OCAU News - Wiki - QuickLinks - Pix - Sponsors
|
OCAU News - Wiki - QuickLinks - Pix - Sponsors |
|
|||||||
| Notices |
|
Sign up for a free OCAU account and this ad will go away! Search our forums with Google: |
 |
|
|
Thread Tools |
17th November 2012, 6:57 PM
|
#1 |
|
Member
Join Date: Sep 2012
Location: Gold Coast, Queensland
Posts: 33
|
Im being hit with DoS scans / attacks like crazy
so my router log is showing all these scans and attacks from different ips i live pretty woop woop no one would be in range of our wireless n even so its locked. im curious to what these means and why is it cause my net speed to slow right down to dial up like speeds and even quite frequently causing the net to drop out.
heres what the logs look like: (note i recently restarted it which wipes the logs but we get 100s of these a day) [DoS attack: ACK Scan] from source: 161.69.199.7:443 Saturday, November 17,2012 07:54:22 [DoS attack: ACK Scan] from source: 161.69.199.7:443 Saturday, November 17,2012 07:52:54 [Time synchronized with NTP server time-h.netgear.com] Saturday, November 17,2012 07:52:14 [DoS attack: ACK Scan] from source: 161.69.199.7:443 Saturday, November 17,2012 07:52:11 [DoS attack: ACK Scan] from source: 161.69.199.7:443 Saturday, November 17,2012 07:51:49 [DoS attack: ACK Scan] from source: 161.69.199.7:443 Saturday, November 17,2012 07:51:28 [Internet connected] IP address: 121.222.187.185 Saturday, November 17,2012 07:50:47 [DSL: Up] Saturday, November 17,2012 07:49:39 [DHCP IP: (192.168.0.5)] to MAC address 94:44:52:89:FF:89 Saturday, November 17,2012 07:49:12 [UPnP set event:AddPortMapping] from source 192.168.0.4 Saturday, November 17,2012 07:49:07 [DHCP IP: (192.168.0.4)] to MAC address 00:24:8D:21:AA:24 Saturday, November 17,2012 07:49:07 [admin login] from source 192.168.0.2 Saturday, November 17,2012 07:49:04 [DHCP IP: (192.168.0.3)] to MAC address 00:15:B7:1F:C1:F3 Saturday, November 17,2012 07:48:47 [DHCP IP: (192.168.0.2)] to MAC address 50:E5:49:54:5D:62 Saturday, November 17,2012 07:48:41 [Initialized, firmware version: V1.1.00.08_1.00.08 ] Saturday, November 17,2012 07:48:23 HELP PLEASE :S
__________________
'Because im the hero Chernagorsk needs, but not the hero it deserves' Rig: Intel 2500k @4.2 w/ Tower Heatsink, Gigabyte Z68XP-UD3, 4gb 1600mhz + 4gb 1333mhz RipJaws, Galaxy GTX 560 Ti OC, Agility 3 SSD, 1.5 TB green WD. |
|
|
| Join OCAU to remove this ad! |
|
17th November 2012, 7:00 PM
|
#2 | |
|
Member
Join Date: Apr 2010
Location: NOPE
Posts: 2,651
|
Let your ISP know you are being DDoSed. Do you have a static IP? If you don't, powercycle your modem and leave it off for a good 30 seconds. You should get a new IP and whoever is targeting you should lose you.
Then you can try and figure out who you pissed off.
__________________
This comment sponsored and endorsed by looktall Quote:
|
|
|
|
|
|
17th November 2012, 7:06 PM
|
#3 | |
|
Member
Join Date: Feb 2010
Location: Victoria, Maldon
Posts: 731
|
Whoever it is is located in Santa Clara, California.
I've a feeling it's a shell-based attack (think that's the name. Upload PHP shell, use it to Ssyn/UDP flood an address), as most of the servers I've come across in my shitty history of being DDoSED, come from around there. Edit: Do you have McAffee Installed? NetRange: 161.69.0.0 - 161.69.255.255 CIDR: 161.69.0.0/16 OriginAS: NetName: NETWORK-ASSOCIATES-INC NetHandle: NET-161-69-0-0-1 Parent: NET-161-0-0-0-0 NetType: Direct Assignment RegDate: 1992-06-15 Updated: 2010-04-21 Ref: http://whois.arin.net/rest/net/NET-161-69-0-0-1 OrgName: McAfee, Inc. OrgId: MCAFE-2 Address: 3965 Freedom Circle City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2006-07-05 Updated: 2011-09-24 Ref: http://whois.arin.net/rest/org/MCAFE-2 OrgTechHandle: INO25-ARIN OrgTechName: McAfee Network Operations OrgTechPhone: +1-408-346-5200 OrgTechEmail: netadmin (at) mcafee.com OrgTechRef: http://whois.arin.net/rest/poc/INO25-ARIN OrgAbuseHandle: INO25-ARIN OrgAbuseName: McAfee Network Operations OrgAbusePhone: +1-408-346-5200 OrgAbuseEmail: netadmin (at) mcafee.com OrgAbuseRef: http://whois.arin.net/rest/poc/INO25-ARIN
__________________
Succesfull trades: Here $5688 Total trades Quote:
|
|
|
|
|
|
17th November 2012, 7:09 PM
|
#4 |
|
Member
Join Date: Sep 2012
Location: Gold Coast, Queensland
Posts: 33
|
i don't anymore on this PC i use to a while ago, Not sure about the other computers in the house. so should i ring this number and report it or?
