 |
 |
I am being portscanned and DOS attacked
|
|
|
|
|
Senior User
Join Date: Feb 2001
Location: The Sunny Isle of Wight
Status:
Offline
|
|
Sorry if this is the wrong forum but...
I have a Netgear 834G and it has the ability to log attack/scans etc . I have it set up to ignore all incoming traffic unless I have requested it. Now reading the log I see regular "attacks" from a few IP addresses. The question I have is:
Is there anything I can do to stop these attacks, anyone I can report these IP addresses to etc?
Here some of today's attacks:
"UDP Packet - Source:212.23.8.1 Destination:192.168.0.3 - [PORT SCAN]"
"TCP Packet - Source:217.218.62.26,3400 Destination:XXX.XXX.XXX.XXX,4899 - [DOS]"
"TCP Packet - Source:217.218.62.26,3398 Destination:XXX.XXX.XXX.XXX,6101 - [DOS]"
XXX.XXX.XXX.XXX - I have removed my Router's IP address.
Thanks,
Nigel
EDIT: oops grammar mistake!
|
|
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
It is not uncommon for anyone to see various scans hitting their routers. The bad guys are constantly looking for holes they can exploit for various nefarious purposes. They like to hijack computers to spread spam from, to quietly host warez and porn (often kiddie porn), and to act as zombies in attacks on servers. That your log shows these scans, is good, but also note that they come and go.
One way to reduce the number you see is to set your ports to "stealth" if your router supports that. Normally, ports are either open or blocked, but even a blocked port returns a response to the intruder that says "blocked." A stealthed port returns no response-it looks dead or not even there. After a while, it looks like that address is no longer connected to the Internet, and the scans decrease dramatically-the bad guys don't want to bother with addresses that aren't assigned to systems they can take over.
|
|
Glenn -----
OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
Senior User
Join Date: Feb 2001
Location: The Sunny Isle of Wight
Status:
Offline
|
|
ghporter - thanks, I looked up stealth ports on the Netgear web site and found some scanners that check you IP address for vunerabilities. I ran them and all my ports are stealthed!
Thanks.
It is interesting that the same people keep scanning me.
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2003
Status:
Offline
|
|
if you do a WHOIS lookup, you'll see that's from Amsterdam, mlst likely some hapless PS user whose gotten infected with something or other.
Since you're on a Mac, even if they say your ports, there's nothing they could do. Still it's better for your bandwidth if they're stealthed since it should result in less incoming scanning
|
|
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
|
Top
