Jump to content
Reminder, starting today you will no longer be able to login to the forum using your display name, to login you must now use your email address. ×

How do I Block- DoS attack: TCP SYN Flood


Recommended Posts

My logs are filled with [DoS attack: TCP SYN Flood] from source 103.141.138.249 how do I block this? I've blocked every device from connecting to the router except my PC and created an Firewall rule to block this on my PC, but still see these. Is there any way that I can see specifically which IP the source is targeting? Then how can I block this IP from ever getting past the router?

[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:48
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:48
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:47
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:47
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:46
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:46
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:45
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:45
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:44
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:44
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:43
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:43
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:42
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:42
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:41
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:41
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:40
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:40
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:39
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:39
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:38
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:38
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:37
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 42983 Monday, May 17,2021 14:24:37
[DoS attack: TCP SYN Flood] from source 103.141.138.249,port 47649 Monday, May 17,2021 14:24:36

Link to comment
Share on other sites

So in my extensive search it appears that you are unable to block an External IP address on a NetGear router!? Really! Do the NetDuma routers have this functionality? This seems like basic security functionality, Why NetGear...why? Epic fail. Freaking expensive XR1000 mistake. 

So this now brings up another concern...I guess the only way to ensure this external IP does not continue to flood my network is to have my ISP change my IP or regardless of the router it will continue. I asked my ISP to block the IP but they refused. Are my assumptions correct?

Link to comment
Share on other sites

6 hours ago, Ben0175 said:

So in my extensive search it appears that you are unable to block an External IP address on a NetGear router!? Really! Do the NetDuma routers have this functionality? This seems like basic security functionality, Why NetGear...why? Epic fail. Freaking expensive XR1000 mistake. 

So this now brings up another concern...I guess the only way to ensure this external IP does not continue to flood my network is to have my ISP change my IP or regardless of the router it will continue. I asked my ISP to block the IP but they refused. Are my assumptions correct?

All NG routers have firewall protection that protects against port scans. Sometimes NGs logs are a bit optimistic but it’s stopped your scans. You can’t stop external probes as NG routers don’t have geo location block and if they did in some cases it could create gaming issues but even then the probes still scan you. 
It’s very common to see NG logs full of warnings. 


 

Link to comment
Share on other sites

To help, go to https://www.grc.com/shieldsup and see if any of your ports are OPEN or STEALTH mode, 

If they are all STEALTH (which they should be) then even though you are being scanned they are just really looking.

Also, most consumer grade routers firewalls (even ASUS) are not that adjustable and by default all incoming connections are blocked (denied) by default unless initiated by an outgoing traffic which opens a port etc. or if you have enabled port forwarding etc etc.

Update: IP Address is via Viet Nam, if it was Russia or simular, I would be more concerned, if you want to change IP address and are not on a fixed IP address service, then switch off modem for 30 minuites and it may pick up new ISP IP address when it boots up ?

 Hope that helps and it is not as series at it seems 😀

 

Link to comment
Share on other sites

If its in the logs its blocked already. You are port scanned every day, and if your IP range does not respond because of stealth mode of your firewall, they know you are there anyway so changing IP is pointless, this is the background noise of the internet, they are not interested in you, don't worry about the logs, and just enjoy whatever you are doing. :)

Link to comment
Share on other sites

  • Administrators

Good advice from everyone above, it won't be causing you any harm. In regards to the settings page not loading its possible you have an Adblocker on the web browser, if you disable this/whitelist the interface then it should load fine

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...