****ing DOS attacks [Archive]

airbornflght

12 Oct 2007, 1:54am

Ok. I have about 300 emails in my inbox from my router. I have it set to email me when the log fills. Apparently we have been getting DOS'd. Which could explain why out internet has been flaky. Old router didn't have a firewall or any protection.

Here is one of the logs. What can I do about this. It's kinda pissing me off. I see no reason why we are even worthy of being DOS'd.

[DOS attack: FIN Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:51:34 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [142.217.89.70], Thursday, 11 Oct 2007 19:51:34 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.27.166], Thursday, 11 Oct 2007 19:51:33 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:33 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:51:33 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [74.139.95.233], Thursday, 11 Oct 2007 19:51:33 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.147], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.203.135.185], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.193.7.234], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [207.46.110.90], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.110.90], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [89.211.228.113], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.110.90], Thursday, 11 Oct 2007 19:51:31 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.24.135], Thursday, 11 Oct 2007 19:51:31 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.159], Thursday, 11 Oct 2007 19:51:31 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [72.155.119.110], Thursday, 11 Oct 2007 19:51:31 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [87.105.22.246], Thursday, 11 Oct 2007 19:51:30 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:30 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.175], Thursday, 11 Oct 2007 19:51:30 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:30 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.223], Thursday, 11 Oct 2007 19:51:30 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.231], Thursday, 11 Oct 2007 19:51:29 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:29 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:28 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:51:28 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [89.26.184.42], Thursday, 11 Oct 2007 19:51:28 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.59], Thursday, 11 Oct 2007 19:51:28 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [72.155.119.110], Thursday, 11 Oct 2007 19:51:28 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:27 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.12], Thursday, 11 Oct 2007 19:51:27 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:27 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [87.105.22.246], Thursday, 11 Oct 2007 19:51:27 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.203.135.185], Thursday, 11 Oct 2007 19:51:26 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.145.146], Thursday, 11 Oct 2007 19:51:26 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.231], Thursday, 11 Oct 2007 19:51:26 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [85.139.94.102], Thursday, 11 Oct 2007 19:51:26 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:51:25 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [87.105.22.246], Thursday, 11 Oct 2007 19:51:25 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.178.30.216], Thursday, 11 Oct 2007 19:51:25 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.94.116.135], Thursday, 11 Oct 2007 19:51:25 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.135.186.157], Thursday, 11 Oct 2007 19:51:25 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [70.74.30.125], Thursday, 11 Oct 2007 19:51:24 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:24 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:24 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [139.78.132.32], Thursday, 11 Oct 2007 19:51:23 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.63.5.75], Thursday, 11 Oct 2007 19:51:23 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:23 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [92.80.30.242], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:51:22 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [89.26.184.42], Thursday, 11 Oct 2007 19:51:22 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:22 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:51:22 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:22 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.75], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:21 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:21 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.24], Thursday, 11 Oct 2007 19:51:21 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.71], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [77.251.196.18], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [220.239.226.217], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:51:20 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [59.92.242.215], Thursday, 11 Oct 2007 19:51:20 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:51:20 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.24], Thursday, 11 Oct 2007 19:51:20 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.24.135], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.24], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.159], Thursday, 11 Oct 2007 19:51:19 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:19 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.143.70.77], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.16], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.63.5.75], Thursday, 11 Oct 2007 19:51:17 [DHCP IP: (192.168.1.16)] to MAC address 00:19:B9:7D:86:B7, Thursday, 11 Oct 2007 19:51:17 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.16], Thursday, 11 Oct 2007 19:51:17 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:51:16 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:16 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:51:15 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.171], Thursday, 11 Oct 2007 19:51:15 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:15 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.63.5.75], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.192.9.76], Thursday, 11 Oct 2007 19:51:14 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:14 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [68.228.145.152], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:13 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.24.135], Thursday, 11 Oct 2007 19:51:13 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.159], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [86.125.166.235], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.191.92.114], Thursday, 11 Oct 2007 19:51:12 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.121.159], Thursday, 11 Oct 2007 19:51:12 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:11 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:10 [Admin login] from