× NETGEAR would like to hear from you about specific features so we can improve your experience. To participate in this survey please click HERE.
Reply

DoS Attack by Multiple IP's?

GuidanceSkeeker
Aspirant

DoS Attack by Multiple IP's?

Hello, i have a NETGEAR WNR2500 router and have recently experienced a DoS attack from what looked like multiple IP addresses according to my router log. I have tried everything to stop the person who is behind this attack, but nothing is working. Please help me. Is there some way i can report the hacker, or prevent further attacks? If so please let me know! I very much appreciate it! Here is my router log of what i saw:

 

[LAN access from remote] from 71.198.248.199:55086 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:20:37
[LAN access from remote] from 131.155.125.206:9987 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:19:55
[LAN access from remote] from 114.198.8.208:15995 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:19:18
[LAN access from remote] from 67.241.133.139:62241 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:19:18
[LAN access from remote] from 206.248.64.98:59123 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:19:16
[LAN access from remote] from 76.14.85.75:51047 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:19:12
[LAN access from remote] from 73.171.27.129:62473 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:18:44
[LAN access from remote] from 104.7.81.90:52035 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:18:41
[LAN access from remote] from 68.9.52.26:52493 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:18:20
[LAN access from remote] from 70.171.116.219:60626 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:18:20
[LAN access from remote] from 173.70.212.108:53438 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:18:19
[LAN access from remote] from 72.184.115.29:52259 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:18:18
[LAN access from remote] from 104.54.8.251:28043 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:29
[LAN access from remote] from 108.199.225.121:51145 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:23
[LAN access from remote] from 108.199.225.121:55287 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:20
[LAN access from remote] from 100.32.86.251:51875 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:19
[LAN access from remote] from 173.245.65.119:51611 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:14
[LAN access from remote] from 99.112.85.224:56964 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:14
[LAN access from remote] from 96.39.251.135:56494 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:13
[LAN access from remote] from 96.39.251.135:56367 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:12
[LAN access from remote] from 173.245.65.119:7687 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:12
[LAN access from remote] from 99.112.85.224:58873 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:17:12
[LAN access from remote] from 174.109.162.123:36162 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:59
[LAN access from remote] from 70.171.116.219:27462 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:54
[LAN access from remote] from 72.66.31.125:17845 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:54
[LAN access from remote] from 71.198.248.199:43206 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:54
[LAN access from remote] from 173.70.212.108:28401 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:54
[LAN access from remote] from 206.248.64.98:1030 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:54
[LAN access from remote] from 73.219.249.231:45926 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:53
[LAN access from remote] from 73.171.27.129:4083 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:53
[LAN access from remote] from 98.220.2.116:57511 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:53
[LAN access from remote] from 67.241.133.139:41292 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:53
[LAN access from remote] from 72.184.115.29:38793 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:53
[LAN access from remote] from 68.45.187.236:32837 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:51
[LAN access from remote] from 76.14.85.75:51022 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:48
[LAN access from remote] from 157.55.235.160:40026 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:47
[DoS Attack: UDP Port Scan] from source: 208.25.103.154, port 1900, Tuesday, October 13, 2015 18:16:44
[DoS Attack: UDP Port Scan] from source: 68.232.48.24, port 1900, Tuesday, October 13, 2015 18:16:42
[DoS Attack: UDP Port Scan] from source: 71.29.152.1, port 1900, Tuesday, October 13, 2015 18:16:37
[DoS Attack: UDP Port Scan] from source: 1.85.217.203, port 1900, Tuesday, October 13, 2015 18:16:26
[DoS Attack: UDP Port Scan] from source: 74.207.137.201, port 1900, Tuesday, October 13, 2015 18:16:22
[DoS Attack: UDP Port Scan] from source: 74.207.134.128, port 1900, Tuesday, October 13, 2015 18:16:22
[DoS Attack: UDP Port Scan] from source: 74.207.137.201, port 1900, Tuesday, October 13, 2015 18:16:22
[DoS Attack: UDP Port Scan] from source: 74.207.189.4, port 1900, Tuesday, October 13, 2015 18:16:21
[LAN access from remote] from 75.137.52.179:29810 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:20
[LAN access from remote] from 104.7.81.90:34558 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:16
[DoS Attack: UDP Port Scan] from source: 162.40.147.209, port 1900, Tuesday, October 13, 2015 18:16:07
[LAN access from remote] from 140.224.90.49:1900 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:16:04
[LAN access from remote] from 202.110.21.115:1900 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:15:50
[DoS Attack: UDP Port Scan] from source: 78.156.253.222, port 1900, Tuesday, October 13, 2015 18:15:49
[DoS Attack: UDP Port Scan] from source: 98.16.62.1, port 1900, Tuesday, October 13, 2015 18:15:48
[DoS Attack: UDP Port Scan] from source: 68.232.48.16, port 1900, Tuesday, October 13, 2015 18:15:48
[DoS Attack: UDP Port Scan] from source: 182.204.158.25, port 1900, Tuesday, October 13, 2015 18:15:43
[DoS Attack: UDP Port Scan] from source: 68.232.48.24, port 1900, Tuesday, October 13, 2015 18:15:43
[LAN access from remote] from 166.171.250.164:41997 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:15:35
[LAN access from remote] from 75.140.199.120:56303 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:15:32
[LAN access from remote] from 68.96.133.182:22432 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:15:16
[LAN access from remote] from 72.66.31.125:14406 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:15:13
[LAN access from remote] from 71.234.168.214:54264 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:14:04
[LAN access from remote] from 76.14.85.75:61768 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:13:23
[LAN access from remote] from 76.14.85.75:24410 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:13:11
[LAN access from remote] from 114.198.8.208:15995 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:11:10
[LAN access from remote] from 71.48.169.120:62705 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:10:16
[LAN access from remote] from 166.171.59.34:5103 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:09:57
[LAN access from remote] from 166.172.189.125:50245 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:09:42
[LAN access from remote] from 166.172.189.125:49103 to 192.168.1.11:15930, Tuesday, October 13, 2015 18:09:39
[Log Cleared] Tuesday, October 13, 2015 18:08:52

