Welcome, Guest. Please login or register.

Author Topic: Got 80 DoS attacks today should I be worried  (Read 225 times)

0 Members and 1 Guest are viewing this topic.

Offline KRW

  • Super-Hero Member
  • ******
  • Posts: 1005
  • Gender: Male
Got 80 DoS attacks today should I be worried
« on: 19 April 2018, 19:12:24 »
Just had these today not sure how long its been happening.
My son said to check the router because he had a series of disconnects all apparently at the same time as the DoS attacks


[DoS attack: ACK Scan] from source: 151.101.130.214:443 Thursday, April 19,2018 17:31:00         
[DoS attack: ACK Scan] from source: 151.101.130.167:443 Thursday, April 19,2018 17:30:39         
[DoS attack: ACK Scan] from source: 50.16.250.54:443 Thursday, April 19,2018 17:21:57         
[DoS attack: ACK Scan] from source: 50.16.250.54:443 Thursday, April 19,2018 17:21:36         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 16:54:06         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 16:50:22         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 16:49:22         
[DoS attack: ACK Scan] from source: 66.135.211.96:443 Thursday, April 19,2018 16:44:07         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 16:42:14         
[DoS attack: ACK Scan] from source: 39.135.17.41:161 Thursday, April 19,2018 16:38:42         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 16:34:32         
[DoS attack: ACK Scan] from source: 52.94.218.163:443 Thursday, April 19,2018 16:32:39         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 16:27:01         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 16:23:20         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 16:22:39         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 16:18:47         
[DoS attack: ACK Scan] from source: 216.58.212.106:443 Thursday, April 19,2018 16:15:00         
[DoS attack: ACK Scan] from source: 39.135.17.42:161 Thursday, April 19,2018 16:11:10         
[DoS attack: ACK Scan] from source: 54.225.180.71:443 Thursday, April 19,2018 16:06:24         
[DoS attack: ACK Scan] from source: 39.135.17.42:161 Thursday, April 19,2018 16:03:06         
[DoS attack: ACK Scan] from source: 34.206.177.56:443 Thursday, April 19,2018 16:02:06         
[DoS attack: ACK Scan] from source: 39.135.17.41:161 Thursday, April 19,2018 15:57:41         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 15:56:00         
[DoS attack: ACK Scan] from source: 39.135.17.38:161 Thursday, April 19,2018 15:54:39         
[DoS attack: ACK Scan] from source: 39.135.17.40:161 Thursday, April 19,2018 15:50:36         
[DoS attack: ACK Scan] from source: 39.135.17.39:161 Thursday, April 19,2018 15:50:00         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 15:49:37         
[DoS attack: ACK Scan] from source: 34.234.124.47:443 Thursday, April 19,2018 15:49:09         
[DoS attack: ACK Scan] from source: 169.45.219.251:443 Thursday, April 19,2018 15:47:03         
[DoS attack: ACK Scan] from source: 169.45.219.251:443 Thursday, April 19,2018 15:45:59         
[DoS attack: ACK Scan] from source: 107.178.241.77:443 Thursday, April 19,2018 15:45:38         
[DoS attack: ACK Scan] from source: 107.178.241.77:443 Thursday, April 19,2018 15:45:11         
[DoS attack: ACK Scan] from source: 172.217.23.51:443 Thursday, April 19,2018 15:44:18         
[DoS attack: ACK Scan] from source: 184.73.222.185:443 Thursday, April 19,2018 15:42:25         
[DoS attack: ACK Scan] from source: 52.27.91.95:7275 Thursday, April 19,2018 15:42:03         
[DoS attack: ACK Scan] from source: 54.69.219.53:443 Thursday, April 19,2018 15:40:43         
[DoS attack: ACK Scan] from source: 151.101.60.144:443 Thursday, April 19,2018 15:40:18         
[DoS attack: ACK Scan] from source: 157.240.1.18:443 Thursday, April 19,2018 15:39:29         
[DoS attack: ACK Scan] from source: 172.217.23.35:443 Thursday, April 19,2018 15:39:00         
