Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Author Topic: DOS attack on this user or on my ISP Andrews and Arnold  (Read 3153 times)

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
DOS attack on this user or on my ISP Andrews and Arnold
« on: January 03, 2016, 04:22:06 AM »

From the Andrews and Arnold logs for my lines on clueless.aa.net.uk:

Code: [Select]
Yesterday 12:18:26 Blacklist completed
Yesterday 12:17:51 Denial of Service attack

It seems A & A have some automated system now.

A bit worrying if it goes on for too long though.

« Last Edit: January 03, 2016, 08:46:47 PM by Weaver »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #1 on: January 03, 2016, 04:28:38 AM »

Well, a bit worrying that they're out there, and also reassuring that someone is doing something about it.
« Last Edit: January 03, 2016, 08:47:22 PM by Weaver »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #2 on: January 03, 2016, 08:28:00 PM »

I believe that my router, a Firebrick FB 2500, has a few defaults in respect of its own IPV4 address that are unhelpful. I'm trying to be 'stealthy', not necessarily succeeding.
« Last Edit: January 03, 2016, 08:49:59 PM by Weaver »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #3 on: January 03, 2016, 08:50:45 PM »

Thanks to user Burakkucat for his help in testing this, off-thread.
Logged

kitz

  • Administrator
  • Senior Kitizen
  • *
  • Posts: 33881
  • Trinity: Most guys do.
    • http://www.kitz.co.uk
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #4 on: January 04, 2016, 08:37:56 PM »

It will likely be some script kiddie trying their luck on a random list of IPs.

Years ago I used to get quite a lot of them and various other attempts.  Once upon a time I even reported one particular ddos attempt to the ISP which was BT, who later informed me that they had taken action.  I cant recall the exact wording but it implied they may have suspended their account.   

These days most attempts are usually via IPs in certain parts of the globe and most likely a proxy...  so  I dont even bother logging them in my router any more.
Logged
Please do not PM me with queries for broadband help as I may not be able to respond.
-----
How to get your router line stats :: ADSL Exchange Checker

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #5 on: January 04, 2016, 09:23:18 PM »

This was logged by Andrews and Arnold and they took some kind of automatic action very quickly. Burakkucat is helping me sort my stealthiness out.
Logged

NewtronStar

  • Kitizen
  • ****
  • Posts: 4898
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #6 on: January 07, 2016, 05:43:07 PM »

Have about 20 Possible DoS attack detected from xx:xx:xx:xx in one month of router logs the IP address's are always different and at different times of the day it does not worry me it shows the router firewall is doing the job it was designed for  :fingers:

one that shows up a few times is 185.94.111.1 - IP address, location, and related information. IP lookup is Russian Federation for 185.94.111.1 address.
« Last Edit: January 07, 2016, 05:54:59 PM by NewtronStar »
Logged

Weaver

  • Senior Kitizen
  • ******
  • Posts: 11459
  • Retd s/w dev; A&A; 4x7km ADSL2 lines; Firebrick
Re: DOS attack on this user or on my ISP Andrews and Arnold
« Reply #7 on: January 07, 2016, 06:21:08 PM »

This was detected by the ISP though, Andrews and Arnold, not by my own firewall. It may be that Andrews and Arnold slammed the door shut so that the DOS wouldn't rack up a bill on my account. (As I pay for MB downstream.)
Logged