DOS ATTACK,should I be worried
21-10-2009, 13:34
|
#1
|
Inactive
Join Date: Oct 2008
Location: warrington
Age: 52
Services: TiVo, 75 Smeg Broadband
Posts: 2,199
|
DOS ATTACK,should I be worried
Hi Ladies and Gents, Ive just nipped home at lunchtime to see if I'd had a reply from some of the guys on the vm newsgroups, and while I was mooching I had a quick look at the router logs.
It showed a dos attack on port 80 at the weekend, whilst I wasnt using the internet I might add.
Should I be concerned.
any advice for a relative novice.
|
|
|
21-10-2009, 13:37
|
#2
|
Inactive
Join Date: Feb 2004
Location: There's no place like 127.0.0.1
Services: Depends on the person and the price they're offering
Posts: 12,384
|
Re: DOS ATTACK,should I be worried
If the port's closed on your router (ie. rejecting inbound traffic on that port, or better still dropping inbound traffic on that port), and if your router is sufficiently robust to handle that amount of traffic directed at a single port, then I wouldn't worry about it at all.
|
|
|
21-10-2009, 13:54
|
#3
|
Inactive
Join Date: Oct 2008
Location: warrington
Age: 52
Services: TiVo, 75 Smeg Broadband
Posts: 2,199
|
Re: DOS ATTACK,should I be worried
Quote:
Originally Posted by Rob M
If the port's closed on your router (ie. rejecting inbound traffic on that port, or better still dropping inbound traffic on that port), and if your router is sufficiently robust to handle that amount of traffic directed at a single port, then I wouldn't worry about it at all.
|
Chances are it may be open due to the port forwarding/triggering ive done for the xbox and ps3, the router is the one supplied by vm "netgear WNR2000" I think.
I also have spi turned on
|
|
|
21-10-2009, 13:56
|
#4
|
Inactive
Join Date: Dec 2006
Location: Lincoln UK
Age: 75
Services: 50Mb, TV & Phone
Posts: 3,673
|
Re: DOS ATTACK,should I be worried
I agree with Rob M. This stuff happens and this at least proves that your router is doing it's job properly.
I'd check your router settings and see if there is any facility for 'remote management' or words to that effect. If it has that function make sure it's switched off.
|
|
|
21-10-2009, 13:58
|
#5
|
Inactive
Join Date: Feb 2004
Location: There's no place like 127.0.0.1
Services: Depends on the person and the price they're offering
Posts: 12,384
|
Re: DOS ATTACK,should I be worried
They shouldn't open port 80 inbound unless you're running a web server of some sort on them.
|
|
|
21-10-2009, 14:06
|
#6
|
Inactive
Join Date: Oct 2008
Location: warrington
Age: 52
Services: TiVo, 75 Smeg Broadband
Posts: 2,199
|
Re: DOS ATTACK,should I be worried
Quote:
Originally Posted by DaiNasty
I agree with Rob M. This stuff happens and this at least proves that your router is doing it's job properly.
I'd check your router settings and see if there is any facility for 'remote management' or words to that effect. If it has that function make sure it's switched off.
|
Thanks for that, I will check when I get home later on, I do recall seeing something for remote management but Im not sure what its set too.
---------- Post added at 14:06 ---------- Previous post was at 14:03 ----------
Quote:
Originally Posted by Rob M
They shouldn't open port 80 inbound unless you're running a web server of some sort on them.
|
No, No web server ( whatever they are ), are dos attack like one off attacks, or can they happen over prolonged periods.
|
|
|
21-10-2009, 14:31
|
#7
|
Inactive
Join Date: Feb 2008
Location: Swindon
Services: TiVo
110MB BB
Phone Line
Posts: 3,087
|
Re: DOS ATTACK,should I be worried
Quote:
Originally Posted by pabscars
Thanks for that, I will check when I get home later on, I do recall seeing something for remote management but Im not sure what its set too.
---------- Post added at 14:06 ---------- Previous post was at 14:03 ----------
No, No web server ( whatever they are ), are dos attack like one off attacks, or can they happen over prolonged periods.
|
it's very likely a port scanner of some description. Port 80 should be closed and your routers firewall should of kicked in anywho.
