DOS attacks and IP Spoofs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Broadband
- :
- DOS attacks and IP Spoofs
DOS attacks and IP Spoofs
24-11-2009 3:40 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
im not too savvy on hacking but i think people are trying to hack me, multiple ip addresses have tried to hack me on my netgear router log, it lists them as denial of service attacks and IP Spoofs whatever they are, the ip spoofs shows 192.168.0.10 etc trying to hack me, even though i only have 2 computers on 192.168.0.2 and .3, 0.1 being router access.
should i be worried and what can i do?
worth mentioning that on the DOS attacks, it was ip's starting with 254, 95, and 83. something like that. i don't have the exact ip's because i cleared the log so i could see if it happened again, as i have installed eset smart security on all my computer and laptop.
what are the ramifications of somebody hacking me? what can they actually achieve?
cheers
Re: DOS attacks and IP Spoofs
24-11-2009 3:52 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
For all the other addresses, have you tried switching on the PlusNet Broadband Firewall to the HIGH setting ? - this should block almost anything.
To do this, log into your PlusNet account, go to "My Account", then "Connection Settings", then "Broadband Firewall", and then choose your settings.
Re: DOS attacks and IP Spoofs
24-11-2009 3:59 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
will putting the plusnet firewall on high mess up my games or out?
Re: DOS attacks and IP Spoofs
24-11-2009 4:10 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
While I am not an expert on gaming, I think that by experimenting with the various options available in the "Broadband Firewall", that you should be able to increase your protection without stopping your gaming.
Try starting on "LOW" and see how it goes, and keep increasing the levels (in ADVANCED) until something breaks, then take one step back. It costs nothing to try and is easy to do, so why not !
Re: DOS attacks and IP Spoofs
24-11-2009 4:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
You should also ensure your router has NAT switched ON, which will help block anonymous connections.
If you have the router DMZ directed at a PC, then make sure that PC has a decent firewall that only allows connections that you are expecting !
Re: DOS attacks and IP Spoofs
24-11-2009 5:45 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
hope that stops the beestards
Re: DOS attacks and IP Spoofs
24-11-2009 6:13 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Let us know if this fixes the problem, and what level of Broadband Firewall you end up with for your gaming !
Re: DOS attacks and IP Spoofs
25-11-2009 12:35 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:35:10
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:33:01
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:31:57
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:30:52
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:29:49
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:28:44
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:27:41
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:26:37
[DOS Attack] : 3 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:25:32
[DOS Attack] : 2 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:24:36
[DOS Attack] : 1 [IP Spoof] packets detected in last 20 seconds, source ip [192.168.0.6]
Tuesday, Nov 24,2009 19:24:08
-------------------------
This is today. after ive changed all my settings to wpa-psk secure, mac authorization only and plusnet firewall on.
what the [Censored] can i do? does this mean they are hacking me? or does it just mean they tried?
the admin logon is me btw
Re: DOS attacks and IP Spoofs
25-11-2009 12:43 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Each DNS "attack" is only 2 attempts - so it won't deny much service!
The source address is faked (as it says, it's spoofed) - so your system could not send a sensible response to the attacker (apart from the fact that your ip address exists).
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: DOS attacks and IP Spoofs
25-11-2009 12:47 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: DOS attacks and IP Spoofs
25-11-2009 12:54 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: DOS attacks and IP Spoofs
25-11-2009 12:56 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
but can anyone explain why this is happening? is somebody actually trying to dos me? why is it showing ip's that dont exist on my network? and are they actually achieving the hack or just trying?
plusnet firewall is on low and my router has nat enabled yeah.
im trying to keep my main ports available for hosting and downloading, if i use high firewall settings theres no way for me to open the ports i want too. also, i have windows 7 firewall up to date and ESET smart security firewall up to date and all running
thanks
steve
Re: DOS attacks and IP Spoofs
25-11-2009 1:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
On my own system, my router gets probed regularly all day, every day, on various TCP port numbers. It is quite interesting to lookup the host addresses to find out who's probing you, although I have never seen spoofed addresses like yours of type 192.168.?.?.
The number of probes can be reduced considerably by setting the PlusNet Broadband Firewall to the highest setting that you can get away with, as the higher the level that is set, the more ports are blocked.
This reduces attempted connections from the internet reaching your router.
Next, ideally you should use your router firewall to block as many unused TCP ports as possible, from reaching your local network. In addition by having NAT enabled, this will effectively make your local machines become anonymous when viewed from the internet side of the router, and therefore makes it very difficult to initiate remote communications to your PCs.
Finally if you have properly configured firewalls on your PCs, then in the unlikely event that anything gets past the router, then hopefully you should get a warning of an unexpected event being blocked.
If it was me, I would first set the highest Plusnet Firewall setting that still allows you to play games.
Make sure the DMZ and any unnecessary port forwarding in your router is switched off.
I personally would switch off the DHCP server in the router, and set all my local PCs to static IP addresses, to reduce the chance of a casual wireless connection requesting a local network address.
I would also change those local static IP address numbers from 192.168.0.XXX to something more unusual, such as 192.168.7.XXX. - and see if the spoofs are still 192.168.0.XXX or whether they become 192.168.7.XXX. !
So you could have for example -
Router address = 192.168.7.1
PC address = 192.168.7.10
Laptop address = 192.168.7.20
Re: DOS attacks and IP Spoofs
25-11-2009 12:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
"In The Beginning Was The Word, And The Word Was Aardvark."
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page