source 192.168.1.4, Thursday, 11 Oct 2007 19:51:10 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:10 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:10 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.171], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:51:09 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.71], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:51:08 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:08 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.27.166], Thursday, 11 Oct 2007 19:51:08 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.147], Thursday, 11 Oct 2007 19:51:08 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:08 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:51:07 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.93], Thursday, 11 Oct 2007 19:51:07 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.97], Thursday, 11 Oct 2007 19:51:07 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:07 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:51:07 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:07 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [77.251.196.18], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:06 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [208.10.23.155], Thursday, 11 Oct 2007 19:51:06 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.130], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:05 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:05 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:51:05 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.143.70.77], Thursday, 11 Oct 2007 19:51:05 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:04 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:04 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.79.10.85], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [189.11.10.2], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [88.153.183.229], Thursday, 11 Oct 2007 19:51:03 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:03 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.71], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.155.193.185], Thursday, 11 Oct 2007 19:51:03 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.144], Thursday, 11 Oct 2007 19:51:02 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:51:02 [DHCP IP: (192.168.1.12)] to MAC address 00:0B:7D:17:03:B2, Thursday, 11 Oct 2007 19:51:02 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:02 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [92.80.30.242], Thursday, 11 Oct 2007 19:51:02 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:01 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.85], Thursday, 11 Oct 2007 19:51:01 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:51:01 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:51:01 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [24.209.103.84], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:00 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:00 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.135.186.157], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.94.116.135], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.145.146], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.178.30.216], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.192.9.76], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [59.92.242.215], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.155.193.185], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [220.239.226.217], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [89.32.123.94], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [68.228.145.152], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:50:57 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:50:57 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:50:56 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [210.79.181.103], Thursday, 11 Oct 2007 19:50:56 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:50:56 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:50:56 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.121.159], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.143.70.77], Thursday, 11 Oct 2007 19:50:55 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [64.86.32.146], Thursday, 11 Oct 2007 19:50:54 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [86.125.166.235], Thursday, 11 Oct 2007 19:50:54 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:50:53 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.49], Thursday, 11 Oct 2007 19:50:53 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:50:53 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:53 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [64.86.32.146], Thursday, 11 Oct 2007 19:50:53 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.250.183.104], Thursday, 11 Oct 2007 19:50:52 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:50:52 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [92.80.30.242], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.192.9.76], Thursday, 11 Oct 2007 19:50:51 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [80.130.101.126], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:51 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:50:51 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:50:50 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:50 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:50:50 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:50:49 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.25.96], Thursday, 11 Oct 2007 19:50:49 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.79.10.85], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [88.153.183.229], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:49 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:50:49 [LAN access from remote] from 76.198.245.64:2388 to 192.168.1.4:8080 Thursday, 11 Oct 2007 19:50:48 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:50:48 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [24.209.103.84], Thursday, 11 Oct 2007 19:50:48 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [59.92.242.215], Thursday, 11 Oct 2007 19:50:48 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.94.116.135], Thursday, 11 Oct 2007 19:50:47 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [68.81.216.4], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:50:47 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.111], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.178.30.216], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:50:45 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [190.46.207.87], Thursday, 11 Oct 2007 19:50:45 [Time synchronized with NTP server] Thursday, 11 Oct 2007 19:50:44 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:50:44 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [64.86.32.122], Thursday, 11 Oct 2007 19:50:43 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.27.166], Thursday, 11 Oct 2007 19:50:43 [Internet connected] IP address: xxx.xxx.229.202, Thursday, 11 Oct 2007 19:50:43 [Initialized, firmware version: V1.0.22_1.0.22NA] Thursday, 11 Oct 2007 19:50:43

