Windows 10: DOS Attack / Syn Flood Attack On Router Causes

Discus and support DOS Attack / Syn Flood Attack On Router Causes in Windows 10 Network and Sharing to solve the problem; Hello, a couple weeks ago, the internet connectivity for allof the devices in my house started going out at random times throughout theday. I run... Discussion in 'Windows 10 Network and Sharing' started by JW316, Feb 26, 2021.

  1. JW316 Win User

    DOS Attack / Syn Flood Attack On Router Causes


    Hello, a couple weeks ago, the internet connectivity for allof the devices in my house started going out at random times throughout theday. I run WIndows 10 on a couple of the devices and MacOS on the others. Within 5 minutes, everything would come back online. This was frustrating considering I work from home. This happened about3-4 times per day at random times. I checked the router logs and it showed DOSattacks and SYN Floods.


    So I reset my router, called my ISP and received a newdynamic ip address for the router. The internet continued to drop throughoutthe day at the same frequency. The ISP said everything looked fine on theirend. I have been using this Netgear router without issues for 3 years and thefirmware said it was up to date. I will mention the time was ahead 1 hour inthe router logs. Every time the internet dropped, I noticed the router logs would saysomething about Syncing Time in the router logs. I finally decided to just renta router/modem from the ISP for $25 per month and now everything is back tonormal. I will also mention we have had Norton running on all of our devicesfor the past couple years.


    My guess is someone discovered the MAC address for my routerand was DOSing it or SYN flooding it.

    My question is how could someone obtain the MAC address ofmy router?

    Or perhaps they were able to discover the new ip address ofthe router.

    Either way, could you explain how someone obtains the ipaddress or MAC address of the router?


    What are your theories on what caused this all of a suddenafter 3 years with no issues?

    :)
     
    JW316, Feb 26, 2021
    #1

  2. Simulate SYN attack

    I apologize in advance if I don't truly understand the question.
    When sending a SYN flood attack the point of it to attempt to create as many half open connections on the victim as possible. This leaves each of the half open connections in the SYN-RECVD state temporarily utilizing resources.

    However, it appears that you are not sending your SYN flood properly by not spoofing the attackers source IP. When your attacking machine receives the SYN/ACK it will immediately send a reset packet shutting down that socket and negating any flood attempts. However I am not familiar wit the behavior of the Windows Firewall. If you spoof the source address to an unused IP the RST will not get sent and each SYN/ACK being sent by the victim will go into exponential back off dramatically upping the effectiveness of the attack. (please use an IP in private space so the SYN/ACKs aren't reflecting back at something on the internet)

    Ok, next up is the fact that you are replaying the same packet with the same 4-tuple and the same initial sequence number. You need each SYN to be unique to be effective. I would strongly suggest you use any Linux distro and the application "hping3". You should be able to get the results you want. Also consider that ping uses ICMP and may not be a good test of server delay since it is considerably different process in how the server responds. May I suggest nmap or even hping3 again for testing the servers TCP response.
     
    Jeff Pliska, Feb 26, 2021
    #2
  3. felmo_ Win User
    Simulate SYN attack

    I am trying to simulate a SYN attack for an essay I am doing and gather some results (time taken for computer to respond to some message), but nothing seems to happen when I try this method.

    I use WAMP server to host a basic server on the victim PC using a local router with no internet access, completely disable all firewalls on the router and the PC, and then access the web page that is hosted by the victim PC on the attacker PC in order to capture a legitimate SYN packet using wireshark.

    I then copy the hexadecimal for the legitimate SYN packet into colasoft packet builder, and change the source port to 1444, and then create a new rule for windows firewall to block all inbound connections on that port, so that the SYN, ACK is not responded to in any way.

    I then ping the victim PC from the attacker PC procedurally to check for a reply delay and loop send the now malicious SYN packet to the victim PC, but there is no delay in response except from the occasional spike which is to be expected.

    My question is what am I doing wrong, or is there a better way of simulating a SYN attack than this on windows? (as a sidenote, I tried to use hping, but could not get this to work at all.)

    Thanks!
     
    felmo_, Feb 26, 2021
    #3
  4. DOS Attack / Syn Flood Attack On Router Causes

    Router DoS Attack Logs

    Hey guys, is it normal to see such a wide variety of ports being probed? And due to the fact that these logs are listed, that just means the request was dropped? I wasn't attacked?

    Ports being scanned are .... 80, 443, 8487, 22, 53, 8877, 22, 60978, 8010, 3389, 35029, 8040, 40031, 1252, 6005, 8024, 6005, 7723, 2106 etc etc etc.

