Discussion stats
  • 11 replies
  • 2330 views
  • 0 kudos
  • 5 in conversation
Announcements

Top Contributors
Reply
Highlighted

Lots of dos attacks from China?

So I'm getting a bunch of these right now and most of the IP's are from China. What should I do?

 

[DoS Attack: SYN/ACK Scan] from source: 39.107.196.251, port 80, Thursday, October 24, 2019 21:04:01
[DoS Attack: SYN/ACK Scan] from source: 125.64.5.24, port 80, Thursday, October 24, 2019 21:03:19
[DoS Attack: RST Scan] from source: 121.198.25.74, port 80, Thursday, October 24, 2019 21:02:47
[DoS Attack: SYN/ACK Scan] from source: 121.198.25.74, port 80, Thursday, October 24, 2019 21:02:26
[DoS Attack: SYN/ACK Scan] from source: 119.23.78.110, port 80, Thursday, October 24, 2019 21:01:09
[DoS Attack: RST Scan] from source: 122.114.90.192, port 80, Thursday, October 24, 2019 21:00:23
[DoS Attack: SYN/ACK Scan] from source: 122.114.90.192, port 80, Thursday, October 24, 2019 21:00:02
[DoS Attack: SYN/ACK Scan] from source: 39.134.163.179, port 80, Thursday, October 24, 2019 20:59:36
[DoS Attack: SYN/ACK Scan] from source: 122.226.191.163, port 80, Thursday, October 24, 2019 20:58:56
[admin login] from source 192.168.1.10, Thursday, October 24, 2019 20:58:27
[DoS Attack: SYN/ACK Scan] from source: 110.42.66.207, port 80, Thursday, October 24, 2019 20:57:53
[DoS Attack: SYN/ACK Scan] from source: 58.215.87.161, port 80, Thursday, October 24, 2019 20:57:04
[DoS Attack: SYN/ACK Scan] from source: 198.200.56.203, port 80, Thursday, October 24, 2019 20:55:52
[DoS Attack: SYN/ACK Scan] from source: 103.85.85.59, port 80, Thursday, October 24, 2019 20:55:39
[DoS Attack: SYN/ACK Scan] from source: 103.67.174.120, port 80, Thursday, October 24, 2019 20:55:15
[DoS Attack: SYN/ACK Scan] from source: 123.183.213.241, port 80, Thursday, October 24, 2019 20:54:14
[admin login failure] from source 192.168.1.10, Thursday, October 24, 2019 20:53:32
[admin login] from source 192.168.1.10, Thursday, October 24, 2019 20:52:58
[DHCP IP: 192.168.1.21] to MAC address f0:d1:a9:28:2d:2c, Thursday, October 24, 2019 20:52:31
[DoS Attack: SYN/ACK Scan] from source: 58.218.200.152, port 80, Thursday, October 24, 2019 20:51:32
[DoS Attack: RST Scan] from source: 182.92.213.124, port 80, Thursday, October 24, 2019 20:51:19
[DoS Attack: SYN/ACK Scan] from source: 182.92.213.124, port 80, Thursday, October 24, 2019 20:50:58
[DHCP IP: 192.168.1.10] to MAC address 54:27:1e:fb:38:96, Thursday, October 24, 2019 20:50:35
[DoS Attack: SYN/ACK Scan] from source: 223.130.10.211, port 80, Thursday, October 24, 2019 20:50:07
[DoS Attack: SYN/ACK Scan] from source: 222.186.153.90, port 80, Thursday, October 24, 2019 20:49:38
[DHCP IP: 192.168.1.10] to MAC address 54:27:1e:fb:38:96, Thursday, October 24, 2019 20:48:56
[DoS Attack: SYN/ACK Scan] from source: 37.187.92.197, port 7780, Thursday, October 24, 2019 20:48:31
[DHCP IP: 192.168.1.10] to MAC address 54:27:1e:fb:38:96, Thursday, October 24, 2019 20:48:27
[DoS Attack: SYN/ACK Scan] from source: 210.27.250.235, port 80, Thursday, October 24, 2019 20:47:19
[DoS Attack: SYN/ACK Scan] from source: 182.140.213.91, port 80, Thursday, October 24, 2019 20:46:32
[DoS Attack: SYN/ACK Scan] from source: 43.226.64.222, port 80, Thursday, October 24, 2019 20:46:13
[DoS Attack: SYN/ACK Scan] from source: 37.187.92.197, port 7780, Thursday, October 24, 2019 20:46:06
[DoS Attack: SYN/ACK Scan] from source: 106.3.156.146, port 80, Thursday, October 24, 2019 20:45:55
[DoS Attack: SYN/ACK Scan] from source: 47.99.171.159, port 80, Thursday, October 24, 2019 20:44:13
[DoS Attack: SYN/ACK Scan] from source: 119.188.197.9, port 80, Thursday, October 24, 2019 20:44:11