fatcat

12 Oct 2007, 1:56am

install firewall

use firewall

have a beer

smile.

airbornflght

12 Oct 2007, 2:09am

install firewall

use firewall

have a beer

smile.

I have a hardware firewall.

The internet isn't going down or anything. I was looking for a way to make it stop. i.e. in war when someone starts shooting at you, you not only fortify your walls but fire back and neutralize the threat.

I have fortified my walls, now I'd like to neutralize my enemy:D

fatcat

12 Oct 2007, 2:16am

disconnect from internet, enemy will retreat

i'm no network expert. block the IP's maybe.

airbornflght

12 Oct 2007, 2:21am

and here come 30 more emails from my router....

disconnecting from the internet isn't exactly feasible.

troll

12 Oct 2007, 4:04am

Looks like you pissed somebody off...

Not really much can be done... contact your ISP and show them your log files. The IP's or packet filters would have to be blocked/applied upstream (at the ISP NOC) before the packets get to you to make any difference.

Retaliation is NOT an option as the boxes attacking yours are just robots.... (A 13 yr old kid just enters your ip number on an IRC channel and some 400 waiting boxes start attacking you...)

If you have cable get a temp dsl connection or vice versa till the attack blows over...

Nomad

12 Oct 2007, 4:41am

Contact your ISP, in the mean time:

http://img.photobucket.com/albums/v248/Hallock1988/DOS.jpg

Unplug your intersqwebs.

GrayFox

12 Oct 2007, 5:28am

Your spi firewall should be discarding the crap.

Its still flooding your download your firewall shouldn't be responding to them.

Also if these are logs ids you might just be getting false positives by someone running bit torrent on your network. (Mine gets full of them when I run bit torrent)

Someone on the network might have pissed off a script kiddie with a botnet (Retaliation like this was really popular in an online game I use to play called deus ex) if so it will blow over in a week.

airbornflght

12 Oct 2007, 8:00am

No one is running any torrents that I know of. Mostly because I have UPnP disabled and no ports forwarded for it. I'm having a hard enough time keeping everyones bandwidth stable with just internet traffic alone.

I'm pretty sure we're hitting this router pretty hard as far as how much traffic we're putting through it.

Your Amish Daddy

12 Oct 2007, 12:49pm

Also I always reccomend Peer Guardian.

kryyst

12 Oct 2007, 1:26pm

Just did a few lookups and those IP's are from all over the place. You don't really have many options. Anything behind your router isn't going to do anything. You can set your router so that it isn't answering pings and lock down as many ports as you can. But that's not going to stop the attempts.

The bottom line is that you can only secure behind your firewall. Only your ISP has the ability to stop them from hitting your router and they can do that by various packet sniffing techniques. Though I'm sure that's not a free service at all.

The other option you have would be to apply for a new your IP, again that'd involve your ISP but I'm betting that's probably the cheapest and simplest solution. But that assumes that these are legit DOS attacks, specifically targeting your IP and not a range of IP's.

airbornflght

12 Oct 2007, 10:30pm

Well. The router is not doing so hot. I don't think it can handle the load of our network. I'm getting pissed because I need internet. Right now I am the only one in the house online because I am hooked right up to the transceiver :D..

I can't get these guys to spend the money that needs to be spent. I'm getting so pissed off. I <s>am</s> was doing a site for a client. I had it ready to upload and guess what. Internet goes out for 5 days straight. I get a phonecall today so I'm going to end up transfering the domain and all my work to her and she's gonna find someone else. I'm so pissed off. Because she doesn't give a flying **** that my internet has been down for the better part of a week. I feel like I can't go up to these guys and demand things, because I have to live with them and I don't want to make any enemies.

Your Amish Daddy

12 Oct 2007, 10:33pm

RWB

12 Oct 2007, 10:39pm

Looks like torrenting to me, I really don't think it matters if uPnP is disabled.

Lincoln

12 Oct 2007, 10:44pm

airbornflght

12 Oct 2007, 11:27pm

I don't know. I'm trying to pinpoint where all the traffic is coming from. but it is making the consumer netgear router take a **** on itself.I'm starting to think it's not DOS because when I hook myself right up to the transceiver (as I am now) I have no problems.

airbornflght

12 Oct 2007, 11:33pm

See, that's where humans and I differ. I thrive to make enemies. I live in strife. If you've got high amounts of network traffic, and you lack the equipment to handle it, deliver an ultimatum. Chip in 50 bucks for a real switch, or get your own internet.

the switches can handle the traffic. the router can not. We need to get a real router/dhcp server. It's retarded how they don't understand why a consumer router can't handle a medium size business workload.

