Re: DoS attack: SYN Flood - Network activity stops

Aethe · ‎2018-02-10

Picked up my C6250 last month. Very pleased. When checking the logs I've noticed numerous episodes of DoS attack: SYN Flood. My quick search of the internet indicated most of these are false positives. My concern is that when these attacks happen, all internet activity seems to stop on my home network. Websites fail to load, applications lose connection, etc. This happens on all devices on the network (phone, PC, mac). I've noticed repeatedly that this drop in service coorlates with the SYN Flood events in the router logs. I'm looking for some feedback as to if these are legit (probably not?) and if they are not legit, what can I do to prevent the router from dropping all traffic?

Background info:

Time Warner/Spectrum is my ISP. One PC, 1 Mac, 1 Windows labtop. The PC had a clean harddrive wipe and reinstall of windows 10 last week. All have been recently virus/malware swept and are clean. Didn't have this issue on my old router, but it was the free one provided by Time Warner. I have not setup any port forwarding. Remote management off. uPnP is off. IP address assignment is auto config, except my printer which I setup with a static because otherwise the wireless printer doesn't print. I recognise all the attached devices. And I don't know what most of these settings are but I tried to include most of the things I had seen mentioned in other posts.

Thanks!

[DoS attack: SYN Flood] from 54.197.254.190, port 443	1	Sat Feb 10 12:06:23 2018	192.168.0.16:61441	54.197.254.190:443
[DoS attack: SYN Flood] from 104.89.94.119, port 443	1	Sat Feb 10 12:06:13 2018	192.168.0.16:61296	104.89.94.119:443
[DoS attack: SYN Flood] from 34.204.203.129, port 443	1	Sat Feb 10 12:06:03 2018	192.168.0.13:62578	34.204.203.129:443
[DoS attack: SYN Flood] from 199.233.57.21, port 443	1	Sat Feb 10 12:05:51 2018	192.168.0.16:61169	199.233.57.21:443
[DoS attack: SYN Flood] from 52.23.110.199, port 443	1	Sat Feb 10 12:05:42 2018	192.168.0.16:61132	52.23.110.199:443
[DoS attack: SYN Flood] from 69.20.20.5, port 443	1	Sat Feb 10 12:05:19 2018	192.168.0.16:60997	69.20.20.5:443
[DoS attack: SYN Flood] from 169.55.70.227, port 443	1	Sat Feb 10 12:04:57 2018	192.168.0.16:60828	169.55.70.227:443
[DoS attack: SYN Flood] from 8.43.72.24, port 443	1	Sat Feb 10 12:04:39 2018	192.168.0.16:60746	8.43.72.24:443
[DoS attack: SYN Flood] from 202.241.208.4, port 443	1	Sat Feb 10 12:04:34 2018	192.168.0.16:60707	202.241.208.4:443
[DoS attack: SYN Flood] from 31.172.81.158, port 443	1	Sat Feb 10 12:04:16 2018	192.168.0.16:60600	31.172.81.158:443
[DoS attack: SYN Flood] from 152.163.50.3, port 443	1	Sat Feb 10 12:04:13 2018	192.168.0.16:60567	152.163.50.3:443
[DoS attack: SYN Flood] from 52.84.14.94, port 443	1	Sat Feb 10 12:03:57 2018	192.168.0.16:60459	52.84.14.94:443
[DoS attack: SYN Flood] from 151.101.186.49, port 443	1	Sat Feb 10 12:03:48 2018	192.168.0.16:60417	151.101.186.49:443
[DoS attack: SYN Flood] from 72.5.205.15, port 443	1	Sat Feb 10 12:03:41 2018	192.168.0.16:60376	72.5.205.15:443
[DoS attack: SYN Flood] from 151.101.32.193, port 443	1	Sat Feb 10 12:03:30 2018	192.168.0.16:60305	151.101.32.193:443
[DoS attack: SYN Flood] from 151.101.185.140, port 443	1	Sat Feb 10 12:03:21 2018	192.168.0.16:60234	151.101.185.140:443
[DoS attack: SYN Flood] from 8.43.72.21, port 443	1	Sat Feb 10 12:03:07 2018	192.168.0.16:60198	8.43.72.21:443
[DoS attack: Ping Of Death] from 235.72.8.0, port 0	2	Sat Feb 10 12:03:02 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: SYN Flood] from 23.45.146.221, port 443	1	Sat Feb 10 12:03:00 2018	192.168.0.13:62068	23.45.146.221:443
[DoS attack: SYN Flood] from 35.190.74.53, port 443	1	Sat Feb 10 12:02:57 2018	192.168.0.16:60155	35.190.74.53:443