[DoS Attack: SYN/ACK Scan] from source: 222.186.170.39, port 80, Thursday, October 24, 2019 20:44:07
[DoS Attack: SYN/ACK Scan] from source: 45.125.29.205, port 80, Thursday, October 24, 2019 20:43:39
[DoS Attack: SYN/ACK Scan] from source: 210.73.61.35, port 80, Thursday, October 24, 2019 20:42:30
[DoS Attack: SYN/ACK Scan] from source: 112.127.150.175, port 80, Thursday, October 24, 2019 20:41:40
[DoS Attack: SYN/ACK Scan] from source: 125.88.146.200, port 80, Thursday, October 24, 2019 20:40:23
[DoS Attack: SYN/ACK Scan] from source: 43.227.196.186, port 80, Thursday, October 24, 2019 20:40:20
[DHCP IP: 192.168.1.21] to MAC address f0:d1:a9:28:2d:2c, Thursday, October 24, 2019 20:40:06
[DoS Attack: SYN/ACK Scan] from source: 120.25.162.229, port 80, Thursday, October 24, 2019 20:38:00
[DoS Attack: SYN/ACK Scan] from source: 222.73.22.71, port 80, Thursday, October 24, 2019 20:37:38
[DoS Attack: SYN/ACK Scan] from source: 210.32.15.191, port 80, Thursday, October 24, 2019 20:37:23
[DoS Attack: TCP/UDP Chargen] from source: 146.88.240.4, port 47599, Thursday, October 24, 2019 20:36:08
[DoS Attack: SYN/ACK Scan] from source: 124.173.157.105, port 80, Thursday, October 24, 2019 20:34:58
[DoS Attack: SYN/ACK Scan] from source: 218.75.11.245, port 80, Thursday, October 24, 2019 20:34:44
[DoS Attack: SYN/ACK Scan] from source: 47.93.183.81, port 80, Thursday, October 24, 2019 20:33:27
[DoS Attack: SYN/ACK Scan] from source: 183.136.132.31, port 80, Thursday, October 24, 2019 20:31:01
[DoS Attack: SYN/ACK Scan] from source: 43.228.66.18, port 80, Thursday, October 24, 2019 20:30:27
[DoS Attack: SYN/ACK Scan] from source: 101.69.161.50, port 80, Thursday, October 24, 2019 20:30:16
[DoS Attack: SYN/ACK Scan] from source: 123.58.144.54, port 80, Thursday, October 24, 2019 20:29:05
[DoS Attack: SYN/ACK Scan] from source: 119.28.70.188, port 80, Thursday, October 24, 2019 20:25:30
[DoS Attack: SYN/ACK Scan] from source: 223.7.70.252, port 80, Thursday, October 24, 2019 20:24:41
[DoS Attack: SYN/ACK Scan] from source: 112.29.178.26, port 80, Thursday, October 24, 2019 20:23:50
[DoS Attack: SYN/ACK Scan] from source: 42.51.190.238, port 80, Thursday, October 24, 2019 20:23:48
[DoS Attack: SYN/ACK Scan] from source: 112.29.178.26, port 80, Thursday, October 24, 2019 20:23:43
[DoS Attack: SYN/ACK Scan] from source: 42.51.190.238, port 80, Thursday, October 24, 2019 20:23:24
[DoS Attack: SYN/ACK Scan] from source: 58.218.196.203, port 80, Thursday, October 24, 2019 20:23:19
[DoS Attack: SYN/ACK Scan] from source: 42.51.190.238, port 80, Thursday, October 24, 2019 20:23:02
[DoS Attack: SYN/ACK Scan] from source: 45.121.105.2, port 80, Thursday, October 24, 2019 20:22:15
[DoS Attack: SYN/ACK Scan] from source: 114.255.165.45, port 80, Thursday, October 24, 2019 20:21:22
[DoS Attack: TCP/UDP Chargen] from source: 185.94.111.1, port 58594, Thursday, October 24, 2019 20:20:37
[DoS Attack: RST Scan] from source: 206.54.163.145, port 443, Thursday, October 24, 2019 20:19:44
[DoS Attack: SYN/ACK Scan] from source: 58.131.135.119, port 80, Thursday, October 24, 2019 20:18:44
[DoS Attack: SYN/ACK Scan] from source: 58.131.146.14, port 80, Thursday, October 24, 2019 20:18:35
[DoS Attack: SYN/ACK Scan] from source: 117.34.105.181, port 80, Thursday, October 24, 2019 20:18:33
[DoS Attack: SYN/ACK Scan] from source: 222.186.43.115, port 80, Thursday, October 24, 2019 20:16:53
[DoS Attack: SYN/ACK Scan] from source: 219.142.81.70, port 80, Thursday, October 24, 2019 20:16:46
[DHCP IP: 192.168.1.21] to MAC address f0:d1:a9:28:2d:2c, Thursday, October 24, 2019 20:16:28
[DoS Attack: SYN/ACK Scan] from source: 111.26.154.82, port 80, Thursday, October 24, 2019 20:15:23
