- Posts: 1
- Thank you received: 0
router reporting frequent security alerts
- gatekeeper
- Topic Author
- Offline
- New Member
Less
More
18 years 7 months ago #14048
by gatekeeper
router reporting frequent security alerts was created by gatekeeper
Recently configured my router to email me when it detects a DoS attack or a port scan.
i'm finding very frequent UDP and TCP Packet DoS alerts.
an example
TCP Packet - Source:xx.xx.xxx.xx,xxxx Destination:xxx.x.x.xx,xxxxx - [DOS]
what is going on here surely there can't be that many DoS attacks on my network everyday.
i'm finding very frequent UDP and TCP Packet DoS alerts.
an example
TCP Packet - Source:xx.xx.xxx.xx,xxxx Destination:xxx.x.x.xx,xxxxx - [DOS]
what is going on here surely there can't be that many DoS attacks on my network everyday.
18 years 7 months ago #14049
by nske
Replied by nske on topic Re: router reporting frequent security alerts
Well, we should know more on what kind of traffic the router considers abnormal and marks as a DoS. Unfortunately the example doesn't say anything.
Some things that would be useful to clarify:
- Does the suspicious traffic come from within the network or from the outside?
- Is there some apparent pattern on the traffic? I.e, is it destined to a specific host and coming from multiple soures, or the opposite?
- What is the duration of each "attack" and what hosts of your network does it involve (operating system, role -if they serve as a workstation or to provide some kind of services)
You could configure your router to log the full header information of the traffic, or ideally the whole traffic including the payload. This should provide enough information to tell what's going on
Some things that would be useful to clarify:
- Does the suspicious traffic come from within the network or from the outside?
- Is there some apparent pattern on the traffic? I.e, is it destined to a specific host and coming from multiple soures, or the opposite?
- What is the duration of each "attack" and what hosts of your network does it involve (operating system, role -if they serve as a workstation or to provide some kind of services)
You could configure your router to log the full header information of the traffic, or ideally the whole traffic including the payload. This should provide enough information to tell what's going on
Time to create page: 0.118 seconds