Hi guys,
I am a BT customer in the UK and on checking the router logs after a recent outage it seems my router is at least being used as a reflector for attacks by nation/s states for attacks. below are a few exerpts (out of the hundreds) from my router log in no particular order;
04:00:01, 21 Apr.
DoS(Spoofing): IN=ppp1 OUT= MAC= SRC=49.232.158.14 DST=redacted - the ip of my local bt exchange LEN=60 TOS=0x00 PREC=0x60 TTL=49 ID=11465 PROTO=TCP SPT=45259 DPT=51584 WINDOW=0 RES=0x00 URG ACK PSH RST SYN FIN URGP=40499 MARK=0x8000000
DoS(UDP Loopback): IN=ppp1 OUT= MAC= SRC=64.62.197.43 DST=redacted - the ip of my local bt exchange LEN=29 TOS=0x00 PREC=0x00 TTL=52 ID=62825 DF PROTO=UDP SPT=44858 DPT=19 LEN=9 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.15 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=900 DF PROTO=TCP SPT=58581 DPT=5814 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.9 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=51757 DF PROTO=TCP SPT=42593 DPT=9946 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.138 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=34822 DF PROTO=TCP SPT=52762 DPT=9076 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.133 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=26863 DF PROTO=TCP SPT=40071 DPT=4206 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.14 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=31607 DF PROTO=TCP SPT=53105 DPT=61913 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=30992 DF PROTO=TCP SPT=22505 DPT=5407 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=3219 DF PROTO=TCP SPT=22598 DPT=8524 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.10 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=42552 DF PROTO=TCP SPT=29382 DPT=5658 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.133 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=2147 DF PROTO=TCP SPT=43867 DPT=7550 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=50986 DF PROTO=TCP SPT=27039 DPT=10091 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=21760 DF PROTO=TCP SPT=41660 DPT=8145 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.14 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=20132 DF PROTO=TCP SPT=57124 DPT=32800 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=57026 DF PROTO=TCP SPT=14990 DPT=4204 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=35577 DF PROTO=TCP SPT=12000 DPT=17180 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.13 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=32320 DF PROTO=TCP SPT=14628 DPT=5304 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=21631 DF PROTO=TCP SPT=21953 DPT=9312 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.133 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=50061 DF PROTO=TCP SPT=33355 DPT=22071 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=45704 DF PROTO=TCP SPT=39690 DPT=9129 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=42 ID=25496 DF PROTO=TCP SPT=13952 DPT=6305 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.133 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=13444 DF PROTO=TCP SPT=43323 DPT=50443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=111.7.96.132 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=41 ID=58937 DF PROTO=TCP SPT=36574 DPT=671 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=26890 DF PROTO=TCP SPT=31979 DPT=7282 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.12 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=26104 DF PROTO=TCP SPT=26946 DPT=15418 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.12 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=20593 DF PROTO=TCP SPT=40621 DPT=7836 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=50294 DF PROTO=TCP SPT=47240 DPT=31340 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=26229 DF PROTO=TCP SPT=20229 DPT=4602 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.17 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=47 ID=40654 DF PROTO=TCP SPT=19714 DPT=7417 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.11 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=60205 DF PROTO=TCP SPT=23944 DPT=9749 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=45.143.203.12 DST=redacted - the ip of my local bt exchange LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=23494 PROTO=TCP SPT=45696 DPT=59883 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
04:00:01, 21 Apr.
DoS(SYN Flooding): IN=ppp1 OUT= MAC= SRC=123.160.221.13 DST=redacted - the ip of my local bt exchange LEN=52 TOS=0x00 PREC=0x00 TTL=48 ID=62970 DF PROTO=TCP SPT=35030 DPT=9560 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x8000000
after doing whois searches I have IPs from all over the world, the first appeared to be russian, then ukrainian but since I have had many from across the US afew from part of europe and now lots from China. God knows the actual location of the attacker/s
As I said previously BT must be aware of this and I am very aware that the 'smart' hub 2 is an absolute piece of crap with very little if any defense, I have reset the router and changed the password to a new max length alphanumeric value many times but they return within the day. I am reticent to have BT snooping on my line any more than is necessary as I like to torrent a thing or 2 from time to time.
What would be a good, reasonably secure but cost affective alternative to the smart hub bearing in mind these attacks? I have been thinking about the above HG612 purely as a modem and then pairing it with another router, would a newer modem be better do you have any recommendations?
thanks in advance