[DoS attack: SYN Flood] from 52.3.10.212, port 443	1	Sat Feb 10 12:02:39 2018	192.168.0.13:61981	52.3.10.212:443
[DoS attack: SYN Flood] from 35.160.58.123, port 443	1	Sat Feb 10 12:02:35 2018	192.168.0.16:60057	35.160.58.123:443
[DoS attack: SYN Flood] from 23.45.145.141, port 443	1	Sat Feb 10 12:02:22 2018	192.168.0.13:61866	23.45.145.141:443
[DoS attack: SYN Flood] from 172.217.6.98, port 80	1	Sat Feb 10 12:01:28 2018	192.168.0.13:61727	172.217.6.98:80
[DoS attack: SYN Flood] from 172.226.73.182, port 443	1	Sat Feb 10 12:01:00 2018	192.168.0.13:61595	172.226.73.182:443
[DoS attack: SYN Flood] from 63.251.109.129, port 443	1	Sat Feb 10 11:59:59 2018	192.168.0.13:61397	63.251.109.129:443
[DoS attack: SYN Flood] from 23.215.105.114, port 80	1	Sat Feb 10 11:59:55 2018	192.168.0.13:61375	23.215.105.114:80
[DoS attack: SYN Flood] from 17.248.132.22, port 443	1	Sat Feb 10 11:57:44 2018	192.168.0.12:49774	17.248.132.22:443
[DoS attack: Ping Of Death] from 235.72.8.0, port 0	1	Sat Feb 10 11:57:32 2018	168.72.127.76:0	235.72.8.0:0
[DoS attack: SYN Flood] from 72.21.91.29, port 80	1	Sat Feb 10 11:57:26 2018	192.168.0.12:49706	72.21.91.29:80
[DoS attack: Teardrop or derivative] from 235.72.8.0, port 0	2	Sat Feb 10 11:57:22 2018	168.72.127.76:0	235.72.8.0:0
[DHCP IP: 192.168.0.12] to MAC address 3c:15:c2:cc:b0:a2	1	Sat Feb 10 11:57:13 2018	0.0.0.0:0	0.0.0.0:0
[DoS attack: Ping Of Death] from 235.72.8.0, port 0	1	Sat Feb 10 11:55:50 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: Illegal Fragments] from 235.72.8.0, port 0	2	Sat Feb 10 11:55:50 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: Teardrop or derivative] from 235.72.8.0, port 0	2	Sat Feb 10 11:55:50 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: SYN Flood] from 172.226.73.182, port 443	1	Sat Feb 10 11:55:43 2018	192.168.0.13:60966	172.226.73.182:443
[DoS attack: SYN Flood] from 23.45.146.221, port 443	1	Sat Feb 10 11:55:22 2018	192.168.0.13:60878	23.45.146.221:443
[DoS attack: TCP- or UDP-based Port Scan] from 209.18.47.62, port 53	1	Sat Feb 10 11:55:22 2018	104.230.48.208:59000	209.18.47.62:53
[DoS attack: SYN Flood] from 23.45.146.108, port 80	1	Sat Feb 10 11:55:04 2018	192.168.0.16:59773	23.45.146.108:80
[DHCP IP: 192.168.0.16] to MAC address ac:d1:b8:d4:63:27	1	Sat Feb 10 11:54:42 2018	0.0.0.0:0	0.0.0.0:0
[DHCP IP: 192.168.0.15] to MAC address 60:f8:1d:d4:41:93	1	Sat Feb 10 11:52:38 2018	0.0.0.0:0	0.0.0.0:0
[DoS attack: Teardrop or derivative] from 235.72.8.0, port 0	1	Sat Feb 10 11:52:09 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: Illegal Fragments] from 235.72.8.0, port 0	1	Sat Feb 10 11:52:01 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: Teardrop or derivative] from 235.72.8.0, port 0	3	Sat Feb 10 11:51:59 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: Ping Of Death] from 235.72.8.0, port 0	1	Sat Feb 10 11:51:48 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: Teardrop or derivative] from 235.72.8.0, port 0	1	Sat Feb 10 11:51:48 2018	205.212.198.96:0	235.72.8.0:0
[DoS attack: TCP- or UDP-based Port Scan] from 209.18.47.61, port 53	1	Sat Feb 10 11:51:47 2018	104.230.48.208:49695	209.18.47.61:53
[DoS attack: Teardrop or derivative] from 192.168.0.254, port 65519	2	Sat Feb 10 11:51:44 2018	239.255.255.250:65535	192.168.0.254:65519
[DHCP IP: 192.168.0.13] to MAC address d4:3d:7e:bf:40:f4	1	Sat Feb 10 11:51:44 2018	0.0.0.0:0	0.0.0.0:0
[DoS attack: Teardrop or derivative] from 192.168.0.254, port 65519	2	Sat Feb 10 11:51:43 2018	239.255.255.250:65535	192.168.0.254:65519

Courtenay · ‎2018-03-30

Did you get this fixed? It looksl ike we are having the same issue and I need a fix. Thanks!

Aethe · ‎2018-03-30

Nope never got it fixed. Still happens. Obnoxious.

vkdelta · ‎2018-04-01

@Aethe

Please PM me.

do you have a HP printer connected to the network by any chance?

Aethe · ‎2018-04-02

I sure do