• Hi Guest - Come check out all of the new CP Merch Shop! Now you can support CigarPass buy purchasing hats, apparel, and more...
    Click here to visit! here...

Router attack

mmburtch

mmburtch

Sleep deprived and cranky
Joined
Oct 11, 2006
Messages
4,882
Location
Denver, Colorado
So, I suddenly lost activity on my LAN. When I checked the router attached devices, I noticed that most of the devices were missing. I checked the logs, and this is what I found:

[DOS attack FIN scan] Attack packets in last 20 seconds from 69.7.226.79


Domain Name Domain Name : 69.7.226.79

OrgName: DBS INTERNATIONAL
OrgID: DBSINT
Address: 3949 Schelden Circle
City: Bethlehem
StateProv: PA
PostalCode: 18017
Country: US

ReferralServer: rwhois://rwhois1.dbsintl.net:4321

NetRange: 69.7.224.0 - 69.7.239.255
CIDR: 69.7.224.0/20
NetName: DBSINTL-104-36-0
NetHandle: NET-69-7-224-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1A.DBSINTL.NET
NameServer: NS2A.DBSINTL.NET
NameServer: NS2B.DBSINTL.NET
Comment:
RegDate: 2002-11-27
Updated: 2007-01-26

RTechHandle: WB233-ARIN
RTechName: BACHENBERG, Wayne
RTechPhone: +1-610-691-8811
RTechEmail:

OrgAbuseHandle: TKE4-ARIN
OrgAbuseName: Keiser, Terry
OrgAbusePhone: +1-610-691-8811
OrgAbuseEmail:

OrgNOCHandle: NOC191-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-610-691-8811
OrgNOCEmail:

OrgTechHandle: WB233-ARIN
OrgTechName: BACHENBERG, Wayne
OrgTechPhone: +1-610-691-8811
OrgTechEmail:

What the hell? Any ideas on how to stop this?
 
I am not a computer guru, but I had the exact same problem with my router. I lost all the connection to my xbox and Wii. My router basically doesn't work. I do get the lights indicating there is a connection to a device, but that is it. I just unhooked the router, and ran the connection directly to my PC.
 
It's a port scan. Computers on the Internet use TCP/IP which uses an IP address like 69.7.226.79 and then individual ports which you can imagine as windows on the side of a hotel. There's a lot of them so that traffic can flow through any window, most of them are shut but some windows - or ports as they are called - are open.

When an automated attack wants to hit your computer or any IP address for that matter, the first step is to "port scan" and basically look for open windows. Computers can do this so quickly that they can accidentally overwhelm your equipment. Which is apparently why your router is terming it a "DoS" attack, I assume it's a NetGear?

This stuff happens 24/7 on the Internet, the best thing to do is upgrade your router to a model better able to shrug these kinds of things off. And maybe take a moment to email the guy and let him know he has an automated worm at that IP address.
 
Um, nah. DoS attacks, by their nature, are source spoofed. I find it very unlikely that you were attacked, but I'll say yes to scanned. The router itself should prevent most scans. I think yours just wigged out and needed to be restarted.
 
It's interesting, it shut down my LAN, but not my WAN. Rebooting the router didn't help in and of itself. I had to reboot my switch as well.

I run Itunes on a server, and run it through an Airport into my stereo system. Lately, itunes loses contact with the airport and everything needs to be rebooted to get it back. This is how I noticed this today, the music just suddenly stopped.
 
Like NullSmurf said, the attacks are either spoofed or ran from a machine that's already been compromised. The IP you listed is probably some poor schmuck who's machine is loaded with viruses and is on a botnet just waiting for orders to do things like this.
 
You must log in or register to reply here.
Top