DoS ACK attack?

K

K3NS31

Expert Member
Joined
Jul 19, 2009
Messages
4,105
Reaction score
449
Hope someone can help me
I'm getting the following logs on my ADSL router:

[DoS attack: ACK Scan] from source: 31.13.80.1:443 Tuesday, July 09,2013 11:59:40
[DoS attack: ACK Scan] from source: 157.56.124.119:443 Tuesday, July 09,2013 11:59:20
[DoS attack: ACK Scan] from source: 157.56.124.119:443 Tuesday, July 09,2013 11:58:58
[DoS attack: ACK Scan] from source: 213.199.179.144:40005 Tuesday, July 09,2013 11:57:22
[DoS attack: ACK Scan] from source: 77.31.232.244:2508 Tuesday, July 09,2013 11:51:09

(ignore the time stamps, I chose a few at random)
and so on.

Also been having problems with an intermittent internet connection. I'm wondering if the 2 are related.
And also, what to do about these DoS attacks?
 
All but the bottom IP have a legitimate owner. The timestamp is actually important because of you get a whole lot ACK Scans from 77.31.232.244 (lets say 100 in 1 second) then it is someone coming from an IP in Saudi Arabia trying to probe your firewall rule-sets.
 
Depends on your setup but generally if you are a home user a 10min router reboot should do it - new ext. IP otherwise you'll need to point your DNS to another IP and filter out all the bad traffic and forward to your IP - that's if you host stoof.
 
That's the strange thing. Not hosting anything. Anyway, doing a firmware upgrade on the router so we'll see what happens.
 
i got 3 of those ips hitting my Ipcop firewall as well , get a few port scans every day about 3 to 5 and all the time it is the same standard ports 80 443 8080 25 110 and a few others..
 
Hi There,
There was a similar post on the forum a few weeks back and it is just general snooping going on.
Make sure your anti virus is up to date.

Regards

Tim
 
sizable timestamp delays so no ddos...router is picking it up so not hitting a vuln.

if you're stressing, login to router page, double check that NAT is enabled, disabled remote administration, disabled Upnp, disable TR06 (if present), change admin pass to something other than default and you're good.

avoid dialup ADSL via windows interface/ aka pppoe unless you've got a firewall on pc.

On the whole though - its fine dont worry about it. getting scanned is part of being on the internet.
 
Thanks for all the feedback so far. It doesn't look like it was anything major, as a few people suggested above, but we were concerned because we were getting ADSL disconnects too, and thought the issues may be related.
Anyway, done a firmware upgrade, so we'll see what happens.
 
K3NS31 said:
Hope someone can help me
I'm getting the following logs on my ADSL router:

[DoS attack: ACK Scan] from source: 31.13.80.1:443 Tuesday, July 09,2013 11:59:40
[DoS attack: ACK Scan] from source: 157.56.124.119:443 Tuesday, July 09,2013 11:59:20
[DoS attack: ACK Scan] from source: 157.56.124.119:443 Tuesday, July 09,2013 11:58:58
[DoS attack: ACK Scan] from source: 213.199.179.144:40005 Tuesday, July 09,2013 11:57:22
[DoS attack: ACK Scan] from source: 77.31.232.244:2508 Tuesday, July 09,2013 11:51:09

(ignore the time stamps, I chose a few at random)
and so on.

Also been having problems with an intermittent internet connection. I'm wondering if the 2 are related.
And also, what to do about these DoS attacks?
Click to expand...

No, not a DoS attack.
 
Indeed. ACK scans are a way of doing a portscan that can penetrate some firewalls that don't implement stateful packet inspection that well...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X