Sign in with
Sign up | Sign in
Your question
Solved

Netgear DOS attack logs

Tags:
  • DOS
  • Netgear
  • Networking
  • Routers
Last response: in Networking
Share
January 16, 2014 3:53:15 AM

Hi when looking at my netgear routers logs I keep seeing these DOS Attacks happening:

[DOS Attack] : 17 [STORM] packets detected in last 20 seconds, source ip [192.168.0.12]
Thursday, Jan 16,2014 10:25:44


[DOS Attack] : 27 [STORM] packets detected in last 20 seconds, source ip [192.168.0.12]
Thursday, Jan 16,2014 10:26:05

I know they are being detected but are they actually doing anything?
How can i stop these?

Thanks in advance

More about : netgear dos attack logs

January 16, 2014 4:36:55 AM

these DOS are internal on your network, find your computer assigned with 192.168.0.12 and stop the attacks, by either shutting it off, running a virus scan, uninstalling a malicious program, etc.
m
0
l
January 16, 2014 7:17:06 AM

Hi im really stumped, I've ran kaspersky pure 3.0 antivirus scan and that returned 8 trojans, deleted them and that put them into quarantine. Then restarted the computer and im still get DOS attacks. The pc has no malicious software as its only a week old and barley any software on it only google chrome, microsoft office etc.
its really bugging me is there anything else I should do?
m
0
l
Related resources

Best solution

January 16, 2014 8:01:41 AM

well, best i can figure is identifying the port being used, and blocking it via firewall settings both client side and router side.

If that doesn't fix it, maybe a clean install of Windows 7 would fix it?
Share
January 16, 2014 11:46:36 AM

Unplug the 192.168.0.12 computer from the lan and see if that stops the messages. If so, clean up that system before reconnecting it.
m
0
l
January 16, 2014 12:13:06 PM

SamirD said:
Unplug the 192.168.0.12 computer from the lan and see if that stops the messages. If so, clean up that system before reconnecting it.

LOL, i can tell you exactly what would happen then, it stops O.O, JK, i'm tired and bored, losing interest in a CPU war in CPU section.


But, Danny, you should keep an eye on it, if the DOS attacks start back up then the port changed which means its active and a reformat would have to be done, i recommend you install Zone Alarm Free Firewall on a fresh install of Windows and all other PCs in the network to lock out unwanted access.
m
0
l
January 16, 2014 12:29:53 PM

lol, well that's one way to stop it.

Dirty systems can infect an entire network in no time. It's best to isolate them completely by using advance routing tables or another router if you plan to keep them connected without a complete and isolated rebuilt. (ie, don't connect it to the Internet at all during the reformat.)

It's because of constant issues like this that I trashed all our computers at the office and put in thin clients. Download all the viruses you want! I'll reboot and they'll be gone. :D 
m
0
l
January 16, 2014 1:01:42 PM

Guys, thank you for your help, will see what happens in the morning. for now everyone apart from my pc is off the network haha
m
0
l
January 17, 2014 9:46:56 AM

SamirD said:
lol, well that's one way to stop it.

Dirty systems can infect an entire network in no time. It's best to isolate them completely by using advance routing tables or another router if you plan to keep them connected without a complete and isolated rebuilt. (ie, don't connect it to the Internet at all during the reformat.)

It's because of constant issues like this that I trashed all our computers at the office and put in thin clients. Download all the viruses you want! I'll reboot and they'll be gone. :D 


by "Thin Clients" do you mean "Sandboxed"? cuz that is quite extreme, additionally, if you did the method i suggested for reformatting, and your network was infected still, then the infected files were not on that system directly, maybe the infected file was on a NAS server on the network, but the computer you reformatted was NOT patient zero. So, though you didn't find success from my method stated above, i wouldn't consider it unsafe as i do this all the time in my network. Highspeed Gigabit is no joke when it comes to data health.

However "Sandboxing" a computer only protects from so much, in fact, a serious enough infection would infect the "Sandbox" program which would become seriously dangerous for network attached clients. Additionally, Sandboxing, would make it difficult to game on.
m
0
l
January 17, 2014 11:05:26 AM

Install WireShark and do a packet dump to see what packets are being sent. Maybe it's something as simple as a touchy firewall that is freaking out from a P2P app making lots of connections too fast.
m
0
l
January 17, 2014 11:46:21 AM

Kewlx25 said:
Install WireShark and do a packet dump to see what packets are being sent. Maybe it's something as simple as a touchy firewall that is freaking out from a P2P app making lots of connections too fast.


filesharing and torrents can do that, good thinking, i have had this issue before, on a netgear router.
m
0
l
June 6, 2014 9:50:40 AM

Its your torrent client installed on that system thats why you are getting these dos attacks messages. Shut off (exit ) the torrent client on your system. You will stop getting these dos attacks.
m
0
l
!