    [admin login] from source 192.168.1.4, Sunday, November 17, 2013 07:03:18
    [DoS Attack: SYN/ACK Scan] from source: 121.199.56.103, port 80, Sunday, November 17, 2013 06:40:08
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Sunday, November 17, 2013 06:05:20
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 8487, Sunday, November 17, 2013 05:38:19
    [DoS Attack: SYN/ACK Scan] from source: 46.105.111.169, port 80, Sunday, November 17, 2013 04:30:02
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Sunday, November 17, 2013 04:29:53
    [DoS Attack: SYN/ACK Scan] from source: 168.62.23.92, port 80, Sunday, November 17, 2013 04:20:33
    [DoS Attack: SYN/ACK Scan] from source: 94.23.183.196, port 80, Sunday, November 17, 2013 03:57:59
    [DoS Attack: SYN/ACK Scan] from source: 176.31.225.30, port 22, Sunday, November 17, 2013 03:34:12
    [DoS Attack: SYN/ACK Scan] from source: 121.199.39.232, port 53, Sunday, November 17, 2013 02:33:45
    [DoS Attack: SYN/ACK Scan] from source: 91.214.70.98, port 8877, Sunday, November 17, 2013 02:31:22
    [DoS Attack: SYN/ACK Scan] from source: 121.199.39.232, port 22, Sunday, November 17, 2013 02:26:00
    [DoS Attack: TCP/UDP Chargen] from source: 192.241.147.176, port 60978, Sunday, November 17, 2013 02:13:09
    [DoS Attack: SYN/ACK Scan] from source: 91.214.70.98, port 8877, Sunday, November 17, 2013 02:04:34
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Sunday, November 17, 2013 01:22:34
    [DoS Attack: SYN/ACK Scan] from source: 154.47.160.69, port 8010, Sunday, November 17, 2013 01:18:33
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Sunday, November 17, 2013 01:13:25
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 3389, Sunday, November 17, 2013 00:31:58
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Sunday, November 17, 2013 00:30:53
    [DoS Attack: TCP/UDP Chargen] from source: 94.102.51.225, port 35029, Sunday, November 17, 2013 00:05:28
    [DoS Attack: SYN/ACK Scan] from source: 154.47.160.19, port 8040, Saturday, November 16, 2013 22:55:34
    [DoS Attack: SYN/ACK Scan] from source: 192.198.197.244, port 80, Saturday, November 16, 2013 22:33:30
    [DoS Attack: SYN/ACK Scan] from source: 203.211.130.242, port 80, Saturday, November 16, 2013 22:14:42
    [admin login] from source 192.168.1.5, Saturday, November 16, 2013 22:11:36
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 21:46:47
    [DoS Attack: RST Scan] from source: 31.13.69.80, port 443, Saturday, November 16, 2013 21:34:01
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 21:24:15
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 21:08:43
    [DoS Attack: RST Scan] from source: 204.186.215.59, port 443, Saturday, November 16, 2013 21:02:22
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 3389, Saturday, November 16, 2013 20:52:25
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 19:59:19
    [DoS Attack: RST Scan] from source: 54.235.80.198, port 443, Saturday, November 16, 2013 19:38:34
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 19:26:37
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 19:22:36
    [DoS Attack: SYN/ACK Scan] from source: 37.187.77.93, port 443, Saturday, November 16, 2013 19:15:33
    [DoS Attack: RST Scan] from source: 128.242.186.206, port 443, Saturday, November 16, 2013 19:14:38
    [DoS Attack: RST Scan] from source: 31.13.69.80, port 443, Saturday, November 16, 2013 19:08:06
    [DoS Attack: SYN/ACK Scan] from source: 198.78.220.126, port 80, Saturday, November 16, 2013 19:01:16
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 18:59:34
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 18:49:50
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 18:23:47
    [DoS Attack: SYN/ACK Scan] from source: 198.78.220.126, port 80, Saturday, November 16, 2013 18:08:31
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 18:07:01
    [Time synchronized with NTP server] Saturday, November 16, 2013 17:59:05
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 17:51:14
    [admin login] from source 192.168.1.7, Saturday, November 16, 2013 17:47:23
    [admin login failure] from source 192.168.1.7, Saturday, November 16, 2013 17:47:20
    [admin login failure] from source 192.168.1.7, Saturday, November 16, 2013 17:47:18
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 17:45:31
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 17:41:17
    [DoS Attack: RST Scan] from source: 31.13.71.49, port 443, Saturday, November 16, 2013 17:38:50
    [admin login] from source 192.168.1.4, Saturday, November 16, 2013 17:28:22
    [admin login] from source 192.168.1.7, Saturday, November 16, 2013 17:15:07
    [DoS Attack: SYN/ACK Scan] from source: 168.62.23.92, port 40031, Saturday, November 16, 2013 16:55:12
