****ing DOS attacks
airbornflght
Houston, TX Icrontian
Ok. I have about 300 emails in my inbox from my router. I have it set to email me when the log fills. Apparently we have been getting DOS'd. Which could explain why out internet has been flaky. Old router didn't have a firewall or any protection.
Here is one of the logs. What can I do about this. It's kinda pissing me off. I see no reason why we are even worthy of being DOS'd.
Here is one of the logs. What can I do about this. It's kinda pissing me off. I see no reason why we are even worthy of being DOS'd.
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:51:34 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [142.217.89.70], Thursday, 11 Oct 2007 19:51:34 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.27.166], Thursday, 11 Oct 2007 19:51:33 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:33 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:51:33 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [74.139.95.233], Thursday, 11 Oct 2007 19:51:33 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.147], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.203.135.185], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.193.7.234], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [207.46.110.90], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.110.90], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [89.211.228.113], Thursday, 11 Oct 2007 19:51:32 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:51:32 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.110.90], Thursday, 11 Oct 2007 19:51:31 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.24.135], Thursday, 11 Oct 2007 19:51:31 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.159], Thursday, 11 Oct 2007 19:51:31 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [72.155.119.110], Thursday, 11 Oct 2007 19:51:31 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [87.105.22.246], Thursday, 11 Oct 2007 19:51:30 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:30 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.175], Thursday, 11 Oct 2007 19:51:30 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:30 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.223], Thursday, 11 Oct 2007 19:51:30 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.231], Thursday, 11 Oct 2007 19:51:29 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:29 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:28 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:51:28 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [89.26.184.42], Thursday, 11 Oct 2007 19:51:28 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.59], Thursday, 11 Oct 2007 19:51:28 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [72.155.119.110], Thursday, 11 Oct 2007 19:51:28 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.12.15.73], Thursday, 11 Oct 2007 19:51:27 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.12], Thursday, 11 Oct 2007 19:51:27 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:27 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [87.105.22.246], Thursday, 11 Oct 2007 19:51:27 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.203.135.185], Thursday, 11 Oct 2007 19:51:26 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.145.146], Thursday, 11 Oct 2007 19:51:26 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.231], Thursday, 11 Oct 2007 19:51:26 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [85.139.94.102], Thursday, 11 Oct 2007 19:51:26 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:51:25 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [87.105.22.246], Thursday, 11 Oct 2007 19:51:25 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.178.30.216], Thursday, 11 Oct 2007 19:51:25 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.94.116.135], Thursday, 11 Oct 2007 19:51:25 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.135.186.157], Thursday, 11 Oct 2007 19:51:25 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [70.74.30.125], Thursday, 11 Oct 2007 19:51:24 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:24 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:24 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [139.78.132.32], Thursday, 11 Oct 2007 19:51:23 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.63.5.75], Thursday, 11 Oct 2007 19:51:23 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:23 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [92.80.30.242], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:23 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:51:22 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [89.26.184.42], Thursday, 11 Oct 2007 19:51:22 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:22 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:51:22 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:22 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.75], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [82.13.87.184], Thursday, 11 Oct 2007 19:51:21 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:21 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.24], Thursday, 11 Oct 2007 19:51:21 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.71], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [77.251.196.18], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [220.239.226.217], Thursday, 11 Oct 2007 19:51:21 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:51:20 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [59.92.242.215], Thursday, 11 Oct 2007 19:51:20 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:51:20 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.24], Thursday, 11 Oct 2007 19:51:20 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.24.135], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.24], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.159], Thursday, 11 Oct 2007 19:51:19 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:19 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.143.70.77], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.16], Thursday, 11 Oct 2007 19:51:19 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.63.5.75], Thursday, 11 Oct 2007 19:51:17 [DHCP IP: (192.168.1.16)] to MAC address 00:19:B9:7D:86:B7, Thursday, 11 Oct 2007 19:51:17 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.26.188.16], Thursday, 11 Oct 2007 