__________________
'Because im the hero Chernagorsk needs, but not the hero it deserves' Rig: Intel 2500k @4.2 w/ Tower Heatsink, Gigabyte Z68XP-UD3, 4gb 1600mhz + 4gb 1333mhz RipJaws, Galaxy GTX 560 Ti OC, Agility 3 SSD, 1.5 TB green WD. |
|
|
|
|
17th November 2012, 7:10 PM
|
#5 | |
|
Member
Join Date: Jul 2001
Location: Canberra, ACT
Posts: 7,830
|
doubt it is a DoS... more likely a port scan
ignore and get on with your life
__________________
Quote:
|
|
|
|
|
|
17th November 2012, 7:16 PM
|
#6 |
|
Member
Join Date: Sep 2012
Location: Gold Coast, Queensland
Posts: 33
|
i would go on with my life but i'm having major net issues with my net dropping multipal times per day like 10-20 with 100s of these logged always around the time of the speeds being slowed down to dial up or lower and it dropping out.
__________________
'Because im the hero Chernagorsk needs, but not the hero it deserves' Rig: Intel 2500k @4.2 w/ Tower Heatsink, Gigabyte Z68XP-UD3, 4gb 1600mhz + 4gb 1333mhz RipJaws, Galaxy GTX 560 Ti OC, Agility 3 SSD, 1.5 TB green WD. |
|
|
|
|
17th November 2012, 8:24 PM
|
#7 | |
|
Member
Join Date: Jul 2006
Location: WA
Posts: 2,788
|
Cant you block them?
__________________
Quote:
|
|
|
|
|
|
19th November 2012, 6:26 PM
|
#8 |
|
D'oh!
Join Date: Jan 2002
Location: Keep it up! :D
Posts: 90,001
|
Interesting! I've been having a couple of issues recently with slow cable connection, only fixable with a modem reboot....maybe this is the cause?
__________________
Co2 is weightless apparently. Be careful what you vote for. Howard on the economy: ''When the Prime Minister and the Treasurer and others tell you that the Australian economy is doing better than most – they are right,'' Asked how cash payments of baby bonus and school bonus are any different, Opposition Leader tony abbott says 'well look, they just are.' 
|
|
|
|
|
19th November 2012, 7:16 PM
|
#9 |
|
Member
Join Date: Mar 2008
Location: perth
Posts: 1,197
|
mmmmm
since seeing this i looked at my router and found 11/19/2012 17:58:12 **Smurf** 222.67.213.0, 12500->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 17:47:00 **Smurf** 212.98.184.255->> 10.1.1.7, Type:3, Code:3 (from LAN1 Outbound) 11/19/2012 17:36:41 **Smurf** 210.195.239.0, 14602->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 17:29:52 **Smurf** 213.87.132.255, 27294->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 17:18:30 **Smurf** 222.67.213.0, 12500->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 17:07:13 NTP Date/Time updated. 11/19/2012 17:00:25 **Smurf** 208.103.249.0, 6881->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 16:54:58 **Smurf** 222.67.213.0, 12500->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 16:42:40 **Smurf** 201.167.19.0, 20981->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 16:33:35 **Smurf** 210.195.239.0, 14602->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 16:15:29 **Smurf** 202.152.86.0, 2277->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 16:03:48 **Smurf** 210.195.239.0, 14602->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 15:54:44 **Smurf** 222.67.213.0, 12500->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 15:50:15 **Smurf** 213.138.80.0, 57175->> 10.1.1.7, 6881 (from PPPoE1 Inbound) 11/19/2012 15:50:05 sending ACK to 10.1.1.4 i have ZERO idea! considering its a wired network the only thing i know is that 10.1.1.7 is my nas box!
__________________
yes this an overclockers forum no my pc is not overclocked! 
|
|
|
|
|
19th November 2012, 8:46 PM
|
#10 |
|
Member
Join Date: Jun 2006
Posts: 472
|
you nas may be running a torrent client listening on port 6881
__________________
CHIPS |
|
|
|
|
19th November 2012, 8:53 PM
|
#11 | |
|
Member
Join Date: Mar 2008
Location: perth
Posts: 1,197
|
Quote:
it does have a torrent client which i dont use and have now disabled cheers!
__________________
yes this an overclockers forum no my pc is not overclocked!
|
|
|
|
|
|
19th November 2012, 9:19 PM
|
#12 | |
|
Member
Join Date: Mar 2002
Location: Melbourne
Posts: 6,124
|
Quote:
__________________
I'm responsible for what I say. I'm not responsible for what you understand. |
|
|
|
|
|
19th November 2012, 9:38 PM
|
#13 | |
|
D'oh!
Join Date: Jan 2002
Location: Keep it up! :D
Posts: 90,001
|
Quote:
__________________
Co2 is weightless apparently. Be careful what you vote for. Howard on the economy: ''When the Prime Minister and the Treasurer and others tell you that the Australian economy is doing better than most – they are right,'' Asked how cash payments of baby bonus and school bonus are any different, Opposition Leader tony abbott says 'well look, they just are.'
|
|
|
|
|
|
20th November 2012, 12:23 AM
|
#14 |
|
Member
Join Date: Aug 2006
Location: Brisbane, QLD
Posts: 405
|
Install pfsense on an old computer, configure it to block ip's that try and scan for open port or whatever after 10 connections or so. Load some black lists on there too.
|
|
|
|
|
20th November 2012, 12:25 AM
|
#15 |
|
Member
Join Date: Oct 2005
Posts: 1,789
|
hmm no offence but this should not be a front page linked thread. "my firewall says i'm getting attacked" isn't OCAU front page caliber, i hope.
|
|
|
|
|
| Bookmarks |
|
Sign up for a free OCAU account and this ad will go away! |
| Thread Tools | |
|
|
