General Discussion
  >> General Broadband Chatter


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User bluesea
(committed) Mon 20-Oct-14 11:13:58
Print Post

UDP packets - DOS attack?


[link to this post]
 
I spotted in my router log that I regularly get security alerts of a UDP packet (labelled as 'DOS') being sent to random ports on my IP address. The IP address it's from is always the same - I shan't post it here but it starts with 78.151.235.xxx and appears to be a domestic TalkTalk IP.

I had a powercut the other day and my IP address changed, but I'm still getting the frequent UDP packets from that same IP address. How is it able to still target my connection even though my IP changed? Is it just targeting loads of IP address blocks at random? I'm also on TalkTalk (via AOL) so I'm wondering if it's some sort of TalkTalk bot?!

An example is below:

UDP Packet - Source:78.151.235.xxx,40900 Destination:xx.xx.xx.xx,46219 - [DOS]

Edited by bluesea (Mon 20-Oct-14 11:14:51)

Administrator MrSaffron
(staff) Mon 20-Oct-14 11:20:42
Print Post

Re: UDP packets - DOS attack?


[re: bluesea] [link to this post]
 
Some routers shout about a DoS attack for things like fragmented UDP packets that can result from timed out DNS lookups and similar.

With a DoS attack if you were really under attack your connection would not be working at all.

Also if someone was running a DDoS that was large enough to hit all the customers on an ISP one would hope the ISP would notice and block it upstream which is the correct way to handle this sort of thing, my money goes on this being a router just not understanding some fragmentation and calling it DoS.

The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
Standard User bobble_bob
(fountain of knowledge) Mon 20-Oct-14 11:34:24
Print Post

Re: UDP packets - DOS attack?


[re: MrSaffron] [link to this post]
 
My router regularly picks up "fin" attacks with just 1 packet being sent. Tracing the IP address its more often than not its just akamai or some ad based service that the site uses

Think routers are over senstive to stuff like that

Edited by bobble_bob (Mon 20-Oct-14 11:34:54)


Register (or login) on our website and you will not see this ad.

Standard User Oliver341
(eat-sleep-adslguide) Mon 20-Oct-14 13:31:56
Print Post

Re: UDP packets - DOS attack?


[re: bluesea] [link to this post]
 
It looks like Netgear's "Port Scan and DoS Protection" if I'm not mistaken.

These days I tick "Disable Port Scan and DoS Protection" as a matter of course, since I've always found it to break more stuff than it fixes, and of course the usual NAT firewall remains in place anyway.

Oliver.
  Print Thread

Jump to