strange router log entries

J

joinerjohn

Recently my router has been disconnecting from the interwebthingy for short times.
I have logging enabled on it so I have had a look tonight. Here's a copy of part of the internet log from Sunday.

"[DOS attack: FIN Scan] attack packets in last 20 sec from ip [84.53.178.115], Sunday, Jun 20,2010 12:11:00"

Am I right in thinking this is a Denial Of Service attack, or am I completely mistaken?
Antivirus and firewall don't seem to pick this up when it happens though.
Cheers JB
 
Sponsored Links
joinerjohn said:
Antivirus and firewall don't seem to pick this up when it happens though.
Cheers JB
Click to expand...
These will only detect issues if you've configured them to monitor your router. Usually they're monitoring the PC only.
 
Thanks Tapir, But surely the firewall is monitoring the internet connection which comes through the router. Why would it not pick up this?
 
joinerjohn said:
Thanks Tapir, But surely the firewall is monitoring the internet connection which comes through the router.
Click to expand...

No, it doesn't work that way. It's monitoring traffic reaching your PC.

Why would it not pick up this?
Click to expand...

Because it's networking, not magic.

Frankly this is most likely a false alarm on the part of the router: Consumer equipment has no idea what a DoS looks like, and just normal rapid packet flow triggers these 'warnings'.
 
Sponsored Links
Thanks Monkeh. I take it, this is nothing to be worried about then? ;) ;)
 
joinerjohn said:
Thanks Monkeh. I take it, this is nothing to be worried about then? ;) ;)
Click to expand...

Let me put it this way.. You're one person, who most likely has never annoyed anyone with the capability or will to perform a DoS attack against you. What are the odds someone would target you?
 
Dunno, some of the topics in GD get a bit heated :LOL: :LOL: :LOL:
Could be I've upset some cyber terrorists and their getting revenge. ;) ;) ;) ;) ;)
I'll just wait till my computer blows up again.
;) ;)
 
Just out of interest, If I try to connect to the IP address as above, I get the message " Invalid Address, yet if I run the CMD and type in ping 84.53.178.115 I get the results I'd expect from any valid IP address. It pings it and gets the return (average 21ms). Weird. ;) ;)
 
This is because the IP is from a content delivery network (Akamai). The URL is invalid, not the address.
 
You must log in or register to reply here.
Sponsored Links

Similar threads

S
Hackers squeeze through DVR hole, break into CCTV cameras
Replies
7
Views
1K
alumni
A
M
Help setting up FTP access using a NAS, Router and Modem.
Replies
6
Views
2K
SeanT
S
Back
Top