Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: router reporting frequent security alerts

router reporting frequent security alerts 10 years 7 months ago #14048

Recently configured my router to email me when it detects a DoS attack or a port scan.

i'm finding very frequent UDP and TCP Packet DoS alerts.

an example

TCP Packet - Source:xx.xx.xxx.xx,xxxx Destination:xxx.x.x.xx,xxxxx - [DOS]

what is going on here surely there can't be that many DoS attacks on my network everyday.
The administrator has disabled public write access.

Re: router reporting frequent security alerts 10 years 7 months ago #14049

  • nske
  • nske's Avatar
  • Offline
  • Expert Member
  • Posts: 613
  • Karma: 0
Well, we should know more on what kind of traffic the router considers abnormal and marks as a DoS. Unfortunately the example doesn't say anything.

Some things that would be useful to clarify:
- Does the suspicious traffic come from within the network or from the outside?
- Is there some apparent pattern on the traffic? I.e, is it destined to a specific host and coming from multiple soures, or the opposite?
- What is the duration of each "attack" and what hosts of your network does it involve (operating system, role -if they serve as a workstation or to provide some kind of services)

You could configure your router to log the full header information of the traffic, or ideally the whole traffic including the payload. This should provide enough information to tell what's going on ;)
The administrator has disabled public write access.
Time to create page: 0.071 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup