Technical Discussion
  >> Home Networking, Internet Connection Sharing, etc.


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User trolleybus
(committed) Mon 09-Jun-14 16:44:17
Print Post

DOS Block


[link to this post]
 
My Draytek router is frequently sending me an email of which this is typical:

2014/06/09 09:52:00 -- [DOS][Block][syn_flood, timeout=10][192.168.202.203:53553->208.78.94.72:80][TCP][HLen=20, TLen=64, Flag=S, Seq=2621011111, Ack=0, Win=65535]

And here's another variation:
2014/06/09 09:04:43 -- [DOS][Block][tcp_flag, scanner=fin_wo_ack][192.168.202.211:49390->173.194.34.90:80][TCP][HLen=20, TLen=52, Flag=F, Seq=2803993150, Ack=0, Win=65535]

What proactive action should I take or is it something I need not worry about?
Standard User iand
(fountain of knowledge) Wed 11-Jun-14 18:58:44
Print Post

Re: DOS Block


[re: trolleybus] [link to this post]
 
are you running the 192.xxx.xxx.xx IP address on your pc. If so your pc looks to be running an attack on an outside internet IP address that your router is detecting.

I may have this wrong but I would run a virus scan asap........

IanD
Standard User trolleybus
(committed) Wed 11-Jun-14 19:56:15
Print Post

Re: DOS Block


[re: iand] [link to this post]
 
The LAN IPs are allocated to a couple of mobile phones and unsurprisingly there is no AV programs loaded onto them. What you appear to be suggesting is that they have been compromised in some way.

So it looks as though ESET Mobile Security - Home Edition should be installed. Would that resolve the problem?

However
208.78.94.72 is some company in the US
173.194.34.90 is Google
Could it be some app on the phone that is actually required but prevented from communicating with base because of firewall rules in the router?


Register (or login) on our website and you will not see this ad.

Standard User Zadeks
(experienced) Wed 11-Jun-14 20:02:48
Print Post

Re: DOS Block


[re: trolleybus] [link to this post]
 
False positive or trash internet traffic. Router DoS protection is useless. Nothing to worry about.
Standard User iand
(fountain of knowledge) Thu 12-Jun-14 20:47:30
Print Post

Re: DOS Block


[re: trolleybus] [link to this post]
 
as the other person said, looks like this may be a false positive, especially as you have mobile phones attached. It is up to you about using a mobile av solution. What you need is a outbound firewall check that validates the mobile app sending out and asks you for a yes/no allow. That way you can tell what is generating the traffic from the mobile.

IanD
Standard User Ignitionnet
(knowledge is power) Thu 12-Jun-14 21:07:31
Print Post

Re: DOS Block


[re: trolleybus] [link to this post]
 
It's fine, ignore it. Not worth investigating further or taking any action over.
  Print Thread

Jump to