Do these recent Netgear DoS attack messages concern you

Discussion in 'Wireless Internet' started by Elechi Amadi, Aug 12, 2014.

  1. Elechi Amadi

    Elechi Amadi Guest

    Do these recent Netgear DoS attack messages concern you
    [DoS attack: FIN Scan] attack packets in last 20 sec from ip [96.17.148.8], Monday, Aug 11,2014 05:28:45
    [DoS attack: Smurf] attack packets in last 20 sec from ip [113.88.232.255], Sunday, Aug 10,2014 11:22:14

    I am not in the habit of looking at my Netgear router log files
    but I just happened to look and saw those two activities.

    Does that mean the router protected me and they didn't get in?
    How did they get past the firewall?
     
    Elechi Amadi, Aug 12, 2014
    #1
    1. Advertisements

  2. Elechi Amadi

    Elechi Amadi Guest

    I also see very many of these types:
    [LAN access from remote] from 209.170.124.118:3075 to 192.168.1.3:3074, Tuesday, Aug 12,2014 01:43:44
    [LAN access from remote] from 108.45.144.8:3074 to 192.168.1.3:3074, Tuesday, Aug 12,2014 01:40:50
    [LAN access from remote] from 99.36.167.174:3074 to 192.168.1.3:3074, Tuesday, Aug 12,2014 01:40:50

    Is a LAN access an actual remote log in?
    Or is it just an "attempt" that failed?

    (There are dozens of these, from many IP addresses.)
    209.170.124.118:3075
    108.45.144.8:3074
    99.36.167.174:3074
    121.106.129.32:3074
    178.84.70.34:3074
    173.56.240.84:3074
    97.117.184.95:3074
    70.67.255.19:3074
    76.114.14.244:3074
    76.14.219.149:3074
    68.224.145.151:3074
    64.92.6.136:3074
    69.62.177.107:3074
    68.227.12.157:55042
    108.0.102.210:3074
    67.174.243.80:3074
    24.5.215.179:3074
    67.61.57.78:3074
    76.164.101.12:3074
    98.112.100.125:3074
    209.170.124.118:3075
    209.170.124.118:3075

    Are these actual breaches of security?
     
    Elechi Amadi, Aug 12, 2014
    #2
    1. Advertisements

  3. You are confusing too many things.

    To "log in", you must "log in" into something. While one could
    conceivably log into a LAN, mass IT equipment does not normally have that
    capability (as in, they would have nowhere to "log in" into a LAN).

    "LAN access" means that someone is able to send packets into the LAN
    (read: send them to hosts on the LAN) and receive packets from the LAN.

    According to the logs you posted, on several/numerous occasions, your
    router "patched" an outside host to a host on the inside. Whether this is
    a problem or not depends on whether that particular host (192.168.1.3) is
    supposed to be taking inbound connections. Is it?
    A breach means that an attacker managed to get past the perimeter. The
    above logs show that a connection (presumably initiated from the outside)
    was established on several/many occasions. Again, whether this is a
    problem or not depends on whether this is supposed to happen. What is
    192.168.1.3? Is it an XBox? Playstation? A PC running a torrent program?
    A smartphone running the Skype app? One of those "plug servers", like a
    Raspberry Pi or a Sheeva? Is it a media server? A file server? A web
    server designed to take in traffic from the outside? There are many
    options.

    As for a little more color on what is happening, look at the ports they
    are trying to connect to:

    $grep '[[:space:]]3074/' /etc/services
    xbox 3074/tcp # Xbox game port
    xbox 3074/udp # Xbox game port

    Someone is (presumably) looking for XBoxen. Maybe they just want to play?
     
    Aleksandar Kuktin, Aug 12, 2014
    #3
  4. Elechi Amadi

    Elechi Amadi Guest

    It's a Windows XP laptop. It's not "supposed" to be doing anything.
    So, I'm not sure what the router "patched", but, whatever it did,
    it shouldn't have done.

    Is this a problem with Netgear? Should I have gotten a different
    router that doesn't patch?
     
    Elechi Amadi, Aug 12, 2014
    #4
  5. Elechi Amadi

    Elechi Amadi Guest

    Actually, I just looked and that IP address is no longer
    on my system. So, I don't really know "what" it was.
     
    Elechi Amadi, Aug 12, 2014
    #5
  6. Elechi Amadi wrote, on Tue, 12 Aug 2014 14:41:36 -0500:
    Seems to me your computer is unwittingly part of a botnet.
    At this point, the only thing you *can* do is wipe out
    the operating system.

    And flash the router to make sure they're not infecting
    your router firmware.
     
    Helmer Bengtsson, Aug 13, 2014
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.