NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

numbertwo's avatar
numbertwo
Aspirant
Jul 27, 2017

What is happening in my logs for my modem/router? Dos, Remote and other stuff.

So i run malwarebyts rootkit scanner and it found so virus or infected rootkits(idk how or if they are different). Anyways i decided i should also check my logs for my router/modem and sure enough if...
dos
infected
Remote
Rootkits
Security
numbertwo's avatar
numbertwo
Aspirant
Jul 27, 2017

so here are the logs. I found out that my phone is the one doing this (Dos attacks). The ip 36.3.10.0:0 is my phone it somehow changed and started dos again so it was not my pc doing this but my phone im going to factory reset my phone and see if that works fixs it.

 

     
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 23:00:55 2017220.63.58.72:036.3.10.0:0
[    
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 22:02:06 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 02Wed Jul 26 22:01:50 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 22:01:47 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 22:01:29 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 22:01:29 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 22:01:26 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 22:00:28 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 017Wed Jul 26 22:00:23 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 03Wed Jul 26 21:59:39 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 03Wed Jul 26 21:59:38 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 21:58:30 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:57:16 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 02Wed Jul 26 21:57:16 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 022Wed Jul 26 21:56:43 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 21:55:51 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 02Wed Jul 26 21:55:02 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:54:09 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 21:54:09 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:54:05 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 03Wed Jul 26 21:52:24 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:51:32 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 06Wed Jul 26 21:51:28 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 04Wed Jul 26 21:51:22 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:51:22 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:51:19 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:51:18 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 06Wed Jul 26 21:51:16 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:49:37 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 02Wed Jul 26 21:49:37 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:45:31 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 03Wed Jul 26 21:45:31 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:45:31 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:45:10 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 21:45:07 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:45:07 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 05Wed Jul 26 21:45:07 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:45:00 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 012Wed Jul 26 21:44:58 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:44:57 2017220.63.58.72:036.3.10.0:0
     
[DoS attack: Ping Of Death] from 36.3.10.0, port 07Wed Jul 26 21:17:55 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 06Wed Jul 26 21:17:41 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:17:40 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 21:17:40 2017220.63.58.72:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 21:17:40 2017220.63.58.72:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 21:17:40 2017220.63.58.72:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 21:17:39 2017220.63.58.72:036.3.10.0:0
[LAN access from remote] from 157.56.144.216:3544 to 192.168.0.11:594121Wed Jul 26 21:17:26 2017192.168.0.11:59412157.56.144.216:3544
     
[DoS attack: Ping Of Death] from 36.3.10.0, port 03Wed Jul 26 21:17:10 2017220.63.58.72:036.3.10.0:0
     
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 010Wed Jul 26 12:14:48 2017136.91.114.146:036.3.10.0:0
[DHCP IP: 192.168.0.12] to MAC address fc:8f:90:8a:4c:6a1Wed Jul 26 11:29:59 20170.0.0.0:00.0.0.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 012Wed Jul 26 11:11:17 2017136.91.114.146:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 10:35:36 201740.17.244.67:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 02Wed Jul 26 10:35:24 201740.17.244.67:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 10:34:14 201740.17.244.67:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 10:32:06 2017136.91.114.146:036.3.10.0:0
[DoS attack: Ping Of Death] from 36.3.10.0, port 01Wed Jul 26 10:31:44 201740.17.244.67:036.3.10.0:0
[DoS attack: Teardrop or derivative] from 36.3.10.0, port 01Wed Jul 26 10:24:57 201740.17.244.67:036.3.10.0:0
[DoS attack: Illegal Fragments] from 36.3.10.0, port 01Wed Jul 26 10:24:56 201740.17.244.67:036.3.10.0:0
     
     
  • TheEther's avatar
    TheEther
    Guru
    Jul 27, 2017

    While you are at it, you might want to disable UPnP on the router, unless you need it for gaming. You should change the admin password on the router, too.

    • numbertwo's avatar
      numbertwo
      Aspirant
      Jul 27, 2017

      yea i changed my password for my router because it had the default one(password thats bad probably) and the wifi password too which had a more complex password. So was my phone just Dos a website or what was it doing and what is that remote thing?

      • TheEther's avatar
        TheEther
        Guru
        Jul 28, 2017

        The DoS attack log doesn't say much.  All we can say is that your router saw the traffic and reported it as malicious.

         

        The [LAN access from remote] message means that one of your devices (the one at 192.168.0.11) was accessed by a machine on the Internet.  This is not necessarily bad.  If you had deliberately opened access to that device for gaming or for sharing files, then it's normal to see that message.