[DoS Attack: SYN/ACK Scan] from source: 183.61.126.235, port 80, Thursday, October 24, 2019 20:13:57
[DoS Attack: SYN/ACK Scan] from source: 222.73.38.14, port 80, Thursday, October 24, 2019 20:12:40
[DoS Attack: RST Scan] from source: 142.111.183.61, port 80, Thursday, October 24, 2019 20:12:35
[DoS Attack: SYN/ACK Scan] from source: 142.111.183.61, port 80, Thursday, October 24, 2019 20:12:14
[DoS Attack: SYN/ACK Scan] from source: 110.188.0.112, port 80, Thursday, October 24, 2019 20:10:05
[DoS Attack: SYN/ACK Scan] from source: 39.96.126.98, port 80, Thursday, October 24, 2019 20:10:03
[DoS Attack: SYN/ACK Scan] from source: 61.147.112.104, port 80, Thursday, October 24, 2019 20:09:25
[DoS Attack: RST Scan] from source: 43.226.152.88, port 80, Thursday, October 24, 2019 20:08:54
[DoS Attack: SYN/ACK Scan] from source: 43.226.152.88, port 80, Thursday, October 24, 2019 20:08:33
[DoS Attack: SYN/ACK Scan] from source: 120.132.31.204, port 80, Thursday, October 24, 2019 20:07:34
[DoS Attack: SYN/ACK Scan] from source: 123.151.66.16, port 80, Thursday, October 24, 2019 20:07:06
[DoS Attack: SYN/ACK Scan] from source: 47.97.244.39, port 80, Thursday, October 24, 2019 20:07:01
[DoS Attack: SYN/ACK Scan] from source: 123.151.66.16, port 80, Thursday, October 24, 2019 20:06:51
[DoS Attack: SYN/ACK Scan] from source: 116.140.34.150, port 80, Thursday, October 24, 2019 20:05:44
[DoS Attack: SYN/ACK Scan] from source: 113.105.164.73, port 80, Thursday, October 24, 2019 20:05:38
[DoS Attack: SYN/ACK Scan] from source: 58.131.165.245, port 80, Thursday, October 24, 2019 20:04:51
[DoS Attack: SYN/ACK Scan] from source: 221.229.162.107, port 80, Thursday, October 24, 2019 20:03:13
[DoS Attack: SYN/ACK Scan] from source: 218.94.123.147, port 80, Thursday, October 24, 2019 20:02:28
[DoS Attack: SYN/ACK Scan] from source: 222.187.227.128, port 80, Thursday, October 24, 2019 20:02:26
[DoS Attack: SYN/ACK Scan] from source: 103.21.141.105, port 80, Thursday, October 24, 2019 20:01:29
[DoS Attack: SYN/ACK Scan] from source: 43.251.236.148, port 80, Thursday, October 24, 2019 20:00:55
[DoS Attack: SYN/ACK Scan] from source: 43.226.36.217, port 80, Thursday, October 24, 2019 20:00:19
[DoS Attack: SYN/ACK Scan] from source: 180.86.201.155, port 80, Thursday, October 24, 2019 20:00:06
[DHCP IP: 192.168.1.21] to MAC address f0:d1:a9:28:2d:2c, Thursday, October 24, 2019 19:59:52
[DoS Attack: SYN/ACK Scan] from source: 219.83.160.5, port 80, Thursday, October 24, 2019 19:58:49
[DoS Attack: SYN/ACK Scan] from source: 116.31.115.140, port 80, Thursday, October 24, 2019 19:56:15
[DoS Attack: SYN/ACK Scan] from source: 222.187.232.54, port 80, Thursday, October 24, 2019 19:55:31
[DoS Attack: SYN/ACK Scan] from source: 120.210.204.105, port 80, Thursday, October 24, 2019 19:54:33
[DoS Attack: SYN/ACK Scan] from source: 43.226.53.158, port 80, Thursday, October 24, 2019 19:53:24
[DoS Attack: SYN/ACK Scan] from source: 43.243.131.34, port 80, Thursday, October 24, 2019 19:52:36
[DoS Attack: SYN/ACK Scan] from source: 111.230.218.167, port 80, Thursday, October 24, 2019 19:51:41
[DoS Attack: SYN/ACK Scan] from source: 14.17.95.60, port 80, Thursday, October 24, 2019 19:51:39
[DHCP IP: 192.168.1.21] to MAC address f0:d1:a9:28:2d:2c, Thursday, October 24, 2019 19:51:38
[DoS Attack: SYN/ACK Scan] from source: 111.230.218.167, port 80, Thursday, October 24, 2019 19:51:10
[DoS Attack: SYN/ACK Scan] from source: 124.173.66.128, port 80, Thursday, October 24, 2019 19:50:57
[DoS Attack: SYN/ACK Scan] from source: 103.13.222.44, port 80, Thursday, October 24, 2019 19:49:02
