What Does Dos Attack: Ack Scan Mean
Constant Dos attacks on my router appear to be taking out my internet connection. Ask Question 2. So I'm a noob here and have been doing some research on why my internet (cable modem) locks up about once or twice a week ever since installing a Netgear N900 router a few months ago. DoS Attack: SYN/ACK Scan from source: 149.202.86.200, port. I have a Netgear Wnr1000v2 router. I have set my NAT to secure mode ( I don't know if that helps). Many times when I see my router's log I see lots of DoS attack: RST Scan. I think that these only occur when I use uTorrent or Tunngle. Whenever I get hit with these DoS attacks my Internet slows down significantly, then it completely disconnects.
Hey guys,I'm brand new here, created my account specifically so I could post here about this issue that I've been having.If it's at all helpful - I have a Netgear Nighthawk R7000 router at home, Optimum as my ISP and maybe 10 total devices connected: 2 laptops, 2 smartphones, 2 tablets, PS4, printer, etc.I'm somewhat technologically savvy but I don't ever, ever check my router logs. Take the tin-foil hat off pleaselikely simply a machine on the network probing for a open port or a request that timed out after the the WAN connection went offlineits normal network traffic if you where under attack you would know itand even if you where there would be exactly nothing you could do about it anyway the firewall is doing what the firewall is intended todo filter unnecessary or unwanted traffic and notifying you that its doing so20 seconds is a pretty short window likely its set to be over-sensitive. Take the tin-foil hat off pleaselikely simply a machine on the network probing for a open port or a request that timed out after the the WAN connection went offlineits normal network traffic if you where under attack you would know itand even if you where there would be exactly nothing you could do about it anyway the firewall is doing what the firewall is intended todo filter unnecessary or unwanted traffic and notifying you that its doing so20 seconds is a pretty short window likely its set to be over-sensitive. And things will come aknocking anyway, sniffing around. It's in the nature of the internet. And naah, not malware. Keep away from shady sites, pirating strange and exotic things, don't open attachements you don't trust, open links that points to this-is-totally-battle.net and so on and you'll be fine, unless someone after some bizzare nature is out to get you personally.
Keep your softwares updated as well.What avarage joes should fear is ID theft and social network hacks (and cryptoviruses, but if you follow what I wrote above it's not likely you'll get one of those). Not much sense in DoSing a random guy just like that, especially not when social engineering is so much easier and faster. And things will come aknocking anyway, sniffing around. It's in the nature of the internet. And naah, not malware.
Keep away from shady sites, pirating strange and exotic things, don't open attachements you don't trust, open links that points to this-is-totally-battle.net and so on and you'll be fine, unless someone after some bizzare nature is out to get you personally. Keep your softwares updated as well.What avarage joes should fear is ID theft and social network hacks (and cryptoviruses, but if you follow what I wrote above it's not likely you'll get one of those). Not much sense in DoSing a random guy just like that, especially not when social engineering is so much easier and faster. As the others hinted at there's nothing to actually fix.
If you want to you can keep an eye out and when you get a thousand of them in a few seconds then sure there might be time to do something (beginning with troubleshooting because it would likely be a bug rather than an attack), but until then sail on as usual and forget about it. If you really want to get paranoid, download Wireshark and marvel at just how much data is shoveled to and from your machine. If Netgear indeed sucks at IP tables (which is likely) then it's not strange some of the packets will be falsely flagged as dangerous.Trust. They tend to know their stuff, even if at least one of them suck at punctuation.
You're going to get spurious traffic from strange sources. It's going to happen.
There is a very good reason why I DROP packets on my gateway and don't REJECT them but, that's a discussion for people who use Linux as a router or gateway server. Also it's entirely possible that it's just some service that you're connecting to where the other server is trying to see if it can open a connection back to the computer. Usually this doesn't work and requires an established connection that was initiated by your computer (to make NAT traversal possible,) so it's entirely possible that they're just legitimate packets getting dropped that aren't required for regular functioning (if the IP belongs to a legitimate company, such as Microsoft.)Simple fact is that you have nothing to worry about. The fact that you're seeing those messages means that the firewall is at least doing its job (or attempting to,) so I wouldn't worry about it.Let me put it another way, the worst of attacks are the ones that aren't going to show up in a firewall log. They'll be ones were you have an open vulnerability that you most likely know nothing about.Also, you can reset the IP yourself if it's dynamic. Just turn your router off for the DHCP lease time or spoof a different MAC address. System NameRemixedBeast-NXProcessorIntel Xeon E5-2650 @ 2.2Ghz (8C/16T)MotherboardDell Inc.
08HPGT (CPU 1)CoolingDell StandardMemory32GB ECCVideo Card(s)EVGA Nvidia GTX 650 Ti SSC 1GBStorage500GB Samsung 850//2TB WD BlackDisplay(s)Samsung SyncMaster P2350 23in @ 1920x1080 + Dell E2013H 20 in @1600x900CaseDell Precision T3600 ChassisAudio Device(s)Beyerdynamic DT770 Pro 80 // Fiio E7 Amp/DACPower Supply630w Dell T3600 PSUMouseLogitech G700s/G502KeyboardLogitech K740SoftwareWindows Server 2012 x64 StandardBenchmark ScoresNetwork: APs: Cisco Meraki MR32, Ubiquiti Unifi AP-AC-LR and LiteRouter/Sw:Meraki MX64 MS220-8P. Try to boot from a linux usb stick and see if you still get it (make sure you have nothing else using the router during the test, not even other wireless devices, turn off the radio if you can). I'm very lucky because I get a new IP every time I change my MAC address in the router and the IP stays the same for a year if I don't touch the MAC (to make it more awesome I get 3 unique IPs at the same time if I plug in a switch into the modem.but that's an other story), so try to clone the mac address of your PC for example and see if you get a new IP or not (modem + router OFF/ON needed). Try to boot from a linux usb stick and see if you still get it (make sure you have nothing else using the router during the test, not even other wireless devices, turn off the radio if you can).
I'm very lucky because I get a new IP every time I change my MAC address in the router and the IP stays the same for a year if I don't touch the MAC (to make it more awesome I get 3 unique IPs at the same time if I plug in a switch into the modem.but that's an other story), so try to clone the mac address of your PC for example and see if you get a new IP or not (modem + router OFF/ON needed). Then make a bootable windows pendrive, or try safe mode with networking at least. You could also set up wireshark and see if anything is happening from/towards that IP.
If you don't understand networking then your best bet is to take the router and bring it to your friend's house. Use it there for an hour and see if it shows the same behavior or not.
Dos Attack: Ack Scan Attack Packets
If it does, then you can start messing around with the settings, if not, then it's an attack indeed, or one of your PCs doing something nasty or just something normal what the router misinterprets. System NameVenslarProcessorI9 7980XEMotherboardMSI x299 Tomahawk ArcticCoolingEK CustomMemory32GB Corsair DDR4 3000mhzVideo Card(s)Nvidia Titan RTXStorage2x 2TB Micron SSDs 1x ADATA 128SSD 1x Drevo 256SSD 1x 1TB 850 EVO 1x 250GB 960 EVODisplay(s)3x AOC Q2577PWQ (2k IPS)CaseInwin 303 White (Thermaltake Ring 120mm Purple accent)Audio Device(s)Realtek ALC 1220 on Audio-Technica ATH-AG1Power SupplySeasonic 1050W SnowMouseRoccat Tyon WhiteKeyboardDucky Shine 6 Snow WhiteSoftwareWindows 10 x64 Pro.