3
I have a Netgear Wnr1000v2 router. I have set my NAT to secure mode ( I don't know if that helps). Many times when I see my router's log I see lots of DoS attack: RST Scan. I think that these only occur when I use uTorrent or Tunngle. Whenever I get hit with these DoS attacks my Internet slows down significantly, then it completely disconnects.
See the latest logs:
[Internet disconnected] Sunday, July 01, 2012 15:52:27
[DoS Attack: RST Scan] from source: 222.232.111.93, port 37111, Sunday, July 01, 2012 15:51:35
[DoS Attack: RST Scan] from source: 122.162.82.230, port 14544, Sunday, July 01, 2012 15:51:01
[DoS Attack: RST Scan] from source: 122.162.82.230, port 14426, Sunday, July 01, 2012 15:50:12
[DoS Attack: RST Scan] from source: 122.162.82.230, port 14261, Sunday, July 01, 2012 15:49:47
[DoS Attack: RST Scan] from source: 88.88.236.33, port 14102, Sunday, July 01, 2012 15:49:01
[DoS Attack: RST Scan] from source: 222.232.111.93, port 36430, Sunday, July 01, 2012 15:46:59
[DoS Attack: RST Scan] from source: 222.232.111.93, port 36166, Sunday, July 01, 2012 15:45:07
[DoS Attack: RST Scan] from source: 177.40.143.78, port 40460, Sunday, July 01, 2012 15:43:52
[DoS Attack: RST Scan] from source: 177.40.143.78, port 40405, Sunday, July 01, 2012 15:43:16
[DoS Attack: ACK Scan] from source: 117.254.153.44, port 40523, Sunday, July 01, 2012 15:41:11
[DoS Attack: RST Scan] from source: 71.218.6.227, port 26307, Sunday, July 01, 2012 15:40:15
[DoS Attack: ACK Scan] from source: 117.254.153.44, port 40523, Sunday, July 01, 2012 15:38:49
[DoS Attack: RST Scan] from source: 71.218.6.227, port 25949, Sunday, July 01, 2012 15:38:34
[DoS Attack: ACK Scan] from source: 88.181.25.230, port 54096, Sunday, July 01, 2012 15:37:31
After continuous DoS attacks you can see that the Internet eventually disconnected. I then had to reboot the router to get it work again. This happens quite often - is there something I can do? The IP address doing DoS attacks always change, so I guess there is no use in blocking these IP addresses.
Even if I am equipped with the best antivirus , anti-malware or other software, I really want to avoid getting disconnected because of these DoS attacks.
Rakesh Juyal
Posted 2012-07-01T10:39:32.043
Reputation: 1 793
Torrenting may appear like a DOS attack to the router, since it's loads of connections from different IPs. That doesn't necessarily mean it is a DOS attack though...
Have you opened the port your torrent program uses for incoming connections?
Have you tried decreasing the allowed amount of connections in your torrent program?
Cheers. – Ryqiem – 2012-07-01T12:35:51.817
@Ryqiem But how does that disconnects my internet every time? – Rakesh Juyal – 2012-07-01T12:45:34.180
SOHO routers are often incapable to handle large amounts of connections and sometimes just crash/reset in these cases. Reducing the amount of allowed connections will likely fix your problem. Sometimes a firmware update might help to at least prevent the crashes. – Gurken Papst – 2012-07-01T13:01:50.740
Related topic explaining the problem you are probably facing: http://superuser.com/questions/121657/soho-netgear-wireless-router-disconnects-when-downloading-torrents - Your real question is likely a duplicate of this. The logged DOS attack is a red herring.
– Gurken Papst – 2012-07-01T13:13:31.460