# Netgear log dos attacks???



## HELPMEM8S (Feb 25, 2005)

I remember when I used to look at the router logs for my wireless router I would see the name of websites visited from people who were using my wireless signal. There is supposed to only be one person using my wireless signal as I am using a ethernet cable attached to the router. When I click "attached devices" it only shows me and one other person, however the log seems to show there is more than one person attached besides the two of us.

I am semi-computer literate but obviously semi-retarded because this router log is all a foreign language to me. So here is the log, if anyone can make some sense of it for me I would appreciate it. I guess I am mainly worried about the Denial Of Service Attacks but I would also like to know why the log doesn't read like it did last time I checked. Now that I think about it I don't know what I should be worried about.

*I am pretty sure the only "attached devices" are supposed to be*

*ME*[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 21:05:49
*GUY USING MY WIRELESS*[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010

*I have no idea who this is supposed to be. Or like I said maybe I am just retarded.
*
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Monday, March 29,2010 23:43:06

March 30,2010 14:18:36
[DoS Attack: RST Scan] from source: 75.21.100.39, port 4078, Tuesday, March 30,2010 13:01:56
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Tuesday, March 30,2010 11:43:07
[Time synchronized with NTP server] Tuesday, March 30,2010 10:49:43
[DoS Attack: RST Scan] from source: 217.119.54.143, port 45707, Tuesday, March 30,2010 09:18:31
[DoS Attack: RST Scan] from source: 118.136.244.67, port 1082, Tuesday, March 30,2010 07:00:37
[DoS Attack: ACK Scan] from source: 65.55.87.123, port 80, Tuesday, March 30,2010 05:46:01
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Tuesday, March 30,2010 05:45:42
[DoS Attack: ACK Scan] from source: 65.55.87.123, port 80, Tuesday, March 30,2010 05:45:42
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Tuesday, March 30,2010 05:43:42
[UPnP set event: del_nat_rule] from source 192.168.1.5, Monday, March 29,2010 23:44:59
[UPnP set event: add_nat_rule] from source 192.168.1.5, Monday, March 29,2010 23:43:07
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Monday, March 29,2010 23:43:06
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 21:05:49
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010 20:56:25
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 15:11:52
[DoS Attack: FIN Scan] from source: 83.30.6.104, port 49547, Monday, March 29,2010 14:40:04
[Time synchronized with NTP server] Monday, March 29,2010 10:49:42
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Monday, March 29,2010 06:20:28
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Monday, March 29,2010 02:35:42
[DoS Attack: ACK Scan] from source: 65.55.183.7, port 80, Sunday, March 28,2010 21:12:01
[DoS Attack: FIN Scan] from source: 97.113.145.180, port 61578, Sunday, March 28,2010 20:24:01
[DoS Attack: ACK Scan] from source: 162.95.222.239, port 443, Sunday, March 28,2010 17:32:09
[DoS Attack: RST Scan] from source: 12.130.102.24, port 443, Sunday, March 28,2010 15:59:00
[Internet connected] IP address: 67.162.132.xxx, Sunday, March 28,2010 15:31:43
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Sunday, March 28,2010 14:24:59
[Time synchronized with NTP server] Sunday, March 28,2010 10:49:41
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Sunday, March 28,2010 09:45:02
[DoS Attack: ACK Scan] from source: 65.54.95.13, port 80, Sunday, March 28,2010 08:35:09
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Sunday, March 28,2010 02:24:52
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 23:44:31
[UPnP set event: add_nat_rule] from source 192.168.1.5, Saturday, March 27,2010 23:16:24
[DHCP IP: 192.168.1.5] to MAC address 00:24:8d:d2:3c:xx, Saturday, March 27,2010 23:16:23
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 23:06:35
[DHCP IP: 192.168.1.4] to MAC address 00:21:63:bb:87:xx, Saturday, March 27,2010 21:45:00
[DoS Attack: RST Scan] from source: 216.252.125.65, port 443, Saturday, March 27,2010 18:33:01
[DHCP IP: 192.168.1.3] to MAC address 00:0d:9d:5e:9a:xx, Saturday, March 27,2010 11:06:34
[DoS Attack: ACK Scan] from source: 174.140.157.25, port 80, Saturday, March 27,2010 10:50:18
[Time synchronized with NTP server] Saturday, March 27,2010 10:49:40


----------



## lunarlander (Sep 22, 2007)

Just enable WPA2 encryption, set a 16 character passphrase and that will lock the intruders out of using your network. Also change the router's admin password, the default password for each router model is published.


----------



## antimoth (Aug 8, 2009)

I would be bummed out if I found extra local IP's on my router. You and the guy that piggybacks off your service should be using WPA2 encryption, providing that the gear supports it. If not that, at least enable MAC address filtering on the wireless and a lesser encryption. While both of the latter are crackable, odds are whoever is there doesn't have the tools.

There may also be less sinister reasons for extra IP's. A second laptop or a game console. A friend dropped by with a netbook. Dual boot machine with linux/windows using different computer names. Still, if you got an open wifi net, you are asking for it.

As for the DOS attacks, google the syntax and read the links. The IP's in your log include Microsoft, Yahoo, and Blue Shield. Maybe they are not DOS attacks. I thought DOS was a 1000 hits per second. Yours are like one very few hours.


----------



## HELPMEM8S (Feb 25, 2005)

im using wpa2 and my router password is unique. i know both of our computers are secure so thats why this is so confusing. my concern is that before when i looked at the logs from my netgear router i would see the websites people were viewing, now all i see is these wierd DOS attacks. any other ideas?


----------



## Frank4d (Sep 10, 2006)

00:0d:9d:5e:9a:xx is HP, 00:24:8d:d2:3c:xx is Sony, and 00:21:63:bb:87:xx is Askey Computer Corp. If you have a Sony PS3 and Askey VOIP phone or TV set top box, that would explain them.


----------

