Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Slow Internet Access - DoS attack: ACK Scan
#1
Brick 
Hello,

I have attached a extract of my modem log showing a lot of attacks coming though, which is causing a very slow internet connection. Currently I have a static IP address as running a few servers for example email, remote access to my server.

My ISP's help desk answer when I made contact with them was: -

-----------------

Our server team has checked your connection details from our end and
they have found out that the logs that you are seeing on your NetGear
modem are "port scans" from our servers and they are not what you think
they are, DoS attacks..

-------------------

But I don't agree with that answer as there are to many different IPs listed.

On all of the computers attached to the local network have up to date virus and malware protection and have been scanned ny a online scanner with in the last month to confirm clean.

Any ideas / help to stop the attempts is greatly received.

Thanks


Attached Files
.txt   modemlog.txt (Size: 25.06 KB / Downloads: 10)

#2
It is very common and you have nothing to worry about. Your router is dropping certain traffic. Its known as TCP Reset (RST) packets, it flags them as a attack and then drops them. Its very unlikely that your being targeted to DOS attacks. So you slow internet has nothing to do with that log. If it was a DDOS attack, you would have no internet whats so ever while you are being attacked. That's why they call DDoS (Denial of Service) Network printers, TV, Laptop, Computer tablets, basically any device in your home can cause these logs. 
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#3
Hello,

Thanks for the info, but with the wireless disabled and the network cable removed these logs still occur. Is there anything that I can check / reconfigure to find the cause of the low speed?

#4
Are you 100% sure your system is clean and free from viruses?
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#5
Hello

I was going along the lines of disabling wireless in the modem/router and removing the network cable from the modem/router. The logs in the router modem still collect all that those as above. So I believe my pc is virus free as the logs don't differ at all if my pc is connected or not.

Scans have been run with nortons and housecall that show no infections, do you have any other programs to do scans with?

Thanks

#6
Try Malwarebytes.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#7
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 22/05/2015
Scan Time: 6:44:42 PM
Logfile:
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.22.01
Rootkit Database: v2015.05.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Chris

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 417331
Time Elapsed: 18 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

#8
I can see a lot Port 443 this info should help you understand more. I don't think your being attacked. 

Check all your rules and settings for 

[SMTP rule match]

[HTTP rule match]      

[HTTPS rule match]
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#9
There is rules for those setup in the router as I am running a web / email server on those ports. So the normal server traffic is overloading my current connection?

I will have a look at faster plans.

#10
yes that could be why do you have a web / email server on one internet connection

that you use for browsing the web also



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.