DDOS attacks can last for days an be every 10 seconds, if the "hacker / software" knows what they are doing. Seems like the attack wen't ment for a webserver as is was taketing port 80 httpd. Nothing to worry about.
|
|
|
21-10-2009, 14:40
|
#8
|
Inactive
Join Date: Dec 2006
Location: Lincoln UK
Age: 75
Services: 50Mb, TV & Phone
Posts: 3,673
|
Re: DOS ATTACK,should I be worried
Port scan seems a likely option. A serious DDOS attack involves packet volumes in excess of 100/second and can get up to the thousands if a botnet attack is occurring.
Probably just someone casually probing.
|
|
|
21-10-2009, 14:42
|
#9
|
Inactive
Join Date: Feb 2008
Location: Swindon
Services: TiVo
110MB BB
Phone Line
Posts: 3,087
|
Re: DOS ATTACK,should I be worried
Port scan is very very likely.
|
|
|
21-10-2009, 14:47
|
#10
|
Inactive
Join Date: Feb 2004
Location: There's no place like 127.0.0.1
Services: Depends on the person and the price they're offering
Posts: 12,384
|
Re: DOS ATTACK,should I be worried
You'll normally find that port scanners scan a range of ports, not the same port multiple times. A DOS is normally caused my sending massive amounts of traffic to a single socket, which is what the OP seems to be describing. If they were seeing a port scanner I'd expect to see them complaining of lots of ports being scanned not just port 80.
|
|
|
21-10-2009, 14:52
|
#11
|
Inactive
Join Date: Feb 2008
Location: Swindon
Services: TiVo
110MB BB
Phone Line
Posts: 3,087
|
Re: DOS ATTACK,should I be worried
Quote:
Originally Posted by Rob M
You'll normally find that port scanners scan a range of ports, not the same port multiple times. A DOS is normally caused my sending massive amounts of traffic to a single socket, which is what the OP seems to be describing. If they were seeing a port scanner I'd expect to see them complaining of lots of ports being scanned not just port 80.
|
It could be both to be fair.
|
|
|
21-10-2009, 15:27
|
#12
|
Inactive
Join Date: Oct 2008
Location: warrington
Age: 52
Services: TiVo, 75 Smeg Broadband
Posts: 2,199
|
Re: DOS ATTACK,should I be worried
Thank you all for your responses, its all a bit alien to me I,m afraid, I will have another mooch tonight and see if there is any more evidence.
Just one more question if I may,
Would these attacked influence my connectivity in anyway, because up until Thursday of last week, my connection had been very stable all week, yet since then its been all over the place.
Ive been having issues with slow speeds for some time, but like I say it had been rock steady for a week and now its back (worse than before) to being pants, so just wondered if there may be a connection?
|
|
|
21-10-2009, 15:28
|
#13
|
Inactive
Join Date: Feb 2004
Location: There's no place like 127.0.0.1
Services: Depends on the person and the price they're offering
Posts: 12,384
|
Re: DOS ATTACK,should I be worried
If the connection to your router is being flooded with packets, and if your router is attempting to process them all (instead of just dropping them without trying to do anything with them), then yes it could affect your connection speed.
|
|
|
21-10-2009, 17:03
|
#14
|
Inactive
Join Date: Dec 2006
Location: Lincoln UK
Age: 75
Services: 50Mb, TV & Phone
Posts: 3,673
|
Re: DOS ATTACK,should I be worried
Going back to your router logs for a moment, you say they show attacks to port 80. Do they also indicate the attacking IP address?
It would be useful to know if all the hits originate from one IP or if they are coming from a range. If they are from different addresses a couple of examples would be interesting.
|
|
|
21-10-2009, 17:07
|
#15
|
Inactive
Join Date: Feb 2008
Location: Swindon
Services: TiVo
110MB BB
Phone Line
Posts: 3,087
|
Re: DOS ATTACK,should I be worried
Quote:
Originally Posted by DaiNasty
Going back to your router logs for a moment, you say they show attacks to port 80. Do they also indicate the attacking IP address?
It would be useful to know if all the hits originate from one IP or if they are coming from a range. If they are from different addresses a couple of examples would be interesting.
|
It's likely it's coming from a "budget" rented server or some script.
if you can paste a bulk of your logs. The able here, will be able to see instantly.
And yes, if your router is under heavy DDOS then yes, speed will be effected
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 12:29.
|