Dos attack: TCP/UDP Echo from source 118.26.141.212, port 3363

[Zaroo]

Should this be igorned? The IP comes back as.. 

Source: whois.apnic.net

IP Address: 118.26.141.212

% [whois.apnic.net]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html

% Information related to '118.26.141.0 - 118.26.141.255'

% Abuse contact for '118.26.141.0 - 118.26.141.255' is '[email protected]'

inetnum:        118.26.141.0 - 118.26.141.255
netname:        TEDAIDC
descr:          E-teda Technology Industrial Co.Ltd
descr:          tianda science and technology garden D1 Tianjin
descr:          economic-technologyical development area
country:        CN
admin-c:        ZD833-AP
tech-c:         PT486-AP
mnt-by:         MAINT-AP-CNISP
mnt-irt:        IRT-CNISP-CN
status:         ASSIGNED NON-PORTABLE
last-modified:  2014-08-13T01:46:47Z
source:         APNIC

irt:            IRT-CNISP-CN
address:        Beijing CNISP Technology Co., Ltd
e-mail:         [email protected]
abuse-mailbox:  [email protected]
admin-c:        CM2275-AP
tech-c:         CM2275-AP
auth:           # Filtered
mnt-by:         MAINT-AP-CNISP
last-modified:  2017-05-03T07:08:38Z
source:         APNIC

person:         Peng Tao
nic-hdl:        PT486-AP
e-mail:         [email protected]
address:        tianda science and technology garden D1 Tianjin
address:        economic-technologyical development area
phone:          +86-22-66211199
country:        CN
mnt-by:         MAINT-AP-CNISP
last-modified:  2014-08-07T02:18:45Z
source:         APNIC

person:         Zhang Di
nic-hdl:        ZD833-AP
e-mail:         [email protected]
address:        tianda science and technology garden D1 Tianjin
address:        economic-technologyical development area
phone:          +86-22-66211199
country:        CN
mnt-by:         MAINT-AP-CNISP
last-modified:  2014-08-07T02:18:45Z
source:         APNIC

 

https://www.ultratools.com/tools/ipWhoisLookupResult

[Guest Killhippie]

Whatever you see in logs is the noise of the internet apart from DumaOS checks and the router getting its time from Netgears NTP servers. Everyday you will see this, its nothing to worry about at all, also Netgears firewall is a little paranoid with its logging and may list normal traffic as DoS attacks at times like DNS servers on port 53 which I was having, but everything you see is the firewall doing its job. Unless you are trouble shooting a glitch  just ignore it as you will see things like this in the logs all the time and it means your router is doing fine. Also not there is little point in looking up addresses as they will generally be spoofed. There nothing to worry about at all, just ignore the logs and enjoy your gaming.  

[Zaroo]

Thanks man!!! I seen something on port 80 as well. I tested this port before and it coming up as blocked. As of the last couple days, I’ve started seeing syn/ack on it. 

Im going to try to ignore it. It’s I wasn’t getting this much activity until I tried using a program. Lord, knows I need to focus on one thing at at a time and not this. 

[Guest Killhippie]

5 minutes ago, Zaroo said:

Thanks man!!! I seen something on port 80 as well. I tested this port before and it coming up as blocked. As of the last couple days, I’ve started seeing syn/ack on it. 

Im going to try to ignore it. It’s I wasn’t getting this much activity until I tried using a program. Lord, knows I need to focus on one thing at at a time and not this. 

You will see bouts of activity and then maybe not so much, its just the way the net works, don't look at the logs you don't need to unless requested really is probably best. I did because I knew there was an issue with my ISPs primary DNS server was being dropped when it should not have been, also after years of Netgear routers and beta testing them I know my way around the logs. Just enjoy your router and don't worry about them, all is well.

[Netduma Jack]

2 hours ago, Zaroo said:

Thanks man!!! I seen something on port 80 as well. I tested this port before and it coming up as blocked. As of the last couple days, I’ve started seeing syn/ack on it. 

Im going to try to ignore it. It’s I wasn’t getting this much activity until I tried using a program. Lord, knows I need to focus on one thing at at a time and not this. 

Killhippie is spot on above; every piece of hardware has a ton of processes happening, but most just don't show you so explicitly  nothing to worry about.

1 hour ago, Killhippie said:

its just the way the net works

Nice play on words xD

[Zaroo]

@Killhippie thank you so much! The only thing was causing me this outside concern besides the malicious software I tried utilizing.. was the fact that I would google the ips and would read negative information from others relating to methods of hacking coupled with malicious info from data files etc, I found stored on my pc after utilizing that software. I feel comfortable now lol. 

