Posted July 26, 2017 Hi guys i need some help try to block this Dos attack iv'e been getting repeatedly everyday and my ISP won't do anything about it. what can i do to stop it ? it has been causing all my devices to crash. here is the log i got from the router log. Description Count Last Occurrence Target Source [DoS attack: Ping Of Death] from 10.0.43.64, port 0 3 Wed Jul 26 15:45:27 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 14:15:45 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Ping Of Death] from 10.0.43.64, port 0 3 Wed Jul 26 13:53:06 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 12:52:39 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Ping Of Death] from 10.0.43.64, port 0 4 Wed Jul 26 12:40:01 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 3 Wed Jul 26 12:26:40 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 12:26:36 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 1 Wed Jul 26 09:58:25 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Ping Of Death] from 10.0.43.64, port 0 1 Wed Jul 26 05:39:56 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 03:29:37 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 5 Wed Jul 26 02:23:33 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 02:19:12 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 1 Wed Jul 26 02:19:12 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 02:19:11 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 4 Wed Jul 26 02:19:11 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Illegal Fragments] from 10.0.43.64, port 0 1 Wed Jul 26 02:19:11 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 1 Wed Jul 26 02:19:11 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Ping Of Death] from 10.0.43.64, port 0 1 Wed Jul 26 02:19:11 2017 16.163.235.167:0 10.0.43.64:0 [DoS attack: Teardrop or derivative] from 10.0.43.64, port 0 15 Wed Jul 26 02:19:11 2017 16.163.235.167:0 10.0.43.64:0 Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Whose your provider? If it's a volumetric attack, it can't be stopped on your end. Period. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Author Just now, Mornincupofhate said: Whose your provider? If it's a volumetric attack, it can't be stopped on your end. Period. comcast Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Well posting your IP address isn't helping matters Donate your unused computer resources for cancer and other research. For Zinsey ❤ Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Author 1 minute ago, iamdarkyoshi said: Well posting your IP address isn't helping matters thats not my ip addrees thats the attackers ip Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 All of these reports say " from 10.0.43.64 " - that IP is not a public IP, therefore this is coming from something in your LAN. Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Just now, bgc341 said: comcast Back in the days of ddos I used to be able to hit off entire comcast nodes with one attack. Comcast doesn't care about ddos attacks. Your best bet is to ask them to change your IP address and get on a VPN whenever you're gaming. Even if they're not capping out your bandwidth, your modem is still going to die with the amount of packets getting sent to it. Disable ICMP if it isn't already disabled. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Author Just now, brwainer said: All of these reports say " from 10.0.43.64 " - that IP is not a public IP, therefore this is coming from something in your LAN. intreasting thats not the assigned ip addresses for my devices Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 The attack doesn't look like it's distributed, and in fact, it's coming from only one address. That address is broadband and doesn't seem to be coming from a datacenter. You could probably call up his ISP and report it with the logs. http://whatismyipaddress.com/ip/16.163.235.167 Enjoy. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Author 1 minute ago, Mornincupofhate said: The attack doesn't look like it's distributed, and in fact, it's coming from only one address. That address is broadband and doesn't seem to be coming from a datacenter. You could probably call up his ISP and report it with the logs. http://whatismyipaddress.com/ip/16.163.235.167 Enjoy. thanks Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 From the logs, it also looks like he has no idea what he's doing. He's trying different attacks that shouldn't be working with most modems (Ping of death) Disable ICMP and block incoming fragmented packets in the firewall when the attack starts and see if that mitigates it. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Author 1 minute ago, Mornincupofhate said: From the logs, it also looks like he has no idea what he's doing. He's trying different attacks that shouldn't be working with most modems (Ping of death) Disable ICMP and block incoming fragmented packets in the firewall when the attack starts and see if that mitigates it. i did that but it still gets through Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 What confuses me is that your IDS says the attacks are coming from inside your network, and are attack a location outside your network. If that's the case, then I gave you your own IP address. Comcast really needs to get their shit together. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 1 minute ago, bgc341 said: i did that but it still gets through Yeah then there's nothing you can do. Modems aren't at all built to sustain high packet per second attacks. Call up comcast and get a new IP address and pay for a VPN. I use www.privateinternetaccess.com Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 5 minutes ago, Mornincupofhate said: The attack doesn't look like it's distributed, and in fact, it's coming from only one address. That address is broadband and doesn't seem to be coming from a datacenter. You could probably call up his ISP and report it with the logs. http://whatismyipaddress.com/ip/16.163.235.167 Enjoy. That's a static IP address to HP. Either HP has got an infected host, or someone is about to get fired, lol. Only way I can see a 10.x.x.x address attacking OP is if it's within Comcast's internal network which would be pretty sad. Current Network Layout: Current Build Log/PC: Prior Build Log/PC: Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 once again.. someone doesnt understand the difference between DoS and DDoS.. this is a DoS attack, blocking this is as easy as blocking/ignoring the host this is coming from. which.. by the way.. 10.0.0.0 is meant for local usage only, so this shouldnt be coming from out on the interwebz anyways. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Just now, Lurick said: That's a static IP address to HP. Either they've got an infected host, or someone is about to get fired, lol. Only way I can see a 10.x.x.x address attacking OP is if it's within Comcast's internal network which would be pretty sad. Or comcast fucked up while building their IDS. Which is most likely the case. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 1 minute ago, manikyath said: once again.. someone doesnt understand the difference between DoS and DDoS.. this is a DoS attack, blocking this is as easy as blocking/ignoring the host this is coming from. which.. by the way.. 10.0.0.0 is meant for local usage only, so this shouldnt be coming from out on the interwebz anyways. Wrong. His modem clearly can't handle the high pps rate that's coming through the line. Therefore, he can't mitigate it. He's already tried denying the packets. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Just now, Mornincupofhate said: Or comcast fucked up while building their IDS. Which is most likely the case. Most likely yah, Comcast isn't exactly known for their quality of service Current Network Layout: Current Build Log/PC: Prior Build Log/PC: Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 15 minutes ago, bgc341 said: it has been causing all my devices to crash. can you define what you mean by this? Are devices rebooting, or do you just mean that connections stop working? Looking to buy GTX690, other multi-GPU cards, or single-slot graphics cards: Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Just now, Mornincupofhate said: Wrong. His modem clearly can't handle the high pps rate that's coming through the line. Therefore, he can't mitigate it. He's already tried denying the packets. still though, how the flip is it coming from the 10.0.0.0 subnet? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Just now, manikyath said: still though, how the flip is it coming from the 10.0.0.0 subnet? Spoofed flood. Or as I said earlier, comcast fucked up on their IDS. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Just now, brwainer said: can you define what you mean by this? Are devices rebooting, or do you just mean that connections stop working? and more specificly, which devices. tek sappurt rule 1: when a user says "all devices" there is a severe lack of testing. Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 18 minutes ago, bgc341 said: it has been causing all my devices to crash. I totally missed this part. What's crashing? Your modem or your actual PC? Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Posted July 26, 2017 Author Just now, brwainer said: can you define what you mean by this? Are devices rebooting, or do you just mean that connections stop working? they are freezing and crashing im using comodo and malwarebytes to try and stop it from reaching my computer and my Android phone but it still has reached said devices Link to comment Share on other sites More sharing options... Link to post Share on other sites More sharing options...
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now