19:51:17 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:51:16 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:16 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:51:15 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.171], Thursday, 11 Oct 2007 19:51:15 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:15 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.63.5.75], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.192.9.76], Thursday, 11 Oct 2007 19:51:14 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.69.64.253], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:14 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [68.228.145.152], Thursday, 11 Oct 2007 19:51:14 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:13 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.24.135], Thursday, 11 Oct 2007 19:51:13 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.159], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [86.125.166.235], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:13 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.191.92.114], Thursday, 11 Oct 2007 19:51:12 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.121.159], Thursday, 11 Oct 2007 19:51:12 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:11 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:10 [Admin login] from source 192.168.1.4, Thursday, 11 Oct 2007 19:51:10 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:10 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:10 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.171], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:51:09 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.71], Thursday, 11 Oct 2007 19:51:09 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:51:08 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:08 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.27.166], Thursday, 11 Oct 2007 19:51:08 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.147], Thursday, 11 Oct 2007 19:51:08 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:08 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:51:07 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.93], Thursday, 11 Oct 2007 19:51:07 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.97], Thursday, 11 Oct 2007 19:51:07 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:07 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:51:07 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [12.210.253.103], Thursday, 11 Oct 2007 19:51:07 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [77.251.196.18], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.160], Thursday, 11 Oct 2007 19:51:06 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [208.10.23.155], Thursday, 11 Oct 2007 19:51:06 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.130], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:51:06 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:05 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:05 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:51:05 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.143.70.77], Thursday, 11 Oct 2007 19:51:05 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:04 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:04 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.79.10.85], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [189.11.10.2], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [88.153.183.229], Thursday, 11 Oct 2007 19:51:03 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:03 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.71], Thursday, 11 Oct 2007 19:51:03 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.155.193.185], Thursday, 11 Oct 2007 19:51:03 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.66.117.144], Thursday, 11 Oct 2007 19:51:02 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:51:02 [DHCP IP: (192.168.1.12)] to MAC address 00:0B:7D:17:03:B2, Thursday, 11 Oct 2007 19:51:02 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.121.76], Thursday, 11 Oct 2007 19:51:02 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [92.80.30.242], Thursday, 11 Oct 2007 19:51:02 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:51:01 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.134.85], Thursday, 11 Oct 2007 19:51:01 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:51:01 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:51:01 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [24.209.103.84], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:51:00 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [75.93.8.235], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:51:00 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [86.135.186.157], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.94.116.135], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.145.146], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:51:00 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.178.30.216], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.192.9.76], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [63.240.202.128], Thursday, 11 Oct 2007 19:50:59 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [59.92.242.215], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.155.193.185], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [84.197.199.181], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [194.116.157.60], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [220.239.226.217], Thursday, 11 Oct 2007 19:50:58 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [89.32.123.94], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [68.228.145.152], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:50:57 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:50:57 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:50:57 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:50:56 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [210.79.181.103], Thursday, 11 Oct 2007 19:50:56 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.226.238.240], Thursday, 11 Oct 2007 19:50:56 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:50:56 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.121.159], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:50:55 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [216.143.70.77], Thursday, 11 Oct 2007 