1
We're having intermittent connectivity issues with our ADSL at the office. We've been dealing with our ISP for weeks and they don't know how to fix our problem.
What happens is that at multiple times during the day, our connection becomes horribly slow, then drops, and for quite a few minutes, we're unable to reconnect to our wireless Netgear router.
When I manage to log in to our Netgear management console, the log file indicates a bunch of DoS attack attempts:
[UPnP set event:DeletePortMapping] from source 192.168.0.2, Thursday, July 25,2013 14:22:19
[UPnP set event:AddPortMapping] from source 192.168.0.2, Thursday, July 25,2013 14:22:15
[UPnP set event:DeletePortMapping] from source 192.168.0.2, Thursday, July 25,2013 14:22:13
[DHCP IP: (192.168.0.2)] to MAC address 68:A8:6D:22:A3:54, Thursday, July 25,2013 14:22:05
[DoS attack: ACK Scan] from source: 46.33.69.202:80, Thursday, July 25,2013 14:12:07
[DoS attack: ACK Scan] from source: 8.18.45.90:80, Thursday, July 25,2013 14:10:15
[UPnP set event:AddPortMapping] from source 192.168.0.16, Thursday, July 25,2013 14:04:58
[UPnP set event:AddPortMapping] from source 192.168.0.16, Thursday, July 25,2013 14:04:57
[UPnP set event:DeletePortMapping] from source 192.168.0.16, Thursday, July 25,2013 14:04:56
[UPnP set event:DeletePortMapping] from source 192.168.0.16, Thursday, July 25,2013 14:04:54
[DHCP IP: (192.168.0.16)] to MAC address 34:51:C9:AA:38:40, Thursday, July 25,2013 14:03:26
[DoS attack: ACK Scan] from source: 99.3.43.180:61897, Thursday, July 25,2013 14:00:45
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Thursday, July 25,2013 13:58:22
[DoS attack: ACK Scan] from source: 199.30.80.32:80, Thursday, July 25,2013 13:57:54
Could this be what is causing connection stability issues? Is there any way to circumvent it?
What about turning off "Enable SSID Broadcast", will that offer some security by obscurity?
I'll let someone else more knowledgeable about this to answer, but I don't believe disabling SSID broadcast will do much to stop the DoS attacks, all that does is make your router "undiscoverable" by scanners, one could still connect directly to it if they know your SSID and credentials – Jason Bristol – 2013-07-25T14:33:00.913
What's the model of your router? – Darth Android – 2013-07-25T15:08:04.033
Even if you disable broadcasting your SSID it wouldn't solve your problems. Besides your not actually being attacked because the time between the two messages is to great. Your router is simply treating ever ACK scan as an attack. – Ramhound – 2013-07-25T15:33:40.560