Orbi WiFi 7 RBE973
Reply

Re: Dos attack/back door?

ethantbk
Aspirant

Dos attack/back door?

[admin login] from source 192.168.1.2, Thursday, May 12, 2022 18:16:35
[admin login] from source 192.168.1.2, Thursday, May 12, 2022 18:15:54
[DoS attack:ACK_Scan] from source: 185.151.107.102,port 443, Thursday, May 12, 2022 17:57:53
[DoS attack:ACK_Scan] from source: 192.168.1.12,port 50587, Thursday, May 12, 2022 17:57:18
[DHCP IP: (192.168.1.11)] to MAC address 00:d2:b1:4e:b7:93, Thursday, May 12, 2022 17:50:51
[DHCP IP: (192.168.1.9)] to MAC address 74:ab:93:7b:91:2f, Thursday, May 12, 2022 17:31:56
[DoS attack:ACK_Scan] from source: 185.151.107.101,port 443, Thursday, May 12, 2022 17:25:09
[DHCP IP: (192.168.1.9)] to MAC address 74:ab:93:7b:91:2f, Thursday, May 12, 2022 17:21:45
[DHCP IP: (192.168.1.8)] to MAC address 74:ab:93:78:99:4e, Thursday, May 12, 2022 17:21:36
[DoS attack:ACK_Scan] from source: 192.168.1.12,port 54776, Thursday, May 12, 2022 17:20:42
[DoS attack:ACK_Scan] from source: 192.168.1.12,port 54775, Thursday, May 12, 2022 17:20:16
[DoS attack:ACK_Scan] from source: 17.248.230.30,port 443, Thursday, May 12, 2022 17:08:26
[admin login] from source 192.168.1.2, Thursday, May 12, 2022 17:06:21
[Log Cleared] Thursday, May 12, 2022 17:01:42

 

could someone please give me some information on if this is a false positive or a real dos attack

Message 1 of 8
FURRYe38
Guru

Re: Dos attack/back door?

Probably false positives. 

What is the device at 192.168.1.12? Thats on your LAN side of the router. 

 

Do a whois look up on 185.151.107.102

 

Try to no post MAC addresses in public forums for security reason.

Message 2 of 8

Re: Dos attack/back door?

Probably false positives. 

What is the device at 192.168.1.12? Thats on your LAN side of the router. 

 

Do a whois look up on 185.151.107.102

 


 

 

% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Information related to '185.151.107.96 - 185.151.107.127'

% Abuse contact for '185.151.107.96 - 185.151.107.127' is 'abuse@ukrhub.net'

inetnum: 185.151.107.96 - 185.151.107.127
netname: UKRCOM-CUSTOMER-NET
country: UA
status: ASSIGNED PA
created: 2018-08-09T12:37:38Z
last-modified: 2018-08-09T12:37:38Z
source: RIPE
admin-c: YZ42-RIPE
tech-c: UHUB-RIPE
mnt-by: YZ42-RIPE-MNT
remarks: Customer connection

person: Koblyuk Andrei
address: vul. S. Khokhlovyh, 15
address: Kiev, Ukraine, 04050
phone: +380 44 2055570
e-mail: hostmaster@ukrhub.net
nic-hdl: UHUB-RIPE
notify: yuriz@ukr-com.net
mnt-by: YZ42-RIPE-MNT
created: 2007-05-10T07:08:53Z
last-modified: 2017-03-06T11:32:53Z
source: RIPE

person: Yuri Zlenko
address: 04119, Ukraine, Kiev
address: vul. Simyi Khokhlovyh, 15, 3-rd floor
phone: +380 44 205-5514
fax-no: +380 44 205-5525
e-mail: yuriz@ukr-com.net
nic-hdl: YZ42-RIPE
notify: yuriz@ukr-com.net
mnt-by: YZ42-RIPE-MNT
created: 2001-12-07T15:14:10Z
last-modified: 2017-03-06T11:28:28Z
source: RIPE

% Information related to '185.151.104.0/22AS12593'

route: 185.151.104.0/22
origin: AS12593
descr: Ukrcom, Ltd.
mnt-by: YZ42-RIPE-MNT
created: 2016-05-10T10:02:11Z
last-modified: 2016-05-10T10:02:46Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.103 (WAGYU)

 

 

 

Message 3 of 8
ethantbk
Aspirant

Re: Dos attack/back door?

That IP is my phone, also when those attacks happen my whole internet service cuts out for 20-30 seconds
Message 4 of 8
microchip8
Master

Re: Dos attack/back door?

Disable DoS protection. 99% of time these are false positives. I've been running for years without DoS protection and never had issues

Message 5 of 8
ethantbk
Aspirant

Re: Dos attack/back door?

Even if they're from Ukraine and messing up my internet?

Message 6 of 8
microchip8
Master

Re: Dos attack/back door?

It's the "DoS protection" that is cutting your Internet, not Ukraine. They're just scanning. Happens to all every time

Message 7 of 8

Re: Dos attack/back door?


@microchip8 wrote:

It's the "DoS protection" that is cutting your Internet, not Ukraine.


 

Beat me to it. 

 

A bit more on that.

 

"DoS protection" and other features, such as QoS and toys like Armor, require the router's processor to do some heavy lifting beyond the usual management of the flow of traffic. Throw too much work at the processor and it throws in the towel and grinds to a halt.

Message 8 of 8
Top Contributors
Discussion stats
  • 7 replies
  • 1154 views
  • 1 kudo
  • 4 in conversation
Announcements

Orbi WiFi 7