[Zaroo]

@Netduma Jack All of my internet services just got disconnected and shut down. The ip's from the "Attacks" were a lot of  the same.. I am confused now and worried. Below are right before it happened. @Killhippie

[DoS Attack: SYN/ACK Scan] from source: 38.21.226.137, port 55552, Friday, March 01, 2019 12:22:05
[DumaOS] config write 'com.netdumsoftware.geofilter.settings', Friday, March 01, 2019 12:27:10
[DumaOS] config write 'com.netdumsoftware.geofilter.settings', Friday, March 01, 2019 12:27:22
[DumaOS] Cloudsync Themes result 'false','All mirrors are down', Friday, March 01, 2019 12:29:00
[DumaOS] config write 'com.netdumsoftware.geofilter.settings', Friday, March 01, 2019 12:31:14
[Time synchronized with NTP server] Friday, March 01, 2019 12:31:32
[DoS Attack: TCP/UDP Chargen] from source: 164.52.24.181, port 47876, Friday, March 01, 2019 12:38:11
[DoS Attack: TCP/UDP Chargen] from source: 164.52.24.181, port 47877, Friday, March 01, 2019 12:38:11
[DoS Attack: SYN/ACK Scan] from source: 38.21.226.137, port 55552, Friday, March 01, 2019 12:39:56
[DoS Attack: SYN/ACK Scan] from source: 38.21.226.137, port 55552, Friday, March 01, 2019 13:03:42
 

A little earlier

[DoS Attack: RST Scan] from source: 62.201.225.242, port 47688, Friday, March 01, 2019 13:54:59
[DoS Attack: SYN/ACK Scan] from source: 31.214.129.73, port 80, Friday, March 01, 2019 14:30:51
[DoS Attack: SYN/ACK Scan] from source: 31.214.129.73, port 80, Friday, March 01, 2019 14:30:54
[DoS Attack: SYN/ACK Scan] from source: 31.214.129.73, port 80, Friday, March 01, 2019 14:31:00
[DoS Attack: SYN/ACK Scan] from source: 5.39.105.64, port 80, Friday, March 01, 2019 14:44:23
[DoS Attack: SYN/ACK Scan] from source: 38.21.226.137, port 55552, Friday, March 01, 2019 15:00:53
 

[Zaroo]

The above is just partial. I had to reset everything a few times but have a few logs saved.

[Zaroo]

I commented on a users posts pertaining  Skiped spike rtt .. I’m receiving 10-20 skiped spike rtt’s at a time. As I commented in his post, I received 2 DOS Attack SYN/ACK Scans from the same sources mentioned above.

[Guest Killhippie]

On 3/3/2019 at 1:31 AM, Zaroo said:

I commented on a users posts pertaining  Skiped spike rtt .. I’m receiving 10-20 skiped spike rtt’s at a time. As I commented in his post, I received 2 DOS Attack SYN/ACK Scans from the same sources mentioned above.

You internet going down is probably down to a small outage, or a drop by the router, its NOT a DoS attack. I have the same logs all the time I had them on my R7800, my R7000, my R6300v2 its nothing to worry about They will happen every day at some point, just ignore them. You are looking for a an issue that is not present. This is just internet noise, my logs are filled with them now and then. I have PPP dropouts which happen occasionally, small outages in servers that connect you to your ISP or even your exchange can happen and there is always work going on on each countries broadband and telephony infrastructure, its not a DoS attack. Please just ignore them. As to your computer if you have swept it with your AV and a stand-alone scanner like malwarebytes and its shows nothing wrong you are probably just fine  

Just to show you here is a capture of part of my logs last night while steaming 'The Expanse' series 3 on Amazon Prime. Its normal. Also there is no point in trying to trace the IP addresses as they are generally spoofed, or more than likely just mislabelled traffic as the firewall has a tendency to think everything is a DoS attack.  

DoS Attack: UDP Port Scan] from source: 185.53.91.57, port 9640, Saturday, March 02, 2019 22:05:58

[DoS Attack: UDP Port Scan] from source: 185.53.91.57, port 9640, Saturday, March 02, 2019 22:05:58

[DoS Attack: UDP Port Scan] from source: 185.53.91.57, port 9699, Saturday, March 02, 2019 22:05:35

[DoS Attack: UDP Port Scan] from source: 185.53.91.57, port 9699, Saturday, March 02, 2019 22:05:35

[DoS Attack: UDP Port Scan] from source: 185.53.91.57, port 9699, Saturday, March 02, 2019 22:05:34

[Zaroo]

@Killhippie If I could elect this man leader. I would. You’re feedback is outstanding and I feel like I can believe I’m what your saying afterwards. So, thanks. 

I’ll ignore them for now and focus on my other questions and concerns I have in in another thread. Something about my setup is just not right as it is. But I’ll see if I can get some help in my other thread. Thanks, again. You the man!

[Netduma Admin]

Killhippie is the man!

I just replied to you in the other thread about these DoS attack's too - in case you don't see it then I said the same - you can ignore these logs.