[LINK] DOS attacks for 24 hours

Jan Whitaker jwhit at janwhitaker.com
Sat Jun 16 12:41:38 AEST 2012


At 12:26 PM 16/06/2012, Ivan Trundle wrote:

>On 16/06/2012, at 12:03 PM, Glen Turner wrote:
>
> >  If it really bothers you or there are so
> > many packets that performance is effected then mail Internode support.
>
>...which is a joke. They are not particularly helpful at all, with 
>the standard mantra of 'change your passwords if you have a problem' 
>or 'we don't keep logs of any kind' nonsense.
>
>I enquired about a similar issue, and met a stone wall. There is 
>more useful help out on the Internet than can be found at 
>Internode/iiNet for this kind of problem.

You are so right, Ivan. I got a quick, but useless, reply:

 From Node:
I have had a look at you connection and can't see any typical DoS 
attack evidence the drops out were not constant enough to be 
considered a DoS attack, typically the connection will only last for 
a minute at a time and you service will not be usable.

I also checked you router logs and it is showing standard port 
scanning which is normal for general we browsing.
------------

Note the point about 'any typical DoS attack evidence', when the 
router itself is reporting that they are DOS attacks.

Granted, my modem sometimes does send aberrant alerts when I get an 
incoming phone call. But in these cases, it happened over a period of 
time with no phone calls whatsoever. Plus they happen over a period 
of several minutes, from the same sources.

Thu, 2012-06-14 11:27:41 - UDP Packet - Source:187.120.227.49,16525 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:28:37 - UDP Packet - Source:187.158.187.115,19681 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:28:39 - UDP Packet - Source:99.59.217.144,8526 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:05 - UDP Packet - Source:94.98.153.206,10070 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:05 - UDP Packet - Source:187.120.227.49,16525 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:05 - UDP Packet - Source:99.59.217.144,8526 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:05 - UDP Packet - Source:187.120.227.49,16525 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:06 - UDP Packet - Source:99.59.217.144,8526 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:06 - UDP Packet - Source:187.120.227.49,16525 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:27 - UDP Packet - Source:99.59.217.144,8526 
Destination:118.209.54.174,8500 - [DOS]
Thu, 2012-06-14 11:29:27 - UDP Packet - Source:187.120.227.49,16525 
Destination:118.209.54.174,8500 - [DOS]

I'm not going to worry about it for now since it seems to have 
stopped. But if any technicians at Internode are reading this, you 
may want to have a chat with Regards, Andrew.
Customer Services Officer

I did change my modem password as a precaution. Thanks to linkers for replies.

Jan





Melbourne, Victoria, Australia
jwhit at janwhitaker.com
blog: http://janwhitaker.com/jansblog/
business: http://www.janwhitaker.com

Our truest response to the irrationality of the world is to paint or 
sing or write, for only in such response do we find truth.
~Madeline L'Engle, writer

_ __________________ _



More information about the Link mailing list