    [DoS Attack: RST Scan] from source: 8.27.243.126, port 80, Saturday, November 16, 2013 16:00:01
    [DoS Attack: RST Scan] from source: 173.252.73.51, port 443, Saturday, November 16, 2013 15:24:38
    [DoS Attack: SYN/ACK Scan] from source: 176.31.60.250, port 1252, Saturday, November 16, 2013 15:19:51
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 15:08:05
    [DoS Attack: SYN/ACK Scan] from source: 198.78.220.126, port 80, Saturday, November 16, 2013 14:54:53
    [DoS Attack: RST Scan] from source: 31.13.71.49, port 443, Saturday, November 16, 2013 14:43:30
    [DoS Attack: SYN/ACK Scan] from source: 198.78.220.126, port 80, Saturday, November 16, 2013 14:41:17
    [DoS Attack: SYN/ACK Scan] from source: 5.135.198.161, port 6005, Saturday, November 16, 2013 13:57:59
    [DoS Attack: SYN/ACK Scan] from source: 149.5.169.20, port 8024, Saturday, November 16, 2013 13:42:13
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 8487, Saturday, November 16, 2013 13:39:09
    [DoS Attack: SYN/ACK Scan] from source: 188.165.213.63, port 80, Saturday, November 16, 2013 13:17:49
    [DoS Attack: SYN/ACK Scan] from source: 154.35.175.201, port 6667, Saturday, November 16, 2013 12:14:55
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 12:14:16
    [DoS Attack: RST Scan] from source: 207.178.57.59, port 80, Saturday, November 16, 2013 11:55:17
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 11:29:48
    [DoS Attack: SYN/ACK Scan] from source: 119.81.38.59, port 80, Saturday, November 16, 2013 10:45:36
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 09:46:55
    [DoS Attack: SYN/ACK Scan] from source: 46.105.10.89, port 22, Saturday, November 16, 2013 09:31:30
    [DoS Attack: SYN/ACK Scan] from source: 91.121.195.134, port 80, Saturday, November 16, 2013 08:07:49
    [admin login] from source 192.168.1.5, Saturday, November 16, 2013 08:05:58
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 07:41:00
    [DoS Attack: RST Scan] from source: 31.13.69.176, port 443, Saturday, November 16, 2013 07:34:04
    [admin login] from source 192.168.1.5, Saturday, November 16, 2013 07:27:19
    [DoS Attack: SYN/ACK Scan] from source: 46.105.111.169, port 80, Saturday, November 16, 2013 07:13:41
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 06:52:46
    [DoS Attack: SYN/ACK Scan] from source: 216.146.46.11, port 80, Saturday, November 16, 2013 06:42:01
    [DoS Attack: SYN/ACK Scan] from source: 94.23.116.63, port 7723, Saturday, November 16, 2013 06:37:49
    [DoS Attack: SYN/ACK Scan] from source: 185.25.152.1, port 80, Saturday, November 16, 2013 05:44:44
    [DoS Attack: SYN/ACK Scan] from source: 203.211.130.242, port 80, Saturday, November 16, 2013 04:19:48
    [DoS Attack: SYN/ACK Scan] from source: 192.99.9.157, port 2106, Saturday, November 16, 2013 04:07:49
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 03:49:53
    [DoS Attack: SYN/ACK Scan] from source: 119.81.38.59, port 80, Saturday, November 16, 2013 03:40:52
    [DoS Attack: SYN/ACK Scan] from source: 5.250.245.38, port 80, Saturday, November 16, 2013 03:19:26
    [DoS Attack: SYN/ACK Scan] from source: 95.64.37.10, port 80, Saturday, November 16, 2013 02:32:43
    [DoS Attack: SYN/ACK Scan] from source: 119.81.38.59, port 80, Saturday, November 16, 2013 02:13:58
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 8487, Saturday, November 16, 2013 01:06:02
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 3389, Saturday, November 16, 2013 01:00:35
    [DoS Attack: SYN/ACK Scan] from source: 85.17.127.225, port 1935, Friday, November 15, 2013 23:42:23
    [LAN access from remote] from 204.61.216.47:53 to 192.168.1.4:25250, Friday, November 15, 2013 23:33:55
    [admin login] from source 192.168.1.4, Friday, November 15, 2013 22:27:34
    [DoS Attack: SYN/ACK Scan] from source: 192.198.197.244, port 80, Friday, November 15, 2013 22:23:00
    [admin login] from source 192.168.1.4, Friday, November 15, 2013 22:20:56
    [DoS Attack: SYN/ACK Scan] from source: 37.59.29.220, port 80, Friday, November 15, 2013 22:20:11
    [admin login] from source 192.168.1.4, Friday, November 15, 2013 22:12:35
    [DoS Attack: SYN/ACK Scan] from source: 192.198.197.244, port 80, Friday, November 15, 2013 22:01:49
    [DoS Attack: RST Scan] from source: 208.111.161.254, port 80, Friday, November 15, 2013 21:49:09
    [admin login] from source 192.168.1.4, Friday, November 15, 2013 20:20:27
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 8487, Friday, November 15, 2013 20:03:13
    [DoS Attack: SYN/ACK Scan] from source: 121.124.124.45, port 3389, Friday, November 15, 2013 20:00:31
    [admin login] from source 192.168.1.4, Friday, November 15, 2013 19:39:57
    [DoS Attack: RST Scan] from source: 204.186.215.14, port 80, Friday, November 15, 2013 19:37:39
    [Log Cleared] Friday, November 15, 2013 19:32:12
     
