[DoS Attack: ACK Scan] - Tech & Computer Forums

Go Back   Tech & Computer Forums > Security | Computer, Devices, Software and Systems > Viruses, Spyware and Malware
Closed Thread
 
Thread Tools Display Modes
 
Old 09-08-2009, 06:59 AM   #1 (permalink)
True Techie
 
lyecdevf's Avatar
 
Join Date: Aug 2008
Posts: 218
Default [DoS Attack: ACK Scan]

I loged today some attacks on my router. One of the IPs apparently belongs to facebook and the other one seems to come from Michelin. What should I make of this?

[DoS Attack: ACK Scan] from source: 212.11.63.254, port 80, Tuesday, September 08,2009 10:22:32
[DoS Attack: ACK Scan] from source: 69.63.186.38, port 80, Tuesday, September 08,2009 10:22:09
__________________

__________________
lyecdevf is offline  
Old 09-08-2009, 07:18 AM   #2 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: [DoS Attack: ACK Scan]

Can you block those IPs?
Have you hardened your router?
__________________

__________________
Osiris is offline  
Old 09-08-2009, 08:15 AM   #3 (permalink)
True Techie
 
lyecdevf's Avatar
 
Join Date: Aug 2008
Posts: 218
Default Re: [DoS Attack: ACK Scan]

I have a stupid Netgeat WPN824v3 rangemax router and I do not have a lot of options like firewall rules, protocol rules,...So there is nothing that I can really do! I am trying to fight back by port scanning the attackers but recently the IPs that are showing up seem to be from legitimate sites so I am having problems understanding that! I am not really paranoid but what kind of a security solution would be recommended?
__________________
lyecdevf is offline  
Old 09-08-2009, 08:55 AM   #4 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: [DoS Attack: ACK Scan]

Upgrade the firmware if needed

Answer

Then look thru the setup manual and look for security, etc to see what your options are.
__________________
Osiris is offline  
Old 09-08-2009, 10:24 AM   #5 (permalink)
True Techie
 
lyecdevf's Avatar
 
Join Date: Aug 2008
Posts: 218
Default Re: [DoS Attack: ACK Scan]

The firmware at the moment is:

Firmware Version V1.0.7_1.0.8

Well I check and I noticed that it has protocol filter so I could block certain ports. Any way I think that it has a pretty good security but one thing I still do not understand is the logs. Why do I only get the Re: [DoS Attack: ACK Scan] type? Does it interpret every wired packet as that and is not able to differentiate between lets say a ping of death and a tear drop attack?
__________________
lyecdevf is offline  
Old 09-08-2009, 10:50 AM   #6 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: [DoS Attack: ACK Scan]

This is nothing. Just bot's port scanning the Internet. ACK and FIN are both scanning techniques to help identify vulnerable servers behind routers/firewalls, with SYN scans being the most common. That wouldn't affect your speed at all though. If it was truly a (D)DoS you wouldn't even be able to access your routers web logs, as it would be out of resources. It's perfectly normal... you can't stop infected computers from port scanning. A normal packet is what, 1600 bytes if full and not fragmented, so if you do the math on it...a few thousand port scanning packets will not affect your bandwidth in any way shape or form.
__________________
Osiris is offline  
Old 09-09-2009, 12:35 PM   #7 (permalink)
True Techie
 
lyecdevf's Avatar
 
Join Date: Aug 2008
Posts: 218
Default Re: [DoS Attack: ACK Scan]

Would it be possible for computer of companies like yahoo, michelin,...be infected with such bots because I am geting these sort of attacks from those IPs? I always thought that there security is so good that nothing like that could happen to that and bot infections happened only to personal computers.
__________________
lyecdevf is offline  
Old 09-09-2009, 01:04 PM   #8 (permalink)
Techie Beyond Description
 
Osiris's Avatar
 
Join Date: Jan 2005
Location: Kentucky
Posts: 36,815
Send a message via ICQ to Osiris Send a message via AIM to Osiris Send a message via MSN to Osiris Send a message via Yahoo to Osiris
Default Re: [DoS Attack: ACK Scan]

Security is never 100%, there are always ways around it. The US Government was hacked many times.
__________________

__________________
Osiris is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Twitter hit by denial of service attack Osiris Internet Software and Browsers 1 08-07-2009 07:38 AM
Twitter users hit by smut spam hack attack Osiris Viruses, Spyware and Malware 0 03-09-2009 07:13 AM
Password guessing attack exposed in Twitter pwn Osiris Viruses, Spyware and Malware 0 01-07-2009 01:17 PM
Black hats attack gaping DNS hole Osiris Viruses, Spyware and Malware 0 08-01-2008 07:32 AM
DDoS attack floors Georgia prez website Osiris Viruses, Spyware and Malware 1 07-21-2008 11:00 AM


All times are GMT -5. The time now is 01:05 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Content Relevant URLs by vBSEO