SOHO Router Issue - DoS attack?

dipenshah · May 18, 2016, 09:59:10 PM

Hi All,

Today I was playing around with a router at friends place. I logged into his router in order to change the password without letting him know. When I tried to apply changes the router got stalled and from then on I was unable to access net and router both until I did a hard reset.

Now, when I am looking at the logs I saw: [DoS attack: Ping Of Death] from 100.3.229.0, port 0 and then [DoS attack: Teardrop or derivative] from 100.3.229.0, port 0 continued till I did a hard Reset.

Any idea why SOHO router got stalled?

deanwebb · May 18, 2016, 10:16:03 PM

What's the DHCP range for the internal network or networks? And does the router get a 10.x IP for its internet-facing address?

Because them 10.x packets ain't supposed to be routed across the Internets. RFC 1918 and all that.

dipenshah · May 19, 2016, 12:07:20 AM

For internal networks it was 192.168.x.x and router did not get a 10.x on Internet facing address either.

Sent from my iPhone using Tapatalk

deanwebb · May 19, 2016, 07:55:38 AM

Whoops, I saw 10 and it was 100... I need better eyes... geolookup puts that IP in Tampa, Florida, USA. Verizon IP address. Do you know anyone from there? If so, he's pranking you. If not, then it's a random hacker, probably using an unwitting host there to do damage to one IP after another. You could complain to Verizon and see what they say about it.

dipenshah · May 20, 2016, 11:42:39 AM

I don't know anyone from Tampa. Yes, I will definitely have a conversation with the ISP

Sent from my iPhone using Tapatalk

SOHO Router Issue - DoS attack?

dipenshah

deanwebb

dipenshah

deanwebb

dipenshah