cancel
Showing results for 
Search instead for 
Did you mean: 

Denial Of Service attack

sloany
Grafter
Posts: 153
Registered: 08-06-2007

Denial Of Service attack

I have a netgear DG814GT router and i keep getting DOS alerts in my logs.

Tue, 2005-10-18 11:15:51 - Receive NTP Reply from time-g.netgear.com
Tue, 2005-10-18 11:15:51 - Administrator login successful - IP:192.168.0.3
Tue, 2005-10-18 11:17:14 - UDP Packet - Source:212.159.13.50,53 Destination:**.**.***.***,1074 - [DOS]
Tue, 2005-10-18 11:17:14 - UDP Packet - Source:212.159.13.50,53 Destination:**.**.***.***,1025 - [DOS]
Tue, 2005-10-18 11:17:14 - unexpected reply: 535 Incorrect authentication data
Tue, 2005-10-18 11:17:15 - UDP Packet - Source:212.159.13.50,53 Destination:**.**.***.***,1025 - [DOS]
Tue, 2005-10-18 11:17:15 - UDP Packet - Source:212.159.13.50,53 Destination:**.**.***.***,1074 - [DOS]
Tue, 2005-10-18 11:18:18 - LCP down.
Tue, 2005-10-18 11:18:19 - Initialize LCP.
Tue, 2005-10-18 11:18:19 - LCP is allowed to come up.
Tue, 2005-10-18 11:18:23 - CHAP authentication success
Tue, 2005-10-18 11:13:56 - Router start up
Tue, 2005-10-18 11:25:15 - LCP down.
Tue, 2005-10-18 11:25:16 - Initialize LCP.
Tue, 2005-10-18 11:25:16 - LCP is allowed to come up.
Tue, 2005-10-18 11:25:20 - CHAP authentication success

I have raised a ticket amd it went to the escalations team who said
Quote
This is just basic internet virus traffic and is not a dos attack, it is safe to ignore these scans as you are protected by the firewall on your router..


but the problem is my router resets sometimes when it is attacked as you can see from the above log. is it anything to worry about? and is there anything i can do? I have had this router for quite a while and the attacks have only started over the last week or so.
pth-cdns02.plus.net

LOL just done a search on that IP and guess what, it resolves to pth-cdns02.plus.net
4 REPLIES
N/A

Denial Of Service attack

It's not a DOS attack, it's just late packets coming back from Plus Net DNS Servers. The Router opens the DNS port for a short time upon your PC sending a request, if the reply takes longer than expected, the router will block the packet. The router by standard, will record all blocked packets as a DOS attack.
sloany
Grafter
Posts: 153
Registered: 08-06-2007

Denial Of Service attack

ah, got it now. Thanks for that explaination, thinking about it, it makes sense. cos i have been having 404 errors of late, until i reload the page. ive never made a note of the times cos i just put it down to DNS errors. Why couldnt CS have told me that? i gave them alot more info that what i included in the log above.
N/A

Denial Of Service attack

Not sure to be honest, they should have told you it was just late packets coming back from the DNS Servers.

To be honest, I hardly pay any attention to the logs on my router. You'll get lots of hits and many of them are just background noise, of which there isn't much you do anything about it.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Denial Of Service attack

Turn off the DOS logging in the router,it's a waste of time and only causes false information to be reported. The router cannot detect DOS attacks properly anyway.