cancel
Showing results for 
Search instead for 
Did you mean: 

DDos?

matthews
Rising Star
Posts: 141
Thanks: 6
Fixes: 1
Registered: 13-08-2014

DDos?

My connection is currently getting 100-250 kilobytes per second of UDP packets being sent to it from various IP addresses to various UDP ports. The router is happily dropping the packets but it's obviously something that I'd like to stop if possible! I've got a static IP address which I'd like to keep unless this becomes an issue. I'm trying to work out if my router is just dropping the packets or sending back that the port is closed.
Here's a 60 second snippet:
20:46:36 DROP SRC=109.73.96.152 DST=80.229.31.x LEN=138 PREC=0x80 TTL=45 ID=0 DF PROTO=UDP SPT=56947 DPT=20041 LEN=118
20:46:36 DROP SRC=86.27.59.239 DST=80.229.31.x LEN=141 PREC=0x80 TTL=117 ID=6991 PROTO=UDP SPT=45036 DPT=52894 LEN=121
20:46:38 DROP SRC=86.27.59.239 DST=80.229.31.x LEN=141 PREC=0x80 TTL=117 ID=7182 PROTO=UDP SPT=45036 DPT=52894 LEN=121
20:46:41 DROP SRC=222.236.205.195 DST=80.229.31.x LEN=131 PREC=0x80 TTL=118 ID=31828 DF PROTO=UDP SPT=27574 DPT=20041 LEN=111
20:46:42 DROP SRC=86.27.59.239 DST=80.229.31.x LEN=141 PREC=0xA0 TTL=117 ID=7591 PROTO=UDP SPT=45036 DPT=52894 LEN=121
20:46:43 DROP SRC=24.18.147.159 DST=80.229.31.x LEN=147 PREC=0x80 TTL=117 ID=1272 PROTO=UDP SPT=16663 DPT=52894 LEN=127
20:46:44 DROP SRC=24.130.84.139 DST=80.229.31.x LEN=131 PREC=0x80 TTL=116 ID=3490 PROTO=UDP SPT=30850 DPT=20041 LEN=111
20:46:45 DROP SRC=24.18.147.159 DST=80.229.31.x LEN=147 PREC=0x80 TTL=117 ID=1274 DF PROTO=UDP SPT=16663 DPT=52894 LEN=127
20:46:46 DROP SRC=80.98.212.80 DST=80.229.31.x LEN=136 PREC=0x80 TTL=114 ID=3712 PROTO=UDP SPT=2308 DPT=20041 LEN=116
20:46:49 DROP SRC=24.18.147.159 DST=80.229.31.x LEN=147 PREC=0xA0 TTL=117 ID=1275 DF PROTO=UDP SPT=16663 DPT=52894 LEN=127
20:46:49 DROP SRC=54.229.30.215 DST=80.229.31.x LEN=32 PREC=0x80 TTL=52 ID=0 DF PROTO=UDP SPT=32099 DPT=15325 LEN=12
20:46:50 DROP SRC=54.251.166.133 DST=80.229.31.x LEN=32 PREC=0x80 TTL=50 ID=0 DF PROTO=UDP SPT=32099 DPT=15325 LEN=12
20:46:52 DROP SRC=81.144.193.80 DST=80.229.31.x LEN=151 PREC=0x80 TTL=119 ID=8569 PROTO=UDP SPT=50015 DPT=52894 LEN=131
20:46:55 DROP SRC=81.144.193.80 DST=80.229.31.x LEN=151 PREC=0x80 TTL=119 ID=8570 PROTO=UDP SPT=50015 DPT=52894 LEN=131
20:46:57 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=137 PREC=0x80 TTL=117 ID=492 PROTO=UDP SPT=2643 DPT=51241 LEN=117
20:46:57 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=144 PREC=0x80 TTL=116 ID=491 PROTO=UDP SPT=38008 DPT=52894 LEN=124
20:46:59 DROP SRC=81.144.193.80 DST=80.229.31.x LEN=151 PREC=0xA0 TTL=119 ID=8571 PROTO=UDP SPT=50015 DPT=52894 LEN=131
20:46:59 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=137 PREC=0x80 TTL=117 ID=494 PROTO=UDP SPT=2643 DPT=51241 LEN=117
20:46:59 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=144 PREC=0x80 TTL=116 ID=493 PROTO=UDP SPT=38008 DPT=52894 LEN=124
20:47:01 DROP SRC=70.89.210.98 DST=80.229.31.x LEN=146 PREC=0x80 TTL=114 ID=21544 PROTO=UDP SPT=42997 DPT=52894 LEN=126
20:47:02 DROP SRC=94.41.123.3 DST=80.229.31.x LEN=138 PREC=0x80 TTL=54 ID=0 DF PROTO=UDP SPT=50686 DPT=20041 LEN=118
20:47:03 DROP SRC=82.205.81.250 DST=80.229.31.x LEN=131 PREC=0x80 TTL=116 ID=4110 PROTO=UDP SPT=33024 DPT=20041 LEN=111
20:47:03 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=137 PREC=0xA0 TTL=117 ID=496 PROTO=UDP SPT=2643 DPT=51241 LEN=117
20:47:03 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=144 PREC=0xA0 TTL=116 ID=495 PROTO=UDP SPT=38008 DPT=52894 LEN=124
20:47:03 DROP SRC=70.89.210.98 DST=80.229.31.x LEN=146 PREC=0x80 TTL=114 ID=21553 PROTO=UDP SPT=42997 DPT=52894 LEN=126
20:47:04 DROP SRC=24.130.84.139 DST=80.229.31.x LEN=131 PREC=0x80 TTL=116 ID=3491 PROTO=UDP SPT=30850 DPT=20041 LEN=111
20:47:06 DROP SRC=91.144.228.28 DST=80.229.31.x LEN=138 PREC=0x80 TTL=54 ID=55560 DF PROTO=UDP SPT=41087 DPT=20041 LEN=118
20:47:07 DROP SRC=70.89.210.98 DST=80.229.31.x LEN=146 PREC=0xA0 TTL=114 ID=21566 PROTO=UDP SPT=42997 DPT=52894 LEN=126
20:47:14 DROP SRC=67.71.42.54 DST=80.229.31.x LEN=131 PREC=0x80 TTL=111 ID=11102 PROTO=UDP SPT=7957 DPT=20041 LEN=111
20:47:15 DROP SRC=75.85.160.139 DST=80.229.31.x LEN=131 PREC=0x80 TTL=114 ID=17317 PROTO=UDP SPT=28826 DPT=20041 LEN=111
20:47:16 DROP SRC=86.27.59.239 DST=80.229.31.x LEN=141 PREC=0x80 TTL=117 ID=10919 PROTO=UDP SPT=45036 DPT=52894 LEN=121
20:47:18 DROP SRC=67.71.42.54 DST=80.229.31.x LEN=131 PREC=0x80 TTL=111 ID=11103 PROTO=UDP SPT=7957 DPT=20041 LEN=111
20:47:18 DROP SRC=86.27.59.239 DST=80.229.31.x LEN=141 PREC=0x80 TTL=117 ID=11097 DF PROTO=UDP SPT=45036 DPT=52894 LEN=121
20:47:22 DROP SRC=67.71.42.54 DST=80.229.31.x LEN=131 PREC=0x80 TTL=111 ID=11104 PROTO=UDP SPT=7957 DPT=20041 LEN=111
20:47:22 DROP SRC=86.27.59.239 DST=80.229.31.x LEN=141 PREC=0xA0 TTL=117 ID=11525 PROTO=UDP SPT=45036 DPT=52894 LEN=121
20:47:23 DROP SRC=67.71.42.54 DST=80.229.31.x LEN=131 PREC=0x80 TTL=111 ID=11105 PROTO=UDP SPT=7957 DPT=20041 LEN=111
20:47:30 DROP SRC=54.229.30.215 DST=80.229.31.x LEN=32 PREC=0x80 TTL=52 ID=0 DF PROTO=UDP SPT=32099 DPT=15325 LEN=12
20:47:30 DROP SRC=54.251.166.133 DST=80.229.31.x LEN=32 PREC=0x80 TTL=50 ID=0 DF PROTO=UDP SPT=32099 DPT=15325 LEN=12
20:47:34 DROP SRC=81.144.193.80 DST=80.229.31.x LEN=151 PREC=0x80 TTL=119 ID=8572 PROTO=UDP SPT=50015 DPT=52894 LEN=131
20:47:36 DROP SRC=81.144.193.80 DST=80.229.31.x LEN=151 PREC=0x80 TTL=119 ID=8573 PROTO=UDP SPT=50015 DPT=52894 LEN=131
20:47:39 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=133 PREC=0x80 TTL=53 ID=19478 PROTO=UDP SPT=37410 DPT=52894 LEN=113
20:47:39 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=135 PREC=0x80 TTL=52 ID=9088 PROTO=UDP SPT=37410 DPT=39331 LEN=115
20:47:39 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=135 PREC=0x80 TTL=52 ID=4850 PROTO=UDP SPT=37410 DPT=51241 LEN=115
20:47:40 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=144 PREC=0x80 TTL=117 ID=497 PROTO=UDP SPT=37214 DPT=52894 LEN=124
