DoS Attack? NTL BB ~ Wireless Router log

  Danoh 12:32 27 Feb 2006

Not an item I'd paid attention to before, but since setting up a wireless network, I thought I'd keep an eye on the router's security log.

At the start, there were no DoS Log entries at all.

Then there were 3 [HOST Attack; UPD Flood} ending with [Drop], lasting for 9 seconds.

Then there 32 mainly [UPD Flood} - - [Drop], but also a couple of [HOST Attack; UPD Flood} - - [Drop].
The 1st bunch took place for 51 seconds, then 2 bunches of 2 sec duration a piece.

Is this something to be concerned about?

On cable broadband.
Wireless setup; SSID broadcast disabled, Router ping disabled, WPA-PSK.

  ade.h 16:13 27 Feb 2006

What are the router's current firewall settings, Danoh?

  Danoh 16:36 27 Feb 2006

ICMP ping is blocked, NAT enabled, but I have not specified that only 1 specific IP address can access port 80 to the router. Oh, and no device is specified nor connected to the DMZ either.

Client device s/w firewalls set to allow a standard range of client IP addresses.

  Danoh 16:39 27 Feb 2006

No virtual servers setup & MAC addresses are also set.

  ade.h 16:46 27 Feb 2006

Seems fairly safe then, Danoh.

I wouldn't worry about it, unless any of your PCs exhibit strange DDoS-like behaviour. I don't think that you have been hacked, at least not successfully.

  Danoh 16:59 27 Feb 2006

Much appreciated (from a 2-wk newbie!);

Once my kit placement has stabilised (pre-N client adapter issue still being resolved for 1 PC), I intend to set the IP for the PC connected via Ethernet cable, to be the only one able to access the Router's config page (password protected at the mo').

I have changed the SSID once already (mistakenly via wireless rather then wired!), but its a pain having to reset it on all clients as well.

Is there any advantage to specifying specific client WLAN's IPs rather then just a range?

From the timings of each DoS log entry, they seem more like probes. Just wondering if there's anything in my setup which might be attracting them.

  Danoh 17:02 27 Feb 2006

With WLAN kit apparently always using the standard set of IPs, isn't there benefit to changing them?

I mean, they always seem to be or Why not set them as something completely different as its only the ISP's (usually dynamic) IP assigned/cloned for the router that counts for the WAN?

  ade.h 18:09 27 Feb 2006

AFAIK they have to be in the router's range, and they are definitely best left to DHCP rather than manual assignment. Doing it manually is something that is generally only done to cure problems.

Don't forget to set up MAC filtering; it'll be the same as on my router, so if you need to know more info about that, let me know.

  Danoh 21:04 27 Feb 2006

Here I go in my 3rd wk of WLAN and I want to tweak the NAT range embedded within router firmware! Foolhardy or what?!

I can't help but reason that as the range of IP addresses within the WLAN is entirely localised, one could theoretically set any IP address within the addressing capability of the hardware.

I've got MAC filtering set, but I have the non-wireless MAC addresses for the PC added as well as the wireless components/adapters, as I was unsure in my initial setting up.

  ade.h 22:33 27 Feb 2006

There's no harm in having the wired PC's MAC in the list as well, though you don't need it.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Samsung Galaxy A8 review: Hands-on

Illustrator Juan Esteban Rodriguez on creating highly detailed official film posters for Star Wars…

iMac Pro review

Comment savoir si quelqu'un a bloqué votre numéro de téléphone ?