 

Message 1 of 7

Accepted Solutions
TheEther
Guru

Re: DoS Attack by Multiple IP's?

The next time you see the [LAN access from remote] logs, you can open a Command Prompt as Administrator on the targeted machine (assuming it's running Windows) and run netstat -b to obtain a listing of network connections and user processes that is responsible for each connection. In the example above, the LAN access targeted port 15930 on your computer, so you would look for that port in the netstat. If the owner process looks suspicious, then your computer could be compromised.

 

As I recommended already, you should disable uPNP. If your computer is compromised, it could be using uPNP to open ports in your router to allow unsolicited incoming traffic from the Internet.

View solution in original post

Message 6 of 7

All Replies
TheEther
Guru

Re: DoS Attack by Multiple IP's?

Those LAN access from remote logs look more troubling. I would suggest that you change your router's admin password, disable uPNP if you aren't using it, remove any unneeded port forwarding rules, and disable Remote Management.

 

Do you what device is at 192.168.1.11?  You can look at the Attached Devices page.

Message 2 of 7
GuidanceSkeeker
Aspirant

Re: DoS Attack by Multiple IP's?

I that, i cant answer with full confidence, but i can say i have never seen that ip in my logs before. Are you saying that could be the hacker?
Message 3 of 7
TheEther
Guru

Re: DoS Attack by Multiple IP's?

192.168.1.11 is being targeted by all of the remote traffic.

Message 4 of 7
GuidanceSkeeker
Aspirant

Re: DoS Attack by Multiple IP's?

Okay i see. Then that would be my computers IP.

Message 5 of 7
TheEther
Guru

Re: DoS Attack by Multiple IP's?

The next time you see the [LAN access from remote] logs, you can open a Command Prompt as Administrator on the targeted machine (assuming it's running Windows) and run netstat -b to obtain a listing of network connections and user processes that is responsible for each connection. In the example above, the LAN access targeted port 15930 on your computer, so you would look for that port in the netstat. If the owner process looks suspicious, then your computer could be compromised.

 

As I recommended already, you should disable uPNP. If your computer is compromised, it could be using uPNP to open ports in your router to allow unsolicited incoming traffic from the Internet.

Message 6 of 7
GuidanceSkeeker
Aspirant

Re: DoS Attack by Multiple IP's?

Thank you for your contribution to this post and i very much appreciate it. I will use your advice.
Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 4709 views
  • 0 kudos
  • 2 in conversation
Announcements

Orbi WiFi 6E