General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User trolleybus
(committed) Mon 06-Oct-14 10:30:59
Print Post

Info message from router


[link to this post]
 
Any chance that somebody could explain these info messages that keep poping up from my router. The row of stars has been inserted by me to hide my ip address.


2014/10/06 10:10:21 -- [DOS][Block][tcp_flag, scanner=xmas_scan][255.127.0.0:0->****************:0][TCP][HLen=20, TLen=60, Flag=UPAF, Seq=1540996429, Ack=0, Win=6667]
2014/10/06 10:12:13 -- [DOS][Block][tcp_flag, scanner=fin_wo_ack][255.127.0.0:0->****************:0][TCP][HLen=20, TLen=60, Flag=SRF, Seq=624639109, Ack=0, Win=6667]
2014/10/06 10:12:38 -- [DOS][Block][tcp_flag, scanner=fin_wo_ack][162.209.14.203:0->****************:0][TCP][HLen=20, TLen=60, Flag=F, Seq=1578576465, Ack=0, Win=6667]
2014/10/06 10:14:26 -- [DOS][Block][tcp_flag, scanner=fin_wo_ack][255.127.0.0:0->****************:0][TCP][HLen=20, TLen=60, Flag=URF, Seq=1540996429, Ack=0, Win=6667]
2014/10/06 10:16:34 -- [DOS][Block][tcp_flag, scanner=syn_rst][82.222.7.139:0->****************:0][TCP][HLen=20, TLen=60, Flag=SRA, Seq=1578576465, Ack=0, Win=6667]
2014/10/06 10:17:39 -- [DOS][Block][tcp_flag, scanner=fin_wo_ack][255.127.0.0:0->****************:0][TCP][HLen=20, TLen=60, Flag=URF, Seq=1540996429, Ack=0, Win=6667]
Standard User ian72
(eat-sleep-adslguide) Mon 06-Oct-14 10:49:21
Print Post

Re: Info message from router


[re: trolleybus] [link to this post]
 
Looks like your router is doing its job and blocking dodgy connections. A bot is probably scanning the IP Address pool looking for vulnerable targets.
Standard User JohnR
(eat-sleep-adslguide) Mon 06-Oct-14 17:45:51
Print Post

Re: Info message from router


[re: trolleybus] [link to this post]
 
Google brings up some good results.
Xmas scan with Nmap


According to RFC 793, if a closed port gets a TCP packet without the SYN, RST, or ACK flag being set, it is suppose to respond with a RST packet. If the port is open, the TCP stack is suppose to just drop the packet without giving a response. Not all Operating Systems follow the RFC to the letter however, and these discrepancies allow for OS fingerprinting. I've covered OS fingerprinting in other videos (which I will link off to later), this video will just illustrates the point by showing off Nmap's XMAS scan option which sets only the FIN, PSH, and URG flags and nothing else. I'll also be using Zenmap, Ndiff and Wireshark to help you get the idea.


fin_wo_ack Nice thread from this site.

\_0-0_/ AdsL is Hell \_0-0_/
To Infinity
Wats SUP doc.... You using too much.....


Register (or login) on our website and you will not see this ad.

  Print Thread

Jump to