Hi 2 all.
Well - I have a D-Link DSL-2870B modem/router and I have been having a growing issue with DoS attacks slowing my internet access. I have been using this unit since Feb 2014 and apart from the unit having very poor wireless range (barely 5 metres indoors through no walls) it has been working ok. Recently I have noticed my internet speeds becoming very slow and when I saw dropped packets I decided to take a look at the logs and was astounded to see massive numbers of DoS attacks including Xmas Tree attacks as well as SYN-Floods. I am running the current firmware version (Firmware Version : 2.01.01 Build Timestamp : 03112014 ) but strangely I have noticed this issue to become worse after updating (approximately 3 weeks ago) I reset the modem frequently (unplug power 3 - 4 times a week) but this does not help. I have contacted by internet provider and am awaiting their reply, however many experts have suggested that a decent router (with an integrated firewall) should be able to handle these attacks without impacting browsing/throughput performance. This leads me to wonder if this issue may in fact be a bug in the firmware or perhaps in the unit itself.
I mainly use a Win7 PC to connect to the net but I have today disconnected my PC and logged into the router on my Galaxy S4 to clear the router system logs (to check if the issue may have been due to malware on my PC) but the logs just keep growing even after clearing them on my S4 whilst the PC was left disconnected. Can this issue please be investigated urgently as I really need internet access for my job. I am based in QLD and the connection is a ClubTelco unlimited ADSL2+ service. (and we do not have a home phone connected so this will not be a factor) The most recent router logs are below. I performed a test and at this time I am seeing approximately 38000 attacks every hour. Does anyone have any suggestions as to how I can fix this or what I can try to isolate the issue?
Jul 12 17:34:43 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:84.202.233.133) detected. Packet dropped. Jul 12 17:34:43 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:121.217.185.184) detected. Packet dropped. Jul 12 17:34:43 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:69.120.210.62) detected. Packet dropped. Jul 12 17:34:43 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:195.198.36.34) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:41.66.227.110) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:80.189.190.172) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:73.179.199.109) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:212.215.180.70) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:90.148.121.37) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:115.178.26.223) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:180.94.85.17) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:37.105.64.
detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:124.105.239.150) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:) detected. Packet dropped. Jul 12 17:34:44 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:2.50.77.111) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:86.99.88.84) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:190.213.184.157) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:203.177.153.246) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:175.141.32.128) detected. Packet dropped. Jul 12 17:34:45 , <209> syslog: ATTACK Detected: 002[SYN-FLOOD] attack from WAN1 (ip:175.141.23.63) detected. Packet dropped. Looking forward to hearing from you Heath Buckley 0433429650 thebuckstopshere79@gmail.com
Author
Topic: DoS attacks / SYN-Floods / Xmas tree attacks - DSL-2870B (Read 4709 times)