Screenshot is here:
I just noticed that my router reports a constant barrage of hits from:
[DoS attack: Teardrop] attack packets in last 20 sec from ip [153.224.226.205], Friday, Apr 01,2016 19:58:28Any idea what's going on?
Screenshot is here:
I just noticed that my router reports a constant barrage of hits from:
[DoS attack: Teardrop] attack packets in last 20 sec from ip [153.224.226.205], Friday, Apr 01,2016 19:58:28Any idea what's going on?
Your provider knows.
Sure someone is trying to break and and own your router.
From wikipedia:
Teardrop attacks A teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems because of a bug in their TCP/IP fragmentation re-assembly code. Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and
2.1.63 are vulnerable to this attack.(Although in September 2009, a vulnerability in Windows Vista was referred to as a "teardrop attack", this targeted SMB2 which is a higher layer than the TCP packets that teardrop used).
The attacker is trying to find old machines/routers which are vulnerable to the attack, or it's just a script-kiddy found an old script and now wants to be a hacker.
-- //Aho
You (Clark) could try to block that IP, as it seems to be coming from one only.
-- Cheers, Carlos. --- news://freenews.netfront.net/ - complaints: news@netfront.net ---
do you know anyone in japan?
``` $ whois 153.224.226.205 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]
Network Information: a. [Network Number] 153.224.128.0/17 b. [Network Name] OCN g. [Organization] Open Computer Network m. [Administrative Contact] JP00009614 n. [Technical Contact] JP00009427 p. [Nameserver] ns-kg001.ocn.ad.jp p. [Nameserver] ns-kn001.ocn.ad.jp [Assigned Date] 2014/09/04 [Return Date] [Last Update] 2014/09/04 15:11:04(JST) Less Specific Info.
---------- NTT COMMUNICATIONS CORPORATION [Allocation] 153.128.0.0-153.253.255.255
More Specific Info.
---------- No match!! ```
The fact that your router is reporting it means that your routers firewall is working. So no real panic.
However, if it still is going on, probably easiest to acquire a different IP address from your ISP connection. This may be as simple as restarting your router, but obviously if you have a static / sticky address then this won't apply.
-- Adrian C
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.