wndr3700v2 log

trick0502 · Mar 18, 2011

so i have a wndr3700v2 from netgear. it has a log file that will lag a lot of things, such as dos attacks.

[DoS Attack: RST Scan] from source: 91.79.183.132, port 28764, Thursday, March 17,2011 06:34:09
[DoS Attack: RST Scan] from source: 91.79.183.132, port 27389, Thursday, March 17,2011 06:29:00
[DoS Attack: RST Scan] from source: 82.171.129.82, port 11939, Thursday, March 17,2011 06:23:40
[DoS Attack: RST Scan] from source: 82.171.129.82, port 10895, Thursday, March 17,2011 06:18:45
[DoS Attack: RST Scan] from source: 82.171.129.82, port 29947, Thursday, March 17,2011 06:13:46
[DoS Attack: RST Scan] from source: 83.255.54.241, port 60457, Thursday, March 17,2011 06:13:37
[DoS Attack: RST Scan] from source: 83.255.54.241, port 21489, Thursday, March 17,2011 06:08:49
[DoS Attack: RST Scan] from source: 83.255.54.241, port 21065, Thursday, March 17,2011 06:06:49
[DoS Attack: RST Scan] from source: 24.145.73.171, port 56738, Thursday, March 17,2011 06:04:57
[DoS Attack: RST Scan] from source: 110.55.234.34, port 56015, Thursday, March 17,2011 06:02:43
[DoS Attack: RST Scan] from source: 174.112.76.194, port 51259, Thursday, March 17,2011 06:01:53
[DoS Attack: RST Scan] from source: 72.252.157.44, port 57257, Thursday, March 17,2011 06:01:52
[DoS Attack: RST Scan] from source: 24.145.73.171, port 55926, Thursday, March 17,2011 06:00:13
[DoS Attack: RST Scan] from source: 109.252.242.92, port 29372, Thursday, March 17,2011 05:56:55
[DoS Attack: RST Scan] from source: 110.55.234.34, port 54203, Thursday, March 17,2011 05:51:03
[DoS Attack: RST Scan] from source: 24.76.89.59, port 61476, Thursday, March 17,2011 05:50:41
[DoS Attack: RST Scan] from source: 24.62.142.126, port 50853, Thursday, March 17,2011 05:50:33
[DoS Attack: RST Scan] from source: 110.55.234.34, port 54006, Thursday, March 17,2011 05:49:27
[DoS Attack: RST Scan] from source: 72.252.157.44, port 54673, Thursday, March 17,2011 05:39:28
[DoS Attack: RST Scan] from source: 82.136.215.4, port 17885, Thursday, March 17,2011 05:39:01
[DoS Attack: RST Scan] from source: 72.252.157.44, port 54504, Thursday, March 17,2011 05:37:52
[DoS Attack: RST Scan] from source: 98.253.92.228, port 52016, Thursday, March 17,2011 05:37:42
[DoS Attack: RST Scan] from source: 24.76.89.59, port 60105, Thursday, March 17,2011 05:36:17
[DoS Attack: RST Scan] from source: 24.76.89.59, port 59907, Thursday, March 17,2011 05:34:37
[DoS Attack: RST Scan] from source: 190.244.11.145, port 63971, Thursday, March 17,2011 05:34:20
[DoS Attack: RST Scan] from source: 82.136.215.4, port 16789, Thursday, March 17,2011 05:34:11
[DoS Attack: RST Scan] from source: 98.253.92.228, port 50897, Thursday, March 17,2011 05:33:02
[DoS Attack: RST Scan] from source: 98.253.92.228, port 50591, Thursday, March 17,2011 05:31:21
[DoS Attack: RST Scan] from source: 82.136.215.4, port 14943, Thursday, March 17,2011 05:25:31
[DoS Attack: RST Scan] from source: 82.136.215.4, port 14474, Thursday, March 17,2011 05:23:44

is this a lot of attacks?

voodoochildbc · Mar 19, 2011

I think these are false positives. Judging by those port numbers it's probably bittorrent/p2p. I tracerouted a couple IPs and they're coming from shaw cable, home ISPs, etc.

Are you noticing issues with your internet connection? If that's logging every connection in the "DoS attack", that's not nearly enough traffic to cripple you.

voodoochildbc · Mar 19, 2011

Could also be somebody port scanning a range of IPs looking for stuff that got opened by viruses and malware. This is common as well, and your router's firewall is doing its job

trick0502 · Mar 21, 2011

[DoS Attack: RST Scan] from source: 190.244.11.145, port 55966, Monday, March 21,2011 10:57:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 55565, Monday, March 21,2011 10:37:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 55166, Monday, March 21,2011 10:17:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 54762, Monday, March 21,2011 09:57:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 54362, Monday, March 21,2011 09:37:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 53962, Monday, March 21,2011 09:17:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 53561, Monday, March 21,2011 08:57:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 53160, Monday, March 21,2011 08:37:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 52761, Monday, March 21,2011 08:17:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 52358, Monday, March 21,2011 07:57:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 51958, Monday, March 21,2011 07:37:01
[DoS Attack: RST Scan] from source: 190.244.11.145, port 51420, Monday, March 21,2011 07:17:01
[DoS Attack: RST Scan] from source: 65.55.17.27, port 80, Monday, March 21,2011 06:33:56
[DoS Attack: RST Scan] from source: 64.124.104.223, port 80, Monday, March 21,2011 06:33:31
[DoS Attack: RST Scan] from source: 190.244.11.145, port 50691, Monday, March 21,2011 05:33:17
[DoS Attack: RST Scan] from source: 190.244.11.145, port 49686, Monday, March 21,2011 05:13:17
[DoS Attack: RST Scan] from source: 190.244.11.145, port 2921, Monday, March 21,2011 04:53:17
[DoS Attack: RST Scan] from source: 190.244.11.145, port 64911, Monday, March 21,2011 04:33:17

everyday, they just keep coming!!!

mattjw916 · Mar 21, 2011

All Internet facing IP addresses will experience this at some point or another. If you are already configured to drop external connection requests (because you are using PAT for example and aren't port forwarding to internal IP addresses) you can just disable the logging as it just creates an extra load on your router with little benefit.

wndr3700v2 log

trick0502

Supreme [H]ardness

voodoochildbc

Limp Gawd

voodoochildbc

Limp Gawd

trick0502

Supreme [H]ardness

mattjw916

[H]ard|Gawd