[DoS Attack: ACK Scan]

Status
Not open for further replies.

lyecdevf

In Runtime
Messages
218
I loged today some attacks on my router. One of the IPs apparently belongs to facebook and the other one seems to come from Michelin. What should I make of this?

[DoS Attack: ACK Scan] from source: 212.11.63.254, port 80, Tuesday, September 08,2009 10:22:32
[DoS Attack: ACK Scan] from source: 69.63.186.38, port 80, Tuesday, September 08,2009 10:22:09
 

lyecdevf

In Runtime
Messages
218
I have a stupid Netgeat WPN824v3 rangemax router and I do not have a lot of options like firewall rules, protocol rules,...So there is nothing that I can really do! I am trying to fight back by port scanning the attackers but recently the IPs that are showing up seem to be from legitimate sites so I am having problems understanding that! I am not really paranoid but what kind of a security solution would be recommended?
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Upgrade the firmware if needed

Answer

Then look thru the setup manual and look for security, etc to see what your options are.
 

lyecdevf

In Runtime
Messages
218
The firmware at the moment is:

Firmware Version V1.0.7_1.0.8

Well I check and I noticed that it has protocol filter so I could block certain ports. Any way I think that it has a pretty good security but one thing I still do not understand is the logs. Why do I only get the Re: [DoS Attack: ACK Scan] type? Does it interpret every wired packet as that and is not able to differentiate between lets say a ping of death and a tear drop attack?
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
This is nothing. Just bot's port scanning the Internet. ACK and FIN are both scanning techniques to help identify vulnerable servers behind routers/firewalls, with SYN scans being the most common. That wouldn't affect your speed at all though. If it was truly a (D)DoS you wouldn't even be able to access your routers web logs, as it would be out of resources. It's perfectly normal... you can't stop infected computers from port scanning. A normal packet is what, 1600 bytes if full and not fragmented, so if you do the math on it...a few thousand port scanning packets will not affect your bandwidth in any way shape or form.
 

lyecdevf

In Runtime
Messages
218
Would it be possible for computer of companies like yahoo, michelin,...be infected with such bots because I am geting these sort of attacks from those IPs? I always thought that there security is so good that nothing like that could happen to that and bot infections happened only to personal computers.
 

Osiris

Golden Master
Messages
36,817
Location
Kentucky
Security is never 100%, there are always ways around it. The US Government was hacked many times.
 
Status
Not open for further replies.
Top Bottom