These routers are designed with consumers in mind. and I don't know any consumer that has 50ish computers running at once. not to mention 10 Xbox 360's on live hammering the bandwidth. This is just ludacris what they are expecting out of it. I told them this would happen.

The only way I know how to get them to pull their head out of their ass is to have a network tech called out here and have them tell it to them and tell 'em exactly what needs to happen. Maybe that will make them pull their heads out of their ass. Or it could make them shove their heads further up and ignore the problem more. From my understanding the network is ~5-10 years old and it hasn't been touched since it went in.

Your Amish Daddy

12 Oct 2007, 11:52pm

Then slowly go through the ip's that incite the most traffic (Some cheap routers will give you this information, others won't) and block it by mac address...

airbornflght

12 Oct 2007, 11:59pm

Then slowly go through the ip's that incite the most traffic (Some cheap routers will give you this information, others won't) and block it by mac address...

The router doesn't give that information. I'd love to throttle everyones traffic to a certain quota. But it only offers the ability to set priority to applications or mac addresses. I'd just like to say no one should exceed 512kbps. That's not exactly fast, but that is fast enough to download most anything they should be downloading within a couple minutes. There just isn't any reason people need to hog the bandwidth on a shared connection.

Because from my reasoning there are one of two things that are happening. It's someone downloading things they shouldn't be downloading. Or. It is those damn Xbox's. If it is the 360's I don't know what I'm going to do. Actually. I don't want to do anything. I get this thing working for a couple days and then it fails again and guess who everyone is bitching at.. I hate it. This isn't my responsibility in the first place. They act like I just want them to spend money and I could make it work if I wanted to.

RWB

13 Oct 2007, 12:18am

If I were you and had a computer with two NIC's I'd setup a partition on my computer with some Linux distro like IPCOP or something that will allow me to use the computer as a router and pinpoint who is causing the issue and tell them they have a virus or stop torrenting. Then once fixed you can set everything back to normal and have your computer useful for you again. Obviously it's someone on the network.

BTW you're frat boys/friends/whomeverthefeck sounds like a group of moronic jackasses. Welcome to my world.

Your Amish Daddy

13 Oct 2007, 12:21am

Man, stop being a nerd like in Revenge of the nerds. Fight back. Stop making us look bad. Break it beyond "fixing" and make them supply parts. ****ers.

Armo

13 Oct 2007, 1:27am

spare machine + smoothwall/IPCop = winrar!

troll

13 Oct 2007, 4:59am

IPCop Is Sweet!
I use it in many places as a content filter... Works like a charm!

airbornflght

13 Oct 2007, 6:25pm

hmm. I do have two lines running into my room. I may have to go get myself another nic. too bad I don't have a spare hard drive. I don't really feel like risking my data. I'll back everything up to my SATA that I store everything else on and try it.

So does IPCOP have a better feature set than smoothwall?

edit. I went and bought a linksys gigabit nic at staples. Not what I would have liked, but hopefully it's up to the task.

Armo

13 Oct 2007, 8:35pm

IPCop was built from people who defected from smoothwall. alot of patches and plugins for IPCop

min requirements - 150mhz computer, 64mb of ram 2gig hdd

kryyst

14 Oct 2007, 3:11am

If your router does QoS make 1 rule and that rule states all traffic is limited to ----- whatever you want to limit it to.

GrayFox

17 Oct 2007, 2:28am

1) Call ISP.

2) Go to cafe with wifi.

3) Repeat steps 1-2 until fixed.

//edit: Wait. WTF are the chances that a teenager's private connection is getting DOS'd? About zero. No one that controls a bot net gives a **** about you or anything you say. I suggest looking for alternate problems, like someone else in the house being an idiot with their file sharing or having a virus.

You have no idea how easy a botnet is to make.... remember that 200kb photoshop on limewire.

There are already premade bot's all you need is a irc channel and a quick compile if you throw some random useless data in there the antivirus nologner finds it.

And to airbornflight
Go with a ipcop firewall/ids/router.

For a network the size you mentioned I reccomend a P3 1GHZ with 512MB of ram and a 9GB SCSI drive.