20:47:40 DROP SRC=81.144.193.80 DST=80.229.31.x LEN=151 PREC=0xA0 TTL=119 ID=8574 PROTO=UDP SPT=50015 DPT=52894 LEN=131
20:47:41 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=135 PREC=0x80 TTL=52 ID=22901 PROTO=UDP SPT=37410 DPT=39331 LEN=115
20:47:41 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=133 PREC=0x80 TTL=53 ID=12758 PROTO=UDP SPT=37410 DPT=52894 LEN=113
20:47:41 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=135 PREC=0x80 TTL=52 ID=60915 PROTO=UDP SPT=37410 DPT=51241 LEN=115
20:47:42 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=144 PREC=0x80 TTL=117 ID=498 PROTO=UDP SPT=37214 DPT=52894 LEN=124
20:47:43 DROP SRC=70.89.210.98 DST=80.229.31.x LEN=146 PREC=0x80 TTL=114 ID=21735 PROTO=UDP SPT=42997 DPT=52894 LEN=126
20:47:45 DROP SRC=70.89.210.98 DST=80.229.31.x LEN=146 PREC=0x80 TTL=114 ID=21737 PROTO=UDP SPT=42997 DPT=52894 LEN=126
20:47:45 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=135 PREC=0xA0 TTL=52 ID=41225 PROTO=UDP SPT=37410 DPT=51241 LEN=115
20:47:45 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=133 PREC=0xA0 TTL=53 ID=39844 PROTO=UDP SPT=37410 DPT=52894 LEN=113
20:47:45 DROP SRC=73.189.79.215 DST=80.229.31.x LEN=135 PREC=0xA0 TTL=52 ID=40041 PROTO=UDP SPT=37410 DPT=39331 LEN=115
20:47:46 DROP SRC=82.33.95.68 DST=80.229.31.x LEN=144 PREC=0xA0 TTL=117 ID=499 PROTO=UDP SPT=37214 DPT=52894 LEN=124
20:47:46 DROP SRC=222.236.205.195 DST=80.229.31.x LEN=131 PREC=0x80 TTL=118 ID=32100 PROTO=UDP SPT=27574 DPT=20041 LEN=111
20:47:47 DROP SRC=213.248.117.65 DST=80.229.31.x LEN=1401 PREC=0x80 TTL=56 ID=51768 DF PROTO=TCP SPT=80 DPT=3539 SEQ=1511691269 ACK=2225573454 WINDOW=639 RES=0x00 ACK PSH URGP=0
20:47:49 DROP SRC=70.89.210.98 DST=80.229.31.x LEN=146 PREC=0xA0 TTL=114 ID=21753 PROTO=UDP SPT=42997 DPT=52894 LEN=126
20:47:51 DROP SRC=67.71.42.54 DST=80.229.31.x LEN=131 PREC=0x80 TTL=111 ID=11106 PROTO=UDP SPT=7957 DPT=20041 LEN=111
20:47:54 DROP SRC=80.98.212.80 DST=80.229.31.x LEN=136 PREC=0x80 TTL=114 ID=7024 PROTO=UDP SPT=2308 DPT=20041 LEN=116
20:48:00 DROP IN=eth0 OUT= MAC=01:00:5e:00:00:01:00:16:fa:ec:b9:01:08:00 SRC=0.0.0.0 DST=224.0.0.1 LEN=36 PREC=0xC0 TTL=1 ID=0 OPT (94040000) PROTO=2
20:48:06 DROP SRC=94.41.123.3 DST=80.229.31.x LEN=138 PREC=0x80 TTL=54 ID=0 DF PROTO=UDP SPT=50686 DPT=20041 LEN=118
20:48:09 DROP SRC=24.130.84.139 DST=80.229.31.x LEN=131 PREC=0x80 TTL=116 ID=3492 PROTO=UDP SPT=30850 DPT=20041 LEN=111
20:48:10 DROP SRC=54.229.30.215 DST=80.229.31.x LEN=32 PREC=0x80 TTL=52 ID=0 DF PROTO=UDP SPT=32099 DPT=15325 LEN=12
20:48:10 DROP SRC=54.251.166.133 DST=80.229.31.x LEN=32 PREC=0x80 TTL=50 ID=0 DF PROTO=UDP SPT=32099 DPT=15325 LEN=12
1 REPLY
Community Veteran
Posts: 3,380
Thanks: 4
Registered: 18-01-2013

Re: DDos?

I appeared to be bombarded last night (similar fixed IP as yours) until my router died for five minutes then rebooted.
Mind you, my email / web server is under constant attack anyway so I just tend to ignore it and blacklist persistent hackers.