cancel
Showing results for 
Search instead for 
Did you mean: 

dos attack?

N/A

dos attack?

I had a look at my router log for the first time ever in my life lol

and found this

UDP Packet - Source:125.255.13.181,49152 Destination:212.159.101.55,37902 - [DOS]

what does i tmean...? ive got loads of errors like this for today its like every few mins
2 REPLIES
Dizzley
Grafter
Posts: 275
Registered: 17-04-2007

dos attack?

OK. This is some simple digging you can do.

Go to www.dnsstuff.com and enter the IP into the WHOIS lookup.

I did this for 125.255.13.181 and it's an address assigned to the Australian ISP Pacific Internet. It's probably Joe User just like you.

inetnum:      125.255.0.0 - 125.255.255.255

netname: PI-AU
descr: Pacific Internet (Australia) Pty Ltd
descr: PO Box 12101
descr: A'Beckett St Post Office
descr: Melbourne VIC 8006


Reverse DNS lookup shows the sender as known as "ppp4DB5.dsl.pacific.net.au" - an ADSL connection.

Now the ports: src=49152, dest=37902.

Ports in this range are generally used for application level services e.g. BitTorrent, and sometimes get opened to do the actual transfers once an application has been established on its primary port. NAT translation can also be involved. If you were trying to do Bittorrent then your router may have blocked this remote access to the port.

I suspect what you are seeing is the after effect of a Bittorrent session, where the peers are trying to contact you.

Of course, if the same IP was trying a large range of ports then you could be undergoing a portscan.

Did it stop? Don't worry about it. If it's a problem, make sure your router blocks it.

People more knowledgable than me will now correct me... Wink
Community Veteran
Posts: 1,229
Thanks: 1
Registered: 30-07-2007

dos attack?

Thats really interesting.
Last night my ZA software firewall went nuts for a couple of hours, blocking hundreds of attempted accesses (sometimes up to 10 a second) on port 16738 from addys all over the 'net.
I have only ever knowingly used p2p once or twice a couple of months ago, but had been trying "Dan Elwell's Broadband Speed Test" shortly before ... I'm wondering if there's a causal relationship?