    lwgnlseven, Feb 26, 2021
    #4
Thema:

DOS Attack / Syn Flood Attack On Router Causes

Loading...
  1. DOS Attack / Syn Flood Attack On Router Causes - Similar Threads - DOS Attack Syn

  2. Backdoor attack?

    in Windows 10 Software and Apps
    Backdoor attack?: My wife was almost the victim of scammers imitating PayPal. During the conversation her Blue screen said "software updating, do not turn off your computer". She scanned with Norton 360 and found nothing. Today she got the same screen. She immediately removed WiFi adapter and...
  3. Ransomeware Attack

    in Windows 10 Ask Insider
    Ransomeware Attack: hello there, was a ransomeware attack in our office,we were using Kaspersky Internet security, it failed to detect the virus, the virus spread almost all over the computers we have 350+ systems it only affected our local shared folder files. The file extension changes to...
  4. Attack

    in AntiVirus, Firewalls and System Security
    Attack: I NEED TO SHUT DOWN MY SCHOOL SERVER. HELP? contact me for I.p address and details lets make it happen. https://answers.microsoft.com/en-us/protect/forum/all/attack/982fa328-11d5-4f29-ab80-a7caccd52143
  5. RDP attack?

    in AntiVirus, Firewalls and System Security
    RDP attack?: Hi, Recently i received an email where someone says that he attacked my computer, made some screenshots and videos and asks $1,035 to not send them to friends. Email: I know XXXX is one of your password on day of hack. I use this password for 2 emails but i dont use them...
  6. CYBER ATTACK

    in AntiVirus, Firewalls and System Security
    CYBER ATTACK: Hi. We are a Windows 7 user. Today I was attacked by a cyber attack and my computer was hacked. And all my files have the LEZP extension. Please help me to fix this problem. https://answers.microsoft.com/en-us/protect/forum/all/cyber-attack/40a0a6e2-6ec2-4e0e-9acd-10a73a352757
  7. Virus ATTACK

    in AntiVirus, Firewalls and System Security
    Virus ATTACK: ATTACK???? what should I do??? @McAfee_Help caught it and quarantined it BUT...…. [ATTACH] https://answers.microsoft.com/en-us/protect/forum/all/virus-attack/9f6a5402-2b4e-47d4-8b42-bc2066c90ed6
  8. Malware attack

    in AntiVirus, Firewalls and System Security
    Malware attack: I had turned off windows defender. I was attacked by malware on my desktop computer. It has an .seto extension name. I had formatted my compter but no change. Windows defender is not turning on also. my all files became unusable. How can i recover my files....
  9. Phishing attacks

    in AntiVirus, Firewalls and System Security
    Phishing attacks: Since purchasing a new Windows 10 / Edge PC less than a month ago, it has undergone two phishing / malware attacks. The perpetrators would like you to think that their messages are Microsoft generated (I have screenshots if anyone is interested). Note that both Windows...
  10. Today's leading causes of DDoS attacks

    in Windows 10 News
    Today's leading causes of DDoS attacks: Distributed denial of service attacks are growing ever bigger. Here's what's causing them. Last fall, we saw the biggest distibuted denial of service (DDoS) attack ever. This year we'll see even bigger ones. According to Akamai's latest State of the Internet Security report,...