[DoS attack: ACK Scan] from source: 172.217.23.35:443 Thursday, April 19,2018 15:38:32         
[DoS attack: ACK Scan] from source: 90.255.253.81:443 Thursday, April 19,2018 15:35:52         
[DoS attack: ACK Scan] from source: 157.240.1.35:443 Thursday, April 19,2018 15:34:53         
[DoS attack: ACK Scan] from source: 172.217.23.45:443 Thursday, April 19,2018 15:33:10         
[DoS attack: ACK Scan] from source: 172.217.23.10:443 Thursday, April 19,2018 15:32:42         
[DoS attack: ACK Scan] from source: 107.178.241.77:443 Thursday, April 19,2018 15:31:56         
[DoS attack: ACK Scan] from source: 107.162.132.57:443 Thursday, April 19,2018 15:30:50         
[DoS attack: ACK Scan] from source: 172.217.23.42:443 Thursday, April 19,2018 15:28:42         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 15:28:04         
[DoS attack: ACK Scan] from source: 34.224.43.110:443 Thursday, April 19,2018 15:24:22         
[DoS attack: ACK Scan] from source: 173.194.76.192:7275 Thursday, April 19,2018 15:22:22         
[DoS attack: ACK Scan] from source: 107.178.241.77:443 Thursday, April 19,2018 15:05:26         
[DoS attack: ACK Scan] from source: 172.217.23.35:443 Thursday, April 19,2018 15:04:52         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 14:59:18         
[DoS attack: ACK Scan] from source: 54.237.217.82:5223 Thursday, April 19,2018 14:54:47         
[DoS attack: ACK Scan] from source: 35.190.75.150:443 Thursday, April 19,2018 14:47:06         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 14:46:34         
[DoS attack: ACK Scan] from source: 39.135.17.40:161 Thursday, April 19,2018 14:38:03         
[DoS attack: ACK Scan] from source: 130.211.46.74:443 Thursday, April 19,2018 14:25:05         
[DoS attack: ACK Scan] from source: 39.135.17.35:161 Thursday, April 19,2018 14:03:02         
[DoS attack: ACK Scan] from source: 81.177.103.94:443 Thursday, April 19,2018 14:01:59         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 13:49:54         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 13:48:43         
[DoS attack: ACK Scan] from source: 39.135.17.36:161 Thursday, April 19,2018 13:40:37         
[DoS attack: ACK Scan] from source: 39.135.17.35:161 Thursday, April 19,2018 13:28:52         
[DoS attack: ACK Scan] from source: 69.64.58.9:80 Thursday, April 19,2018 13:20:06         
[DoS attack: ACK Scan] from source: 39.135.17.41:161 Thursday, April 19,2018 13:19:38         
[DoS attack: ACK Scan] from source: 39.135.17.37:161 Thursday, April 19,2018 13:04:20         
[DoS attack: ACK Scan] from source: 39.135.17.35:161 Thursday, April 19,2018 12:56:34         
[DoS attack: ACK Scan] from source: 39.135.17.39:161 Thursday, April 19,2018 12:35:55         
[DoS attack: ACK Scan] from source: 39.135.17.39:161 Thursday, April 19,2018 12:30:41         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 12:29:09         
[DoS attack: ACK Scan] from source: 39.135.17.37:161 Thursday, April 19,2018 12:26:42         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 12:10:39         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 12:06:19         
[DoS attack: ACK Scan] from source: 111.13.101.208:80 Thursday, April 19,2018 12:05:00         
[DoS attack: ACK Scan] from source: 203.107.32.34:8302 Thursday, April 19,2018 11:57:26         
[DoS attack: ACK Scan] from source: 220.181.57.216:80 Thursday, April 19,2018 11:55:55         
[DoS attack: ACK Scan] from source: 39.135.17.38:161 Thursday, April 19,2018 11:52:30         
[DoS attack: ACK Scan] from source: 39.135.17.42:161 Thursday, April 19,2018 11:49:06         
[DoS attack: ACK Scan] from source: 39.135.17.38:161 Thursday, April 19,2018 11:46:20         
Windows 10 Home 64bit    Vodafone router
Down/Up Connect Speed  80/20 Mbp (max speed 70Mb/19Mb) updated
http://www.thinkbroadband.com/speedtest/results.html?id=1483655240613837255