[DoS Attack: SYN/ACK Scan] from source: 183.245.147.216, port 80, Thursday, October 24, 2019 19:48:41
[DoS Attack: SYN/ACK Scan] from source: 183.3.205.241, port 80, Thursday, October 24, 2019 19:48:34
[DoS Attack: SYN/ACK Scan] from source: 39.96.129.74, port 80, Thursday, October 24, 2019 19:46:29
[DoS Attack: SYN/ACK Scan] from source: 117.41.185.66, port 80, Thursday, October 24, 2019 19:45:39
[DoS Attack: SYN/ACK Scan] from source: 202.102.89.84, port 80, Thursday, October 24, 2019 19:44:57
[DoS Attack: SYN/ACK Scan] from source: 49.7.61.130, port 80, Thursday, October 24, 2019 19:44:48
[DoS Attack: SYN/ACK Scan] from source: 180.97.239.213, port 80, Thursday, October 24, 2019 19:44:03
[DoS Attack: SYN/ACK Scan] from source: 222.186.138.98, port 80, Thursday, October 24, 2019 19:43:05
[DoS Attack: SYN/ACK Scan] from source: 211.149.247.252, port 80, Thursday, October 24, 2019 19:42:44
[DoS Attack: SYN/ACK Scan] from source: 219.153.116.146, port 80, Thursday, October 24, 2019 19:42:35
[DoS Attack: RST Scan] from source: 223.6.154.34, port 80, Thursday, October 24, 2019 19:42:31
[DoS Attack: SYN/ACK Scan] from source: 223.6.154.34, port 80, Thursday, October 24, 2019 19:42:10
[DoS Attack: SYN/ACK Scan] from source: 14.17.95.21, port 80, Thursday, October 24, 2019 19:41:49
[DoS Attack: SYN/ACK Scan] from source: 110.42.65.46, port 80, Thursday, October 24, 2019 19:41:09
[DoS Attack: SYN/ACK Scan] from source: 36.250.236.25, port 80, Thursday, October 24, 2019 19:39:34
[admin login failure] from source 192.168.1.53, Thursday, October 24, 2019 19:38:23
[DoS Attack: SYN/ACK Scan] from source: 211.151.144.50, port 80, Thursday, October 24, 2019 19:37:56
[DoS Attack: ACK Scan] from source: 13.226.96.183, port 80, Thursday, October 24, 2019 19:37:28
[DoS Attack: SYN/ACK Scan] from source: 182.61.29.244, port 80, Thursday, October 24, 2019 19:37:08
[DoS Attack: SYN/ACK Scan] from source: 43.227.220.5, port 80, Thursday, October 24, 2019 19:37:08
[admin login] from source 192.168.1.53, Thursday, October 24, 2019 19:37:03
[DoS Attack: SYN/ACK Scan] from source: 118.244.213.225, port 80, Thursday, October 24, 2019 19:35:54
[DoS Attack: SYN/ACK Scan] from source: 103.80.26.199, port 80, Thursday, October 24, 2019 19:34:57
[DHCP IP: 192.168.1.5] to MAC address 88:de:a9:29:18:61, Thursday, October 24, 2019 19:34:26
[DoS Attack: SYN/ACK Scan] from source: 220.202.15.27, port 80, Thursday, October 24, 2019 19:33:42
[DoS Attack: SYN/ACK Scan] from source: 116.206.177.219, port 80, Thursday, October 24, 2019 19:33:37
[DHCP IP: 192.168.1.5] to MAC address 88:de:a9:29:18:61, Thursday, October 24, 2019 19:32:28
[DoS Attack: SYN/ACK Scan] from source: 118.24.103.207, port 80, Thursday, October 24, 2019 19:32:23
[DoS Attack: SYN/ACK Scan] from source: 43.251.236.228, port 80, Thursday, October 24, 2019 19:31:44
[DoS Attack: RST Scan] from source: 47.105.138.16, port 80, Thursday, October 24, 2019 19:31:33
[DoS Attack: SYN/ACK Scan] from source: 47.105.138.16, port 80, Thursday, October 24, 2019 19:31:12
[DoS Attack: SYN/ACK Scan] from source: 58.215.89.197, port 80, Thursday, October 24, 2019 19:31:04
[DoS Attack: SYN/ACK Scan] from source: 58.131.134.149, port 80, Thursday, October 24, 2019 19:30:14
[admin login failure] from source 192.168.1.4, Thursday, October 24, 2019 19:29:49
[admin login] from source 192.168.1.4, Thursday, October 24, 2019 19:29:08
[DHCP IP: 192.168.1.4] to MAC address 04:d6:aa:2d:f8:df, Thursday, October 24, 2019 19:28:51
[DoS Attack: SYN/ACK Scan] from source: 122.226.189.230, port 80, Thursday, October 24, 2019 19:28:12
[DoS Attack: SYN/ACK Scan] from source: 120.236.151.84, port 80, Thursday, October 24, 2019 19:28:04

