• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

Problem with DoS Attack - RST Scan and remote access

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking

View previous topic :: View next topic  
Author Message
net4hack
Just Arrived
Just Arrived


Joined: 26 Nov 2010
Posts: 0


Offline

PostPosted: Fri Nov 26, 2010 12:06 pm    Post subject: Problem with DoS Attack - RST Scan and remote access Reply with quote

I am having issues with DoS Attacks - RST Scan / IMAP Scan / FIN Scan and remote access to LAN from ip's from other countries. My OS is Windows Ultimate and I have Ad-Aware, MS Security Essentials, Avast & SpyBot, PeerBlock installed on my system.

My Wireless Router is Netgear WNDR3700 and setup a log to send to my email every hr. Other than my laptop, a NAS drive and an IP cam device is connected to the router.

I have setup a DynDNS.org hostname and it is given on the router , NAS drive and ip cam device. When I send email to the Lacie (NAS drive) support, they told me to disable the automatic port forwarding on the drive.

Any advice on this issue? Any additional softwares to be installed or any extra preventive measures to be taken?

Router Log follows:

[LAN access from remote] from 216.108.231.184:53700 to 192.168.1.20:21, Thursday, November 25,2010 03:42:01
[Internet connected] IP address: 87.198.48.108, Thursday, November 25,2010 03:37:36
[LAN access from remote] from 74.118.193.22:3895 to 192.168.1.20:21, Thursday, November 25,2010 03:36:02

[DoS Attack: RST Scan] from source: 83.240.162.82, port 51336, Thursday, November 25,2010 20:57:09
[DoS Attack: IMAP Scan] from source: 86.16.19.78, port 53871, Thursday, November 25,2010 20:49:16
[DoS Attack: IMAP Scan] from source: 86.16.19.78, port 53869, Thursday, November 25,2010 20:49:15
[DoS Attack: IMAP Scan] from source: 86.16.19.78, port 53868, Thursday, November 25,2010 20:49:15
[DoS Attack: IMAP Scan] from source: 86.16.19.78, port 53870, Thursday, November 25,2010 20:49:15
[DoS Attack: IMAP Scan] from source: 86.16.19.78, port 53871, Thursday, November 25,2010 20:49:15
[DoS Attack: IMAP Scan] from source: 86.16.19.78, port 53869, Thursday, November 25,2010 20:49:14
[DoS Attack: FIN Scan] from source: 86.16.19.78, port 53871, Thursday, November 25,2010 20:49:14
[DoS Attack: FIN Scan] from source: 86.16.19.78, port 53870, Thursday, November 25,2010 20:49:14
[DoS Attack: FIN Scan] from source: 86.16.19.78, port 53869, Thursday, November 25,2010 20:49:14
[DoS Attack: FIN Scan] from source: 86.16.19.78, port 53868, Thursday, November 25,2010 20:49:14
Back to top
View user's profile Send private message
krugger
SF Mod
SF Mod


Joined: 08 Jun 2006
Posts: 16777209


Offline

PostPosted: Fri Nov 26, 2010 4:18 pm    Post subject: Reply with quote

If you are on the internet you can be targeted. You can consider limiting the number of networks that are allowed to access your services.

To do that you need to know which are the network you usually are in.

For example the IP that was allowed to connect to your FTP server came from a datacenter from Premianet in Las Vegas. If that was a network you usually use you can go the the router firewall and only permite that network.

You can get the network ranges with a whois query if you know the IP you normally use:
http://tools.whois.net/whoisbyip/
Back to top
View user's profile Send private message
net4hack
Just Arrived
Just Arrived


Joined: 26 Nov 2010
Posts: 0


Offline

PostPosted: Fri Nov 26, 2010 5:31 pm    Post subject: Reply with quote

I used to connect to the internet via wired / wireless connection of my router. But regarding the location of the ip the intruder wont be so foolish to use his own ip for it and would certainly use a proxy / tor to do this.

I have disabled port forwarding on my NAS now and also the DynDNS service also stopped on router and NAS. Also port forwarding and port triggering is now disabled. Comodo firewall is also installed on the system now. So let me see where thre are any more intrusions coming in?

I am using Gmail Manager addon in firefox for checking gmails. Is there a known vulnerability with this addon?
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Networking All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register