How to stop SYN FLOODs - HotUKDeals
We use cookie files to improve site functionality and personalisation. By continuing to use HUKD, you accept our cookie and privacy policy.
Get the HUKD app free at Google Play

Search Error

An error occurred when searching, please try again!

Login / Sign UpSubmit

How to stop SYN FLOODs

Starlet Avatar
9y, 7m agoPosted 9 years, 7 months ago
A few weeks ago I got my first router (had been using a basic modem before that) and on 5 occasions now my connection has stopped working thanks to a SYN FLOOD attack. My internet becomes unusable and the only way to get it working again is to restart the router, according to the logs the SYN FLOODs are happening every few seconds. According to everything I have read online SYN FLOODs are really old and basic attacks that any half decent router should prevent against by default.

The router I have is a Belkin ADSL Wireless G Router - F5D7632-4

Please can someone help me to stop these attacks & remember this is my first router so I am not too up on technical terms and whatnot.

Thanks

example log: http://www.swaymyway.com/syn.txt
Starlet Avatar
9y, 7m agoPosted 9 years, 7 months ago
Options

All Comments

(5) Jump to unreadPost a comment
Comments/page:
#1
The fact that it is logged shows that it has handled it and I'd guess that the router has discarded the request.

It is an old method of attack, you should check out smurf attacks! ahhh that takes me back :)

Actually unless a lack of sleep is affecting my brain it looks like the syn flood has originated from your machine? 192.168.2.2 is an Internet non routable IP address so it must be an IP address inside your network. Check to see if there is a firmware upgrade for your router.
#2
I get SMURF attacks also, and UDP FLOOD TO HOST (or something like that?). People say to ignore the IPs as mostly they are spoofed. I don't know if it is 'working' or not, but it does make my internet unusable either way :(
#3
Unless you have a static IP address if you were to leave your router offline over night you'd probably have a different IP address next time you started up. If you do that and you still get the same log entries it unlikely that someone is targeting you as they wouldn't know what you address has changed to, so logically speaking, it would seem likely that your machine is the source of the dodgy traffic.

If you are getting the same kind of traffic on different IP addresses I would get your machine checked over in case it has been infected with a trojan and/or is part of a bot network.

You can find you current internet facing IP address by going somewhere like this site: http://whatsmyip.org/
#4
My IP is static. And when you say machine, do you mean my computer or the router itself? I did a full scan of my computer on Tuesday to eliminate a virus from the picture, and my computer is officially as clean as a whistle.

Also I have the latest firmware on it.

I'm at a loss really :(
#5
Have you spoken to your ISP to see if they can monitor traffic?

If you are undergoing a denial of service attack once it reaches your router the damage is done. It can drop packets to its hearts content but the flood of traffic has already consumed your bandwidth.

Post a Comment

You don't need an account to leave a comment. Just enter your email address. We'll keep it private.

...OR log in with your social account

...OR comment using your social account

Thanks for your comment! Keep it up!
We just need to have a quick look and it will be live soon.
The community is happy to hear your opinion! Keep contributing!