Message 1 of 12
Highlighted
Master

Re: Lots of dos attacks from China?

Yes, this behavior is dramatically worse today than before, by a factor of 4 or 5.

 

There is nothing a person can do.  This is like those horrible robo-calls.  Some ghoul is sending packets to your public IP address and the Orbi firewall software is putting entries in the log saying that it recognizes patterns in those packets.

 

The Orbi does not accept connections from the internet unless the user has specifically told it to (a) by activating Remote Management or (b) by setting up OpenVPN.

 

It is possible to stop logging DoS and port scans.  They will still happen, but the log will no longer show them.

I love my Orbi.
Message 2 of 12
Highlighted

Re: Lots of dos attacks from China?

I mean should I power cycle my modem and prob unit? Or should I call Comcast to change my I'm address?

Message 3 of 12
Highlighted
Master

Re: Lots of dos attacks from China?

I do not see how changing the public IP address will accomplish anything.  People doing this are simply trying evey possible IP address. Likewise, power cycling the modem or Orbi won't change anything.

 

(Editorial:  This situation is very much like the robo-call mess.  If our tiny Orbi can detect that someone is sending "bad packets" our way, surely the ISP network could detect this behavior at the source and take action against the people doing it.  Oh, well.)

I love my Orbi.
Message 4 of 12
Highlighted

Re: Lots of dos attacks from China?