19:50:55 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [64.86.32.146], Thursday, 11 Oct 2007 19:50:54 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [86.125.166.235], Thursday, 11 Oct 2007 19:50:54 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:50:53 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [209.133.122.49], Thursday, 11 Oct 2007 19:50:53 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:50:53 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:53 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [64.86.32.146], Thursday, 11 Oct 2007 19:50:53 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.250.183.104], Thursday, 11 Oct 2007 19:50:52 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [213.192.64.210], Thursday, 11 Oct 2007 19:50:52 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [92.80.30.242], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.192.9.76], Thursday, 11 Oct 2007 19:50:51 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [80.130.101.126], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [81.107.34.250], Thursday, 11 Oct 2007 19:50:51 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:51 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:50:51 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:50:50 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:50 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.58.50.18], Thursday, 11 Oct 2007 19:50:50 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:50:49 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [38.100.25.96], Thursday, 11 Oct 2007 19:50:49 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [71.79.10.85], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [99.240.175.163], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [88.153.183.229], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [208.10.29.235], Thursday, 11 Oct 2007 19:50:49 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:50:49 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:50:49 [LAN access from remote] from 76.198.245.64:2388 to 192.168.1.4:8080 Thursday, 11 Oct 2007 19:50:48 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [189.136.206.103], Thursday, 11 Oct 2007 19:50:48 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [24.209.103.84], Thursday, 11 Oct 2007 19:50:48 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [59.92.242.215], Thursday, 11 Oct 2007 19:50:48 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [64.94.116.135], Thursday, 11 Oct 2007 19:50:47 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [201.62.140.220], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [38.100.26.36], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [68.81.216.4], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [204.111.220.178], Thursday, 11 Oct 2007 19:50:47 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [72.14.253.91], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [209.133.122.111], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [80.178.30.216], Thursday, 11 Oct 2007 19:50:47 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [201.52.115.231], Thursday, 11 Oct 2007 19:50:45 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [190.46.207.87], Thursday, 11 Oct 2007 19:50:45 [Time synchronized with NTP server] Thursday, 11 Oct 2007 19:50:44 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [87.207.3.12], Thursday, 11 Oct 2007 19:50:44 [DOS attack: FIN Scan] attack packets in last 20 sec from ip [64.86.32.122], Thursday, 11 Oct 2007 19:50:43 [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.46.27.166], Thursday, 11 Oct 2007 19:50:43 [Internet connected] IP address: xxx.xxx.229.202, Thursday, 11 Oct 2007 19:50:43 [Initialized, firmware version: V1.0.22_1.0.22NA] Thursday, 11 Oct 2007 19:50:43
0
Comments
use firewall
have a beer
smile.
I have a hardware firewall.
The internet isn't going down or anything. I was looking for a way to make it stop. i.e. in war when someone starts shooting at you, you not only fortify your walls but fire back and neutralize the threat.
I have fortified my walls, now I'd like to neutralize my enemy:D
i'm no network expert. block the IP's maybe.
disconnecting from the internet isn't exactly feasible.
Not really much can be done... contact your ISP and show them your log files. The IP's or packet filters would have to be blocked/applied upstream (at the ISP NOC) before the packets get to you to make any difference.
Retaliation is NOT an option as the boxes attacking yours are just robots.... (A 13 yr old kid just enters your ip number on an IRC channel and some 400 waiting boxes start attacking you...)
If you have cable get a temp dsl connection or vice versa till the attack blows over...
Unplug your intersqwebs.
Its still flooding your download your firewall shouldn't be responding to them.
Also if these are logs ids you might just be getting false positives by someone running bit torrent on your network. (Mine gets full of them when I run bit torrent)
Someone on the network might have pissed off a script kiddie with a botnet (Retaliation like this was really popular in an online game I use to play called deus ex) if so it will blow over in a week.
I'm pretty sure we're hitting this router pretty hard as far as how much traffic we're putting through it.
The bottom line is that you can only secure behind your firewall. Only your ISP has the ability to stop them from hitting your router and they can do that by various packet sniffing techniques. Though I'm sure that's not a free service at all.
The other option you have would be to apply for a new your IP, again that'd involve your ISP but I'm betting that's probably the cheapest and simplest solution. But that assumes that these are legit DOS attacks, specifically targeting your IP and not a range of IP's.
I can't get these guys to spend the money that needs to be spent. I'm getting so pissed off. I <s>am</s> was doing a site for a client. I had it ready to upload and guess what. Internet goes out for 5 days straight. I get a phonecall today so I'm going to end up transfering the domain and all my work to her and she's gonna find someone else. I'm so pissed off. Because she doesn't give a flying **** that my internet has been down for the better part of a week. I feel like I can't go up to these guys and demand things, because I have to live with them and I don't want to make any enemies.
2) Go to cafe with wifi.
3) Repeat steps 1-2 until fixed.