Your desktop will be gorsly overpowered and you will have to run ipcop as your os.

halo2_god

24 Oct 2007, 8:32pm

Hawk

24 Oct 2007, 10:44pm

How can you stop someone from lagging you out of a game?
I've had 1-2 servers on TF2 that I go to where I get hit with heavy lag only when I start getting heavy kills or when I'm really hitting the other team or intel thief really hard.
Only thing I could do is disconnect and reconnect and it would be good until I got to critical point in chasing/shooting the intel carrier again or hitting a large group with Piro and they would hit me with it again. It was very obvious.
Only happens at critical moments on 1-2 servers.
I pretty much stopped playing those servers.

wthww

25 Oct 2007, 9:07am

I agree totally with RWB. Get an old PC, equip (Hell, I use a P1 200, BUt I'd say that a PIII would do you good) with 512mb RAM, and 2 Network cards. Setup ipcop for red/green style. Crossover cable from modem to ipcop. Crossover cable from ipcop to Switch (<3 IBM, but you could get away with something else) Easypease. Best Part: ipcop comes with builtin traffic shaping, meaning you CAN limit everyones connection down to 512, and then lighten it on higher it as need be, and you can set sertain ports to have higher priority over others. and, Its a great Firewall, and can store as much logs as your hard disk can handle :) As for people being able to access stuff inside from the out, like for hosting stuff on that connection, just add external accesses, at your own risk. Internal system links will still work, of course.

//wthww

GrayFox

4 Nov 2007, 12:20am

LOL, Yeah the ipcop should work but here is something else you said about 10 xboxs what if there playing a self host game like gears of war halo 2 its user host so... If you do a little research and find the ports it needs to host then forward them to something that doesnt exist or just totlay block it off from use so then they cant host. becuase i use to bridge in halo 2 and i would see 100's of ips trying to connect but i would block them out :)

The LAST thing he should be doing if forwarding ports for people on the network or using unpn.

CLIENTS CANNOT BE TRUSTED.

use something like cain and abel (anti virus thinks its a virus but isnt) and a firewall(you could make it so that they couldnt join a game or do anything. block halos and gears of wars servers so they cant go online in that game hahaha.). bridge the xbox and your computer mess with them lag em out in the middle of games until there so pissed off they throw the money at you.

Cain & Abel is a script kiddie tool, A very noob one at that. It has no legitimate purpose and should never be ran on a public network. Its only real purpose is cracking password hashes & arp cache poisoning.

Thats one reason these ips are probaly all over the place in one game i checked ever country i saw some one from prog another from mexico lol and even some one from hawi. So that could be one reason. heres my 2 cents

Were aware of the internet, Hes under a syn flood, He should be immune if his router has a spi firewall.

I agree totally with RWB. Get an old PC, equip (Hell, I use a P1 200, BUt I'd say that a PIII would do you good) with 512mb RAM, and 2 Network cards. Setup ipcop for red/green style. Crossover cable from modem to ipcop. Crossover cable from ipcop to Switch (<3 IBM, but you could get away with something else) Easypease. Best Part: ipcop comes with builtin traffic shaping, meaning you CAN limit everyones connection down to 512, and then lighten it on higher it as need be, and you can set sertain ports to have higher priority over others. and, Its a great Firewall, and can store as much logs as your hard disk can handle :) As for people being able to access stuff inside from the out, like for hosting stuff on that connection, just add external accesses, at your own risk. Internal system links will still work, of course.

//wthww

He mentioned before in another thread that he was running this on fairly large size network. Hence why I recommended what I did. Also he should setup a transparent proxy and block traffic regarding script kiddie tools such as cain & abel. Also he should have a dedicated client machine that sits there logging any changes to the arp (ipcop will log major changes by default). This will allow him to detect arp cache poisoner's and track them down.

Also one VERY VERY critical thing to do is map out what port on the switch goes to what area and to setup vlans, This will limit traffic within there own network's and allow easier management and detection of someone running script kiddie attacks. You can check the switches logs to see what mac was on what port and then you will know where they were. Also if you get a arp cache poisoner you will know what network was compromised at what time and beable to quickly compare it to the switches logs to see exactly who was doing it.