So it's basically a waiting game at this point.

 

Message 5 of 12
Highlighted
Master

Re: Lots of dos attacks from China?

It will never end.  Personally, it reminds me that the internet is a jungle.  I like to look through the logs every once in a while, but basically ignore this stuff.  People who do not look at router logs are blissfully ignorant, and probably happier, too.

I love my Orbi.
Message 6 of 12
Highlighted

Re: Lots of dos attacks from China?

By waiting game I meant wait till it gets back to much less. Since this is unusual for me. Normally I do see IP's from China in my log but today takes the cake in terms of it being minute by minute almost. I did experince some slowdown earlier.

Message 7 of 12
Highlighted
Guide

Re: Lots of dos attacks from China?

Same happening to me tonight, exponentially worse than I’ve experienced previously with slowdowns as well. Small clip of my logs:

[DoS Attack: SYN/ACK Scan] from source: 58.131.191.30, port 80, Thursday, October 24, 2019 21:09:23
[DoS Attack: SYN/ACK Scan] from source: 103.21.116.215, port 80, Thursday, October 24, 2019 21:05:10
[DoS Attack: SYN/ACK Scan] from source: 119.249.54.135, port 80, Thursday, October 24, 2019 21:01:20
[DoS Attack: SYN/ACK Scan] from source: 210.82.31.29, port 80, Thursday, October 24, 2019 21:00:03
[DoS Attack: SYN/ACK Scan] from source: 121.18.238.22, port 80, Thursday, October 24, 2019 20:57:22
[DoS Attack: SYN/ACK Scan] from source: 121.18.168.121, port 80, Thursday, October 24, 2019 20:54:42
[DoS Attack: SYN/ACK Scan] from source: 43.224.226.20, port 80, Thursday, October 24, 2019 20:54:41
[DoS Attack: SYN/ACK Scan] from source: 121.18.168.121, port 80, Thursday, October 24, 2019 20:54:24
[DoS Attack: SYN/ACK Scan] from source: 125.65.112.182, port 80, Thursday, October 24, 2019 20:51:20
[DoS Attack: SYN/ACK Scan] from source: 223.6.147.79, port 80, Thursday, October 24, 2019 20:50:46
[DoS Attack: SYN/ACK Scan] from source: 59.56.110.127, port 80, Thursday, October 24, 2019 20:50:18
[DoS Attack: SYN/ACK Scan] from source: 36.248.216.164, port 80, Thursday, October 24, 2019 20:50:05
[DoS Attack: SYN/ACK Scan] from source: 223.6.147.79, port 80, Thursday, October 24, 2019 20:50:01
[DoS Attack: SYN/ACK Scan] from source: 157.255.231.190, port 80, Thursday, October 24, 2019 20:49:00
Message 8 of 12
Highlighted

Re: Lots of dos attacks from China?


@CrimpOn wrote:

They will still happen, but the log will no longer show them.


At the same time, the router's processor will not bust a gut as it tries to log all of those intrusions.

 

Just another user.

My network DM200 -> R7800 -> GS316 -> PL1000 -> Orbi RBR40 -> Orbi RBS50Y -> RBS40V
Message 9 of 12
Highlighted
Guru

Re: Lots of dos attacks from China?

YOu might power OFF the ISP modem and RBR, say right before you go to bed, then power ON in the morning and see if the logs are still filling up. 

I would contact your ISP and check about changing the WAN IP address to see if this might help some. 


@RedBatman89 wrote:

I mean should I power cycle my modem and prob unit? Or should I call Comcast to change my I'm address?


 


My Setup (Cable 900Mbps/50Mbps)>CAX80>RBK853 v3.1.15.32(Router Mode)
Additional NG HW: C7800/CM1100/CM1200, Orbi CBK40, RBK50, R7800, R7960P,
EX7500/EX7700, XR450 and WNHDE111
Message 10 of 12
Highlighted

Re: Lots of dos attacks from China?

Hi I just wanna say today the logs are much better. The attacks have gone back down to the bare minimum they are at normally. So good thing for that. 

Message 11 of 12
Highlighted
Master

Re: Lots of dos attacks from China?

My logs have gone back to normal as well.  Was exciting while it lasted.

I love my Orbi.
Message 12 of 12