Reply
Highlighted
Tutor

Help, DoS Attack and Lan Access from a remote? IP's from China and Russia...

Hey all,

 

Hopefully some can help me, as I'm very inexperienced with this stuff and can not find clear cut answers on google... I started having issues on Sunday Night (7/26) with all my connected devices whether it was LAN or Wireless, where our connections all would randomly drop - so I looked into the DumaOS and the Logs to find out we were under a Dos attack.. I decided to look up a few of the IP addresses to find it was originally coming from apple? Idk if it was some branch campus because the address the IP lookup gave me was incorrect, 20400 Stevens Creek Blvd, City Center Building 3 in Cupertino, California - 17.248.143.89 port 443 - along with a few others that would lead me either back to apple (17.253.25.203 port 80), which I decided to email the listed email they gave me at abuse@apple.com, or other familiar companies like 50.112.132.195 port 443 which was Amazon. I ended up contacting my ISP which happens to be Spectrum, and they had no idea what was going on... I talked to one lady who sent a technician who had absolutely no idea what I was talking about, and we ended up completely canceling our account and redoing it to only have the same issue. But, this time I started getting some very strange IP addresses, from China and Russia, and then the log started saying our LAN was being remotely accessed and that worried me. One of the IP address' was from Leon Shipping in China? FPT Telecom company in Vietnam? Makut Investments in the Netherlands? Telecom S.A. in Argentina? I tried signing up for NETGEAR ProSupport, but they wouldn't let me register my device for whatever reason... So here I am, no idea what to do lol. I tried looking online only to find sketchy youtube videos and small unheard of companies claiming they could help with little to no reviews..

 

I decided to link the log of my router, In hopes someone here has some insight on what I should do.. Would it be best for me to buy a new router? Or is there something else that I can do to help mitigate whatever is going on? 

 

Hopefully someone can help! I appreciate your time reading all this,

Thanks Branden

 

Model: XR500|Nighthawk Pro Gaming Router
Message 1 of 6
Highlighted
Tutor

Re: Help, DoS Attack and Lan Access from a remote? IP's from China and Russia...

The LAN access from remote, is towards the bottom of the log

Message 2 of 6
Highlighted
Guru

Re: Help, DoS Attack and Lan Access from a remote? IP's from China and Russia...

> Model: XR500|Nighthawk Pro Gaming Router

 

   There's a forum for those:

 

      https://community.netgear.com/t5/x/bd-p/en-home-nighthawk-pro-gaming-routers

 

> [...] I decided to look up a few of the IP addresses [...]

 

   Before worrying about who in the outside world is talking to your
stuff, I'd worry about what's on your LAN at "192.168.1.20".

 

   Did you configure a DMZ server or something?

Message 3 of 6
Highlighted
Tutor

Re: Help, DoS Attack and Lan Access from a remote? IP's from China and Russia...

Yes I actually did... I truly have no idea what I’m doing. I was trying to set a new IP address up but apparently that’s not how it works lol

Any suggestions on my next step? Should I be worried? Or will this blow over in a few days?
Message 4 of 6
Highlighted
Guru

Re: Help, DoS Attack and Lan Access from a remote? IP's from China and Russia...

> Yes I actually did... I truly have no idea what I'm doing. [...]

 

   If you have no good reason to configure a DMZ server, then you might
be happier if you didn't configure one.  Otherwise, welcome to the
Internet.

 

   There are many computers around the world which try to access every
system thay can, often for nefarious reasons.  By default, your router
will ignore/discard such attempts.  However, if you tell your router
that any incoming connection request should be forwarded to the system
at "192.168.1.20", and then you expose your router to the outside world,
then you might reasonably expect those connection attempts to reach that
system on your LAN.  And the router might record those attempts in its
log.

 

> [...] I was trying to set a new IP address up but apparently that's
> not how it works lol

 

   "a new IP address" for what?


> Any suggestions on my next step? [...]

 

   I don't know where you're trying to go.  Why the DMZ?  Is there some
actual problem which you were trying to solve (before you started
creating new ones)?

 

> [...] Should I be worried? [...]

 

   Do you think that I know what's on your LAN at "192.168.1.20"?

 

> [...] Or will this blow over in a few days?

 

   Do you think that the Internet will change fundamentally in a few
days?

Message 5 of 6
Highlighted
Tutor

Re: Help, DoS Attack and Lan Access from a remote? IP's from China and Russia...


 > If you have no good reason to configure a DMZ server, then you might
be happier if you didn't configure one.  Otherwise, welcome to the
Internet.

 

So the original reason why I tried the DMZ server and was trying to fiure out how to switch my IP Address, was because (another rookie mistake) someone on Reddit told me their ISP told them they needed a new IP address to fix their DoS issue - So I was hoping that would be the solution to mine... I didn't try the DMZ server until like 15 minutes before I posted this; And I took it off (or at least deselected the option in DumaOS) right when I saw your response -  so hopefully that worked.. And I'm guessing you can see what's on that server because you asked haha

 

 >  There are many computers around the world which try to access every
system thay can, often for nefarious reasons.  By default, your router
will ignore/discard such attempts.  However, if you tell your router
that any incoming connection request should be forwarded to the system
at "192.168.1.20", and then you expose your router to the outside world,
then you might reasonably expect those connection attempts to reach that
system on your LAN.  And the router might record those attempts in its
log.

 

Very Interesting - Guess I have lots to learn

 

 >  "a new IP address" for what?

 

I kind of explained this above, I basically was led to believe that I can get full access of my internet back from switching my IP.. but now I'm guessing that isn't correct?

 

> I don't know where you're trying to go.  Why the DMZ?  Is there some
actual problem which you were trying to solve (before you started
creating new ones)?

 

Well I'm not sure if it's the DoS attacks causing it, but that first night that I checked the logs : our internet was dropping like every 15 minutes - I contacted Spectrum and they didn't see any drop in connection, so was my router just shutting off to protect us from an attack? Since then, It hasn't been happening as frequently but our router still turns off at the very least twice a day.. Not the absolute biggest problem in the world but it would be nice to get back our seamless internet back

 

 

 > Do you think that I know what's on your LAN at "192.168.1.20"?

 

Guessing so haha - literally just clicked on the DMZ setting and entered the "192.168.1.20" and applied it, so I have no idea what it is linked to

 

 > Do you think that the Internet will change fundamentally in a few
days?

 

Back to the rookie reddit mistake - the one guy told me, his ISP said, to wait it out.. and the IP address would change on it's own?

 

I don't know.. I've never dealt with anything like this - is there a way to get back my Internet preforming at optimal capacity without the drops? Or what should I do? Sorry for the inexperience, I'm not neccesarrily a fan of being spoon fed but this stuff makes no sense to me and I can not figure out what to do

 

 


 

Message 6 of 6
Top Contributors
Discussion stats
  • 5 replies
  • 371 views
  • 3 kudos
  • 2 in conversation
Announcements