_wo_ack Block 192.168.1.10,49717 -> 192.168.1.1,53 PR 6(tcp) len 20 52 -F 609168723 0

Posted on Feb 11, 2014 5:02 AM

Close

Q: Router DoS attack reports

  • All replies
  • Helpful answers