DoS Attack? NTL BB ~ Wireless Router log

  [DELETED] 12:32 27 Feb 2006

Not an item I'd paid attention to before, but since setting up a wireless network, I thought I'd keep an eye on the router's security log.

At the start, there were no DoS Log entries at all.

Then there were 3 [HOST Attack; UPD Flood} ending with [Drop], lasting for 9 seconds.

Then there 32 mainly [UPD Flood} - - [Drop], but also a couple of [HOST Attack; UPD Flood} - - [Drop].
The 1st bunch took place for 51 seconds, then 2 bunches of 2 sec duration a piece.

Is this something to be concerned about?

On cable broadband.
Wireless setup; SSID broadcast disabled, Router ping disabled, WPA-PSK.

  [DELETED] 16:13 27 Feb 2006

What are the router's current firewall settings, Danoh?

  [DELETED] 16:36 27 Feb 2006

ICMP ping is blocked, NAT enabled, but I have not specified that only 1 specific IP address can access port 80 to the router. Oh, and no device is specified nor connected to the DMZ either.

Client device s/w firewalls set to allow a standard range of client IP addresses.

  [DELETED] 16:39 27 Feb 2006

No virtual servers setup & MAC addresses are also set.

  [DELETED] 16:46 27 Feb 2006

Seems fairly safe then, Danoh.

I wouldn't worry about it, unless any of your PCs exhibit strange DDoS-like behaviour. I don't think that you have been hacked, at least not successfully.

  [DELETED] 16:59 27 Feb 2006

Much appreciated (from a 2-wk newbie!);

Once my kit placement has stabilised (pre-N client adapter issue still being resolved for 1 PC), I intend to set the IP for the PC connected via Ethernet cable, to be the only one able to access the Router's config page (password protected at the mo').

I have changed the SSID once already (mistakenly via wireless rather then wired!), but its a pain having to reset it on all clients as well.

Is there any advantage to specifying specific client WLAN's IPs rather then just a range?

From the timings of each DoS log entry, they seem more like probes. Just wondering if there's anything in my setup which might be attracting them.

  [DELETED] 17:02 27 Feb 2006

With WLAN kit apparently always using the standard set of IPs, isn't there benefit to changing them?

I mean, they always seem to be or Why not set them as something completely different as its only the ISP's (usually dynamic) IP assigned/cloned for the router that counts for the WAN?

  [DELETED] 18:09 27 Feb 2006

AFAIK they have to be in the router's range, and they are definitely best left to DHCP rather than manual assignment. Doing it manually is something that is generally only done to cure problems.

Don't forget to set up MAC filtering; it'll be the same as on my router, so if you need to know more info about that, let me know.

  [DELETED] 21:04 27 Feb 2006

Here I go in my 3rd wk of WLAN and I want to tweak the NAT range embedded within router firmware! Foolhardy or what?!

I can't help but reason that as the range of IP addresses within the WLAN is entirely localised, one could theoretically set any IP address within the addressing capability of the hardware.

I've got MAC filtering set, but I have the non-wireless MAC addresses for the PC added as well as the wireless components/adapters, as I was unsure in my initial setting up.

  [DELETED] 22:33 27 Feb 2006

There's no harm in having the wired PC's MAC in the list as well, though you don't need it.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Microsoft Surface Book 2 15in review

The humble pint glass is redesigned from bottoms up by design legend Sir Kenneth Grange

The best Amazon Prime Day Apple deals 2018

Les meilleures coques pour iPhone X (2018)