Results 1 to 8 of 8

Thread: DOS attack: ACK Scan

  1. #1
    Junior Member Roundman66's Avatar
    Join Date
    May 2007
    Posts
    18

    Exclamation DOS attack: ACK Scan

    For the last week or so my router logs have stated "[DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181]". The ip address is always the same and the attacks happen about every 30 seconds or so. I have Googled the ip and the best I can tell it is from "4chan". I have talked with Charter but they were not sure what to do at this point, they new that AT&T had some issues with "4chan" but currently they were not having any problems. I asked to have my ip changed so they told me to shut all computers, router & modem down for atleast 1 minute then reboot starting withe the modem and working my way up the line. This did not help. My routers fire wall seems to be blocking the attacks from our computers so far.

    1. Has anyone else had this problem?
    2. Is there any way to fix or avoid these attacks?
    3. If this continues will it cause problems?
    4. How did this server/person get my ip? Would someone have gone to a site they should not have?

    Here are a few of lines from last night:

    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:43:00
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:42:35
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:42:10
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:41:45
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:41:20
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:40:55
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:40:30
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:40:05
    [DOS attack: ACK Scan] attack packets in last 20 sec from ip [207.126.64.181], Thursday, Jul 30,2009 01:39:40


    Any help will be greatly appreciated!
    Thank you, and have a great day!
    Roundman

  2. #2
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921
    Looks like 4chan has been hacked and needs to do some house cleaning.

    And who ever hacked it is now looking for more unprotected computers to take over.

    The attack is random as to the ip number selected most likely.

    Those attacks are the reason firewalls both software and hardware are needed. And why I started using a router in 2001.

  3. #3
    Senior Member Shoreguy's Avatar
    Join Date
    Oct 2004
    Location
    between there and here
    Posts
    809
    1st, do a complete scan of your box using malwarebytes, make sure your av and everything is updated. from what it sounds like, its following you, which indicates you've got a phish/pharm or cookie imbedded somewhere locally. the attacks are logged, which means your firewall's doing its job in blocking, but something is triggering this. what's your box being used for? inherently, any computer plugged into the internet can be attacked/infected within a few seconds of being connected, that multiplies in the % when you surf questionable sites, p2p, bittorrent, etc.
    what local firewall/antivirus/malware protection are you using?
    [SIGPIC][/SIGPIC]

  4. #4
    Junior Member Roundman66's Avatar
    Join Date
    May 2007
    Posts
    18
    When I went to cable internet I installed a router for this purpose which has payed off. It also helps me control where my kids go!

    We are using McAfee VS & firewall and I have used Malwarebytes before. I will run Malwaebytes on my pc and I will install it on all of the others on my network.

    My youngest son has been downloading videos and music from who know's where so I feel he may be the one responsible for drawing the attack.

  5. #5
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921
    Malwarebytes and SuperAntispyware http://www.superantispyware.com/ compliment each other real well.

    Generally what one does not find, the other one will.

  6. #6
    Junior Member Roundman66's Avatar
    Join Date
    May 2007
    Posts
    18
    I ran Malwarebytes

  7. #7
    Junior Member Roundman66's Avatar
    Join Date
    May 2007
    Posts
    18
    I hit the wrong key and posted before I was through.
    All of our pc's were clean except for my youngests son's. He had 2 or 3 mp3z issues and 1 rogue. After cleaning and rescanning he is back up and going.

    I have not had any attacks since yesterday morning (before cleaning my sons pc). It has been over 24 hours since the last attack so maybe the problem at the server has been fixed or atleast taken off line. If I have any more attacks I will reply to this post.

    Train, I will check into the SuperAntispyware. Are you using the free version of the Pro? Are there many differences?

    Thanks for all of the input!
    Roundman

  8. #8
    Lifetime Friend of Staff
    Join Date
    May 2007
    Location
    Sheboygan, WI
    Posts
    3,921
    I use the free version. It works just fine.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •