Groups

    How to stop SYN FLOODs

    A few weeks ago I got my first router (had been using a basic modem before that) and on 5 occasions now my connection has stopped working thanks to a SYN FLOOD attack. My internet becomes unusable and the only way to get it working again is to restart the router, according to the logs the SYN FLOODs are happening every few seconds. According to everything I have read online SYN FLOODs are really old and basic attacks that any half decent router should prevent against by default.

    The router I have is a Belkin ADSL Wireless G Router - F5D7632-4

    Please can someone help me to stop these attacks & remember this is my first router so I am not too up on technical terms and whatnot.

    Thanks

    example log: swaymyway.com/syn…txt

    5 Comments

    The fact that it is logged shows that it has handled it and I'd guess that the router has discarded the request.

    It is an old method of attack, you should check out smurf attacks! ahhh that takes me back

    Actually unless a lack of sleep is affecting my brain it looks like the syn flood has originated from your machine? 192.168.2.2 is an Internet non routable IP address so it must be an IP address inside your network. Check to see if there is a firmware upgrade for your router.

    Original Poster

    I get SMURF attacks also, and UDP FLOOD TO HOST (or something like that?). People say to ignore the IPs as mostly they are spoofed. I don't know if it is 'working' or not, but it does make my internet unusable either way

    Unless you have a static IP address if you were to leave your router offline over night you'd probably have a different IP address next time you started up. If you do that and you still get the same log entries it unlikely that someone is targeting you as they wouldn't know what you address has changed to, so logically speaking, it would seem likely that your machine is the source of the dodgy traffic.

    If you are getting the same kind of traffic on different IP addresses I would get your machine checked over in case it has been infected with a trojan and/or is part of a bot network.

    You can find you current internet facing IP address by going somewhere like this site: whatsmyip.org/

    Original Poster

    My IP is static. And when you say machine, do you mean my computer or the router itself? I did a full scan of my computer on Tuesday to eliminate a virus from the picture, and my computer is officially as clean as a whistle.

    Also I have the latest firmware on it.

    I'm at a loss really

    Have you spoken to your ISP to see if they can monitor traffic?

    If you are undergoing a denial of service attack once it reaches your router the damage is done. It can drop packets to its hearts content but the flood of traffic has already consumed your bandwidth.
    Post a comment
    Avatar
    @
      Text
      Top Discussions
      1. Tv choice magazine Issue 3966
      2. Win a Free minion usb stick22
      3. Win 1 of 3 x £1000 Selfridges vouchers with Virgin Trains66
      4. Magazine competitions - Issue 37 @ tvchoicemagazine.co.uk2020

      See more discussions