//edit: Wait. WTF are the chances that a teenager's private connection is getting DOS'd? About zero. No one that controls a bot net gives a **** about you or anything you say. I suggest looking for alternate problems, like someone else in the house being an idiot with their file sharing or having a virus.
the switches can handle the traffic. the router can not. We need to get a real router/dhcp server. It's retarded how they don't understand why a consumer router can't handle a medium size business workload.
These routers are designed with consumers in mind. and I don't know any consumer that has 50ish computers running at once. not to mention 10 Xbox 360's on live hammering the bandwidth. This is just ludacris what they are expecting out of it. I told them this would happen.
The only way I know how to get them to pull their head out of their ass is to have a network tech called out here and have them tell it to them and tell 'em exactly what needs to happen. Maybe that will make them pull their heads out of their ass. Or it could make them shove their heads further up and ignore the problem more. From my understanding the network is ~5-10 years old and it hasn't been touched since it went in.
The router doesn't give that information. I'd love to throttle everyones traffic to a certain quota. But it only offers the ability to set priority to applications or mac addresses. I'd just like to say no one should exceed 512kbps. That's not exactly fast, but that is fast enough to download most anything they should be downloading within a couple minutes. There just isn't any reason people need to hog the bandwidth on a shared connection.
Because from my reasoning there are one of two things that are happening. It's someone downloading things they shouldn't be downloading. Or. It is those damn Xbox's. If it is the 360's I don't know what I'm going to do. Actually. I don't want to do anything. I get this thing working for a couple days and then it fails again and guess who everyone is bitching at.. I hate it. This isn't my responsibility in the first place. They act like I just want them to spend money and I could make it work if I wanted to.
BTW you're frat boys/friends/whomeverthefeck sounds like a group of moronic jackasses. Welcome to my world.
I use it in many places as a content filter... Works like a charm!
So does IPCOP have a better feature set than smoothwall?
edit. I went and bought a linksys gigabit nic at staples. Not what I would have liked, but hopefully it's up to the task.
min requirements - 150mhz computer, 64mb of ram 2gig hdd
whatever you want to limit it to.
You have no idea how easy a botnet is to make.... remember that 200kb photoshop on limewire.
There are already premade bot's all you need is a irc channel and a quick compile if you throw some random useless data in there the antivirus nologner finds it.
And to airbornflight
Go with a ipcop firewall/ids/router.
For a network the size you mentioned I reccomend a P3 1GHZ with 512MB of ram and a 9GB SCSI drive.
Your desktop will be gorsly overpowered and you will have to run ipcop as your os.
I've had 1-2 servers on TF2 that I go to where I get hit with heavy lag only when I start getting heavy kills or when I'm really hitting the other team or intel thief really hard.
Only thing I could do is disconnect and reconnect and it would be good until I got to critical point in chasing/shooting the intel carrier again or hitting a large group with Piro and they would hit me with it again. It was very obvious.
Only happens at critical moments on 1-2 servers.
I pretty much stopped playing those servers.
//wthww
The LAST thing he should be doing if forwarding ports for people on the network or using unpn.
CLIENTS CANNOT BE TRUSTED.
Cain & Abel is a script kiddie tool, A very noob one at that. It has no legitimate purpose and should never be ran on a public network. Its only real purpose is cracking password hashes & arp cache poisoning.
Were aware of the internet, Hes under a syn flood, He should be immune if his router has a spi firewall.
He mentioned before in another thread that he was running this on fairly large size network. Hence why I recommended what I did. Also he should setup a transparent proxy and block traffic regarding script kiddie tools such as cain & abel. Also he should have a dedicated client machine that sits there logging any changes to the arp (ipcop will log major changes by default). This will allow him to detect arp cache poisoner's and track them down.
Also one VERY VERY critical thing to do is map out what port on the switch goes to what area and to setup vlans, This will limit traffic within there own network's and allow easier management and detection of someone running script kiddie attacks. You can check the switches logs to see what mac was on what port and then you will know where they were. Also if you get a arp cache poisoner you will know what network was compromised at what time and beable to quickly compare it to the switches logs to see exactly who was doing it.