xlr8r Posted March 11, 2018 Share Posted March 11, 2018 never seen this happen on any router I have owned...until now...? [DoS Attack: SYN/ACK Scan] from source: 51.255.162.49, port 80, Sunday, March 11, 2018 20:27:20 Plus many more (France, Michigan, California Hong Kong, Bejing etc etc) in logs (around 25 +) Genuine attacks... or bogus....? Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted March 11, 2018 Administrators Share Posted March 11, 2018 These are very common - it shows your router's firewall is doing its job. More info here if you are interested: https://www.computing.net/answers/networking/how-common-are-dos-attack-synack-scan-found-on-router-logs/52549.html https://community.netgear.com/t5/Nighthawk-WiFi-Routers/is-this-wierd-DoS-Attack-SYN-ACK-Scan/td-p/1195389 Link to comment Share on other sites More sharing options...
N3CR0 Posted March 11, 2018 Share Posted March 11, 2018 I'm getting loads too. Like Duma Admin said, its just showing the firewalls doing its job. It worried me a little too til I Googled about it and found its normal. Link to comment Share on other sites More sharing options...
xlr8r Posted March 11, 2018 Author Share Posted March 11, 2018 rebooted router to reset my IP will continue to monitor did notice weird issues (slow) yesterday and today when browsing... hopefully not related to DDOS msgs... Link to comment Share on other sites More sharing options...
Administrators Netduma Admin Posted March 11, 2018 Administrators Share Posted March 11, 2018 rebooted router to reset my IP will continue to monitor did notice weird issues (slow) yesterday and today when browsing... hopefully not related to DDOS msgs... It won't be due to that. More likely it's your ISP on a busy Sunday! Obviously make sure you Anti-Bufferbloat is set to Always if you think you might have congestion issues. Link to comment Share on other sites More sharing options...
xlr8r Posted March 11, 2018 Author Share Posted March 11, 2018 ...rebooted router, no more DOS attack entries present. thanks Link to comment Share on other sites More sharing options...
Dcm12 Posted April 12, 2018 Share Posted April 12, 2018 hi as admin says router firewall is working this was one ip i checked from my XR500 LOG further digging UKRAIN then BAHRAIN There's a web site call blutmagie.de that shows the bandwidth for various TOR nodes. https://torstatus.blutmagie.de/ According to them, one of the fastest TOR nodes right now is "185.170.41.8". There's no registered hostname. And although it is one of the fastest, it is also marked as "hibernating". So my first question is: how can it be hibernating while also being one of the fastest nodes? Then there's the registration information for this node. https://www.whois.com/whois/185.170.41.8 take a look at some of your log ip . It says it's in Panama (country PA), but it registered through RIPE. (RIPE is for Europe, not central or south america. The registrant for Panama should be LACNIC.) It also says it is registered to "Trump Tower". inetnum: 185.170.41.0 - 185.170.41.255 org: ORG-OA825-RIPE netname: OKSERVERS country: PA admin-c: OL2665-RIPE tech-c: OL2665-RIPE status: ASSIGNED PA mnt-by: CYBR-DMZ created: 2017-01-31T19:51:49Z last-modified: 2017-04-29T11:18:45Z source: RIPE organisation: ORG-OA825-RIPE org-name: OKSERVERS org-type: OTHER address: TRUMP TOWER abuse-c: ACRO1670-RIPE mnt-ref: CYBR-DMZ mnt-by: CYBR-DMZ created: 2017-03-12T11:26:43Z last-modified: 2017-03-12T11:26:43Z source: RIPE # Filtered Checking the abuse address (whois ACRO1670-RIPE) lists the address as "Panama TRUMP TOWER". I'm assuming that the RIPE registration information is fake. In which case, it should be reported to RIPE so they can deallocate it. https://www.ripe.net/report-form The alternative is that it isn't fake -- in which case, why is Trump running a high-speed TOR node? Edit: Formatting never seen this happen on any router I have owned...until now...? [DoS Attack: SYN/ACK Scan] from source: 51.255.162.49, port 80, Sunday, March 11, 2018 20:27:20 Plus many more (France, Michigan, California Hong Kong, Bejing etc etc) in logs (around 25 +) Genuine attacks... or bogus....? Link to comment Share on other sites More sharing options...
Find_the_Door Posted April 13, 2018 Share Posted April 13, 2018 Trump isn't lol - that's likely just someone trying to do one extra thing to frame him in a bad light. Link to comment Share on other sites More sharing options...
Netduma Staff Netduma Jack Posted April 13, 2018 Netduma Staff Share Posted April 13, 2018 As funny as that is I'd avoid looking at those logs in too much depth; the events shown there happen on every network and are very common. We added the logs panel for developers / engineers to use rather than customers - it can look as though something major is happening (like a hack from Trump Tower) but in reality it won't affect your experience. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.