• June 27, 2022, 11:01:17 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: Log shows continuous attack  (Read 4757 times)

buzzlightyear22

  • Level 1 Member
  • *
  • Posts: 2
Log shows continuous attack
« on: December 26, 2013, 05:53:21 PM »

I bought this about a month ago and noticed that internet is getting slower significantly and seeing the strangest log I've ever seen.
I upgraded the firmware to latest version for B1 h/w version that is 2.0.2, hide the ssid, turned it off for a night.

This morning, the log is some thing like this:

Dec 27 08:54:26Per-source ACK Flood Attack Detect (ip=74.125.200.101) Packet Dropped
Dec 27 08:54:26Whole System ACK Flood Attack from WAN Rule:Default deny
Dec 27 08:53:26Per-source ACK Flood Attack Detect (ip=173.194.117.30) Packet Dropped
Dec 27 08:53:26Whole System ACK Flood Attack from WAN Rule:Default deny
Dec 27 08:52:26Per-source ACK Flood Attack Detect (ip=173.194.117.30) Packet Dropped
Dec 27 08:52:26Whole System ACK Flood Attack from WAN Rule:Default deny
Dec 27 08:51:26Per-source ACK Flood Attack Detect (ip=173.194.117.30) Packet Dropped
Dec 27 08:51:26Whole System ACK Flood Attack from WAN Rule:Default deny
Dec 27 08:50:26Per-source ACK Flood Attack Detect (ip=173.194.117.30) Packet Dropped
Dec 27 08:50:26Whole System ACK Flood Attack from WAN Rule:Default deny

Anyone can advise what is wrong?
Thanks in advance
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49916
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Log shows continuous attack
« Reply #1 on: December 26, 2013, 05:58:24 PM »

Link>Welcome!

  • What region are you located?
  • Are you wired or wireless connected to the router?
  • Has a Factory Reset been performed?
  • Was a Factory Reset performed before and after any firmware updates then set up from scratch?
  • Was the router working before any firmware updates?

Internet Service Provider and Modem Configurations
  • What ISP Service do you have? Cable or DSL?
  • What ISP Modem Mfr. and model # do you have?
  • What ISP Modem service link speeds UP and Down do you have?
  • Check ISP MTU requirements, Cable is usually 1500, DSL is around 1492 down to 1472. Call the ISP and ask. Link>Checking MTU Values
  • For DSL/PPPoE connections on the router, ensure that "Always ON" option is enabled.

Router and Wired Configurations
Some things to try: - Log into the routers web page at 192.168.0.1. Use IE, Opera or FF to manage the router.
  • Turn off ALL QoS or Disable Traffic Shaping (DIR only) GameFuel (DGL only and if ON.) options, Advanced/QoS or Gamefuel.
  • Turn off Advanced DNS Services if you have this option under Setup/Internet/Manual or under Setup/PARENTAL CONTROL/Set to>None: Static IP or Obtain Automatically From ISP.
  • Enable Use Unicasting (compatibility for some ISP DHCP Servers) under Setup/Internet/Manual.
  • Turn on DNS Relay under Setup/Networking. Link>Finding Faster DNS Addresses using Name Bench
  • Setup DHCP reserved IP addresses for all devices ON the router. Setup/Networking. This ensures each devices gets its own IP address when turned on and connected, eliminates IP address conflicts and helps in troubleshooting.
  • Ensure devices are set to auto obtain an IP address.
  • If IPv6 is an option on the router, select Local Connection Only or Disable IPv6 options under Setup/IPv6.
  • Set Firewall settings to Endpoint Independent for TCP and UDP under Advanced/Firewall. Enable or Disable SPI to test.
  • Enable uPnP and Multi-cast Streaming under Advanced/Networking. Disable uPnP for testing Port Forwarding rules. Enable IPv6 Multi-cast Streaming for routers that have a Media Server option. Disable IPv6 Multi-cast Streaming if IPv6 or Media Server is not being used.
  • Turn off WISH, and WPS under Advanced.
  • WAN Port Speed set to Auto or specific speed? Some newer ISP modems support 1000Mb so manually setting to Gb speeds can be supported by the router. Advanced/Advanced Networking/WAN Port Speed
  • Set current Time Zone, Date and Time. Use an NTP Server feature. Tools/Time.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

buzzlightyear22

  • Level 1 Member
  • *
  • Posts: 2
Re: Log shows continuous attack
« Reply #2 on: December 26, 2013, 06:07:45 PM »

Was a Factory Reset performed before and after any firmware updates then set up from scratch? Never performed Factory reset before. I checked the purchase date is 1 Dec 2013.

What region are you located? Singapore.

What ISP Service do you have? Cable or DSL? I am in apartment, I just pulled a network cable from the wall and plug it into router. Internet just works like that.

Thanks FurryNutz
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49916
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: Log shows continuous attack
« Reply #3 on: December 26, 2013, 08:42:32 PM »

You might contact your ISP and ask about this. The log feature is reporting what it's finding and the router is doing it's job to block these. The ISP might be able to help. Give them this information and see.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.