10

I have this entry appearing constantly in my router logs:

[DOS Attack] : 5 [RST Scan] packets detected in last 20 seconds, source ip [xx.xx.xx.xx]

They just never stop. It doesn't seem to affect anything, so should I be concerned?

Is there anything I can do in my router to stop the RST scan?

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
user619818
  • 277
  • 1
  • 3
  • 8

1 Answers1

12

That seems to be a NetGear log entry, there are two possibilities for this:

  1. SYN Port Scan: Someone (very likely automated, by an infected machine) attempting to scan your machine. They send a SYN packet to you, then your machine responds with an ACK packet. In order to prevent a connection from being established, they send you an RST (Reset) packet. (More likely)

  2. DoS Attack: Someone (again, very likely an infected machine) attempting to flood you with RST packets. (Less likely)

In both cases, your router's internal firewall is responding by dropping those packets. You don't need to worry about that at all. You're on the Internet, something will always attempt to attack you.

And just to be sure, I've checked the IP address bothering you, it seems to be blacklisted for

Portscans or hacking attempts were seen against an UCEPROTECT-System

Update: Just to keep the information up to date, I'd like to mention that the IP address is no longer blacklisted, which suggests that the infection is likely to have been cleaned.

Adi
  • 43,808
  • 16
  • 135
  • 167
  • 2
    +1, most likely a port scan. Welcome to the internet, be glad your router is doing it's job. – David Houde May 03 '13 at 11:50
  • 1
    It's a minor detail, but in TCP I'm pretty sure RST is shorthand for RESET, not REST. I don't have the rep to make trivial edits, however. – user May 03 '13 at 14:39
  • @MichaelKjörling You're right, it was a typo. Corrected. – Adi May 03 '13 at 14:45