Offline Den1

  • STAFF - Tech Expert
  • Super-Hero Member
  • ******
  • Posts: 1948
  • Gender: Male
    • myallotment.net
Re: Got 80 DoS attacks today should I be worried
« Reply #1 on: 19 April 2018, 21:10:56 »
Nothing to worry about false positives most likely.
I grabed a couple of ips at random
Lookup results for 50.16.250.54 NetRange: 50.16.0.0 - 50.19.255.255 CIDR: 50.16.0.0/14 NetName: AMAZON-EC2-8 NetHandle: NET-50-16-0-0-1 Parent: NET50 (NET-50-0-0-0-0) NetType: Direct Allocation OriginAS: AS16509 Organization: Amazon.com, Inc. (AMAZO-4) RegDate: 2010-10-07 Updated: 2018-02-05 Comment: The activity you have detected originates from a Comment: dynamic hosting environment.

Lookup results for 151.101.130.214 NetRange: 151.101.0.0 - 151.101.255.255 CIDR: 151.101.0.0/16 NetName: SKYCA-3 NetHandle: NET-151-101-0-0-1 Parent: RIPE-ERX-151 (NET-151-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Fastly (SKYCA-3) RegDate: 2016-02-01 Updated: 2016-02-01 Ref: https://whois.arin.net/rest/net/NET-151-101-0-0-1 OrgName: Fastly OrgId: SKYCA-3 Address: PO Box 78266 City: San Francisco

The first one is from Amazon second is from Sky
 

Offline KRW

  • Super-Hero Member
  • ******
  • Posts: 1005
  • Gender: Male
Re: Got 80 DoS attacks today should I be worried
« Reply #2 on: 19 April 2018, 21:15:34 »
Nothing to worry about false positives most likely.
I grabed a couple of ips at random
Lookup results for 50.16.250.54 NetRange: 50.16.0.0 - 50.19.255.255 CIDR: 50.16.0.0/14 NetName: AMAZON-EC2-8 NetHandle: NET-50-16-0-0-1 Parent: NET50 (NET-50-0-0-0-0) NetType: Direct Allocation OriginAS: AS16509 Organization: Amazon.com, Inc. (AMAZO-4) RegDate: 2010-10-07 Updated: 2018-02-05 Comment: The activity you have detected originates from a Comment: dynamic hosting environment.

Lookup results for 151.101.130.214 NetRange: 151.101.0.0 - 151.101.255.255 CIDR: 151.101.0.0/16 NetName: SKYCA-3 NetHandle: NET-151-101-0-0-1 Parent: RIPE-ERX-151 (NET-151-0-0-0-0) NetType: Direct Assignment OriginAS: Organization: Fastly (SKYCA-3) RegDate: 2016-02-01 Updated: 2016-02-01 Ref: https://whois.arin.net/rest/net/NET-151-101-0-0-1 OrgName: Fastly OrgId: SKYCA-3 Address: PO Box 78266 City: San Francisco

The first one is from Amazon second is from Sky
 
Den1,

Thanks don't recall having that many before.


Regards

Ken



Sent from my Pixel using Tapatalk

Windows 10 Home 64bit    Vodafone router
Down/Up Connect Speed  80/20 Mbp (max speed 70Mb/19Mb) updated
http://www.thinkbroadband.com/speedtest/results.html?id=1483655240613837255

Offline Den1

  • STAFF - Tech Expert
  • Super-Hero Member
  • ******
  • Posts: 1948
  • Gender: Male
    • myallotment.net
Re: Got 80 DoS attacks today should I be worried
« Reply #3 on: 19 April 2018, 21:24:00 »
I think there is a bit of a flurry going on at the mo my firewall is working overtime had some weird ips, quite a number from Russia and china looking for open ports etc.   

Offline KRW

  • Super-Hero Member
  • ******
  • Posts: 1005
  • Gender: Male
Re: Got 80 DoS attacks today should I be worried
« Reply #4 on: 19 April 2018, 21:30:33 »
I've checked with grc shields up for open port , there's none.

Sent from my Pixel using Tapatalk

Windows 10 Home 64bit    Vodafone router
Down/Up Connect Speed  80/20 Mbp (max speed 70Mb/19Mb) updated
http://www.thinkbroadband.com/speedtest/results.html?id=1483655240613837255

Offline 1bit

  • STAFF - Technical Expert
  • Must be an Admin?
  • ********
  • Posts: 8770
  • Gender: Male
    • Tech Forum
Re: Got 80 DoS attacks today should I be worried
« Reply #5 on: 20 April 2018, 18:33:58 »
check your user ports up as i said in the new sports, ensured your ports are stealthed, especially 5000 and 1900

surely you must be ping-able on all or most ports - which is a big no-no and should be switched as it causes problems

PlusNet VDSL Fibre 40/10
BT HomeHub 5B (Broadcom 63168) <---> ECI Dslam (Lantiq M41a)

Offline Den1

  • STAFF - Tech Expert
  • Super-Hero Member
  • ******
  • Posts: 1948
  • Gender: Male
    • myallotment.net
Re: Got 80 DoS attacks today should I be worried
« Reply #6 on: 20 April 2018, 18:48:54 »
I've checked with grc shields up for open port , there's none.

Sent from my Pixel using Tapatalk
Did you achieve TruStealth with the test ? i always fail that one because i have enabled icmp on pfsense so i can use the Thinkbroadband quality monitor   
 

Offline KRW

  • Super-Hero Member
  • ******
  • Posts: 1005
  • Gender: Male
Re: Got 80 DoS attacks today should I be worried
« Reply #7 on: 20 April 2018, 19:05:20 »
I've checked with grc shields up for open port , there's none.

Sent from my Pixel using Tapatalk
Did you achieve TruStealth with the test ? i always fail that one because i have enabled icmp on pfsense so i can use the Thinkbroadband quality monitor
Yes all ports green, 0 to 1055 trustealth also UPnP was ok.

I'm thinking of getting bit defender VPN it's only 20instead of 35 unlimited for a year.


Sent from my Pixel using Tapatalk
Windows 10 Home 64bit    Vodafone router
Down/Up Connect Speed  80/20 Mbp (max speed 70Mb/19Mb) updated
http://www.thinkbroadband.com/speedtest/results.html?id=1483655240613837255

 

Powered by EzPortal
anything