republican-creole
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security » DoS in firewall log
Search Topic:
Uniqs:
382		 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Post a:
Post a:
Links: ·Hijack This logs? ·Panda Free Tools ·Vundo Removal
DNS Cache Poisoning Spreads Malware »
« Is a router enough of a firewall?  
AuthorAll Replies

blinky8225

join:2003-02-04
Hatfield, PA

DoS in firewall log

Recently my firewall log on my Belkin 54g router has recently been showing a lot of DoS

Firewall log:
Thu Apr 7 17:33:44 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:33:44 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:33:54 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:33:55 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:33:59 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:33:59 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:33:59 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:34:09 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:34:10 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:34:42 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:34:42 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:34:50 2005 1 Blocked by DoS protection 64.4.12.201
Thu Apr 7 17:34:51 2005 1 Blocked by DoS protection 64.4.12.201
Thu Apr 7 17:34:51 2005 1 Blocked by DoS protection 64.4.12.201
Thu Apr 7 17:34:52 2005 1 Blocked by DoS protection 64.4.12.201
Thu Apr 7 17:35:26 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:35:26 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:35:30 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:35:30 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:35:43 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:35:43 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:35:54 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:36:12 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:36:12 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:36:15 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:36:16 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:36:55 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:36:55 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:37:11 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:37:11 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:38:44 2005 1 Blocked by DoS protection 10.101.88.1
Thu Apr 7 17:38:45 2005 1 Blocked by DoS protection 10.101.88.1

This is over a timespan of about 5 minutes. I believe this may be the cause of my internet slowing down sometimes then speeding back up.
to forum · permalink · · 2005-04-07 17:40:44 · Reply to this


jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA

 On the face of it, that's not all that high, but I'm unsure as to whether we've got other Belkin users here. Did you try the Belkin forum at »Belkin (or did they send you over here)?

Wait a minute, isn't 10.101 in one of the private IP address ranges, normally used by an ISP's routers? If so, it would suggest a misconfigured ComCast router (unless the IP addys is spoofed of course).
--
Regards, Joseph V. Morris
to forum · permalink · · 2005-04-07 17:56:02 · Reply to this

TheWiseGuy
Dog And Butterfly
Premium,MVM
join:2002-07-04
Yonkers, NY

1 edit		reply to blinky8225
Without seeing the Ports it's hard to be sure, it could be a mis-configured CMTS but if the ports are Source 67 and Destination 68, it is DHCP Broadcasts from the CMTS. The Cable Modem Termination System (CMTS) acts as a DHCP relay agent for Broadcast DHCP which occurs when computers are booting. You would see all the Broadcast replies on the downstream channel you are using. If I had to guess I'd say the Belkin is producing false positives.

See my post below for a full explanation,some references and links to other examples of users seeing packets from 10.xxx.xxx.1 Source Port 67 to Destination Port 68.

»www2.dslreports.com/forum/remark···te=relay
--
Dog and Butterfly
to forum · permalink · · 2005-04-07 18:41:33 · Reply to this
Forums » Up and Running » Security » SecurityDNS Cache Poisoning Spreads Malware »
« Is a router enough of a firewall?  

Saturday, 05-Dec 08:15:21 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.republican-creole
page compression OFF
Most commented news this week
· [163] Comcast Releasing Promised Usage Meter
· [145] Avast Antivirus Has Gone Mad
· [126] Comcast Makes NBC Universal Acquisition Official
· [104] Graduate Student Unveils Sprint's GPS Sharing With Feds
· [101] Google Invades ISP, OpenDNS Turf With Google Public DNS
· [92] The Bandwidth Hog Does Not Exist
· [83] FCC Ponders Moving From PSTN To IP Voice
· [81] Latest Consumer Reports Survey Not Kind To AT&T
· [79] New Bill Aims To Limit ETFs
· [74] Sprint Defuses GPS Privacy Media Bomb
Most people now reading
· False positive in Avast! or is it real? [Security]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· Windows 7 boot manager editing questions [Microsoft Help]
· DNS options, what are YOU using? [TekSavvy]
· [Snow Leopard] NFS Mounts - no more Directory Utility [All Things Macintosh]
· [Newsgroups] Newzleech down? [Filesharing Software]
· UPS - What do you people think happened? [General Questions]
· Road Runnner up to 50 mbps is ready ! [Road Runner]
· IPComms Free DIDs now with sip registration maybe?? [VOIP Tech Chat]
· Evading throttling with uTP / uTorrent 1.9a [TekSavvy]