Find the answer to your Linux question:
Results 1 to 6 of 6
Hey folks, I was looking through the logs of my Wireless Router which is also a Firewall and I see a lot of activity but I'm not sure if I ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864

    Wireless Router/Firewall Logs


    Hey folks,
    I was looking through the logs of my Wireless Router which is also a Firewall and I see a lot of activity but I'm not sure if I should be concerned or not. The fact that it's occurring within seconds of each other, I think it might be degrading my connectivity. I do know that 10.192.0.1 is NameServer: BLACKHOLE-1.IANA.ORG, but why are they showing as DoS attacks? Can I get my router to ignore these or is it already being Ignored? Any Insight will be much appreciated. TIA.
    Sat May 31 13:30:47 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:49 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:30:49 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:52 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:52 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:30:53 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:54 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:54 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:30:55 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:55 2008 1 Blocked by DoS protection 10.199.242.1
    Sat May 31 13:30:55 2008 1 Blocked by DoS protection 10.199.242.1
    Sat May 31 13:30:55 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:30:55 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:30:59 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:30:59 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:01 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:31:01 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:03 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:31:03 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:08 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:31:08 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:09 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:11 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:31:13 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:16 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:16 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:19 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:21 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:23 2008 1 Blocked by DoS protection 10.199.7.1
    Sat May 31 13:31:24 2008 1 Blocked by DoS protection 10.192.0.1
    Sat May 31 13:31:25 2008 1 Blocked by DoS protection 10.192.0.1
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746
    I think you'll want to find out what your firewall defines as "DoS protection."

    That will tell you what's triggering the firewall and whether or not you should worry about it. Based on what you've posted, there's no way to tell.

    Edit: Ha! I didn't even glance at the IP at first. The IP listed is in the IANA "private" range. Which means this is probably some machine on your ISP's private network. It may be something that just pings periodically - again, I don't know what the router defines as "DoS protection."

  3. #3
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Quote Originally Posted by HROAdmin26 View Post
    I