KingXFocusedxX Posted August 18, 2020 Share Posted August 18, 2020 I was having issues late night gaming on my ps4, and i went to check my router logs and noticed an ARP Attack, as well as a device i've removed before. the device name looked familiar to me as i thought it was my girlfriends brothers device as he comes over every once in a while, but when i went to my device settings, i couldn't delete it because it was active! So, i blocked the device from connecting to my network, and rebooted my router, and did a ping plotter test to make sure my connection was good, which it was. my questions are, how would someone be able to connect to my router without my password? And how bad is an ARP Attack? I will list the router logs from an ack scan that leads to the ARP Attack below, and the following logs afterwards. Thank you for any support and help in advance, i really appreciate it. [DumaOS] config write 'com.netdumasoftware.devicemanager.database', Monday, August 17, 2020 23:41:13 [DumaOS] config write 'com.netdumasoftware.devicemanager.database', Monday, August 17, 2020 23:40:52 [LAN access from remote] from 196.52.43.103:63533 to 192.168.1.28:80, Monday, August 17, 2020 23:39:33 [DumaOS] RPC call 'delete_device' exception 'ERROR: Unable to delete device because it is online. stack traceback: ^I?: in func,ion '__new__' ^I?: in function '?' ^I?: in function <?:469> ^I(tail call): ? ^I?: in function <?:352> ^I?: in function <?:324> ^I[C]: in function 'xpcall' ^I?: in function 'try' ^I?: in function <?:290> ^I[C]: in function 'run' ^I?: in function <?:345> ^I[C]: in function 'xpcall' ^I?: in function 'try' ^I?: in function <?:261> ^I(tail call): ? ^I/dumaos/api/cli.lua:48: in function </dumaos/api/cli.lua:30> ^I[C]: in function 'xpcall' ^I/dumaos/api/cli.lua:59: in main chunk ^I[C]: ?' Monday, August 17, 2020 23:39:08 [DumaOS] applying qos for zone lan, Monday, August 17, 2020 23:38:38 [DumaOS] applying qos for zone wan, Monday, August 17, 2020 23:38:37 [DumaOS] config write 'com.netdumasoftware.qos.settings', Monday, August 17, 2020 23:38:36 [DumaOS] config write 'com.netdumsoftware.geofilter.settings', Monday, August 17, 2020 23:38:36 [DumaOS] config write 'com.netdumsoftware.geofilter.settings', Monday, August 17, 2020 23:37:36 [LAN access from remote] from 110.153.78.26:4759 to 192.168.1.28:80, Monday, August 17, 2020 23:37:03 [DumaOS] config write 'com.netdumsoftware.geofilter.settings', Monday, August 17, 2020 23:36:20 [DumaOS] config write 'com.netdumsoftware.geofilter.settings', Monday, August 17, 2020 23:35:50 [DumaOS] DHCP lease change., Monday, August 17, 2020 23:35:12 [DumaOS] DHCP new event., Monday, August 17, 2020 23:35:12 [DHCP IP: 192.168.1.150] to MAC address 54:be:f7:26:22:61, Monday, August 17, 2020 23:35:12 [DumaOS] DHCP lease change., Monday, August 17, 2020 23:35:11 [DumaOS] DHCP new event., Monday, August 17, 2020 23:35:11 [DHCP IP: 192.168.1.150] to MAC address 54:be:f7:26:22:61, Monday, August 17, 2020 23:35:11 [DumaOS] Error parsing line in ARP table: 'fe80::2ca:e5ff:fe3c:6022 dev brwan lladdr 00:ca:e5:3c:60:22 router STALE', Monday, August 17, 2020 23:35:08 [DoS Attack: SYN/ACK Scan] from source: 82.209.240.74, port 25, Monday, August 17, 2020 23:29:58 [LAN access from remote] from 185.250.220.170:43417 to 192.168.1.28:80, Monday, August 17, 2020 23:22:40 [DoS Attack: RST Scan] from source: 8.45.42.100, port 61711, Monday, August 17, 2020 23:17:51 [LAN access from remote] from 195.54.160.21:53642 to 192.168.1.28:443, Monday, August 17, 2020 23:10:03 [LAN access from remote] from 156.96.156.138:53162 to 192.168.1.28:443, Monday, August 17, 2020 23:03:40 [DoS Attack: SYN/ACK Scan] from source: 82.209.240.74, port 25, Monday, August 17, 2020 22:51:46 [DoS Attack: RST Scan] from source: 43.248.189.57, port 22, Monday, August 17, 2020 22:50:13 [DumaOS] Error parsing line in ARP table: 'fe80::2ca:e5ff:fe3c:6022 dev brwan lladdr 00:ca:e5:3c:60:22 router STALE', Monday, August 17, 2020 22:43:51 [DoS Attack: TCP/UDP Chargen] from source: 2.57.122.98, port 51913, Monday, August 17, 2020 22:26:46 [DumaOS] DHCP lease change., Monday, August 17, 2020 22:18:26 [DumaOS] DHCP new event., Monday, August 17, 2020 22:18:26 [DHCP IP: 192.168.1.150] to MAC address 54:be:f7:26:22:61, Monday, August 17, 2020 22:18:26 [DumaOS] DHCP lease change., Monday, August 17, 2020 22:18:26 [DumaOS] DHCP new event., Monday, August 17, 2020 22:18:26 [DHCP IP: 192.168.1.150] to MAC address 54:be:f7:26:22:61, Monday, August 17, 2020 22:18:26 [DumaOS] Error parsing line in ARP table: 'fe80::2ca:e5ff:fe3c:6022 dev brwan lladdr 00:ca:e5:3c:60:22 router STALE', Monday, August 17, 2020 22:18:23 [DumaOS] DHCP lease change., Monday, August 17, 2020 22:14:36 [DumaOS] DHCP new event., Monday, August 17, 2020 22:14:36 [DHCP IP: 192.168.1.153] to MAC address 10:08:b1:9d:b6:c7, Monday, August 17, 2020 22:14:36 [LAN access from remote] from 80.82.65.74:51155 to 192.168.1.28:443, Monday, August 17, 2020 22:11:36 [DoS Attack: ARP Attack] from source: 192.168.1.151, Monday, August 17, 2020 22:09:01 [DoS Attack: ACK Scan] from source: 192.229.211.7, port 443, Monday, August 17, 2020 21:35:58 [DoS Attack: ACK Scan] from source: 192.229.211.7, port 443, Monday, August 17, 2020 21:35:56 [DoS Attack: ACK Scan] from source: 192.229.211.7, port 443, Monday, August 17, 2020 21:35:54 [DoS Attack: ACK Scan] from source: 192.229.211.7, port 443, Monday, August 17, 2020 21:35:52 [DoS Attack: ACK Scan] from source: 192.229.211.7, port 443, Monday, August 17, 2020 21:35:50 Link to comment Share on other sites More sharing options...
Guest Killhippie Posted August 19, 2020 Share Posted August 19, 2020 These are normal and the Netgear firewall is paranoid, please Google Netgear false DoS attacks. These are basically just port scans and if its in your log its blocked. Nothing to worry about as if its blocked it did not get though. Avoid looking at logs and enjoy your router. One thing to ask is you don't have remote access turned on do you? Some of the logs are UPnP related, once again nothing much to worry about from a home users point of view, but UPnP is a weak spot. As to the device you dont know, DHCP reservation may help by assigning a IP for each MAC address then you know what each device is. Or look on the network map and try and work out which device is which that way. Always use a strong password for Wi-Fi and dont keep the original network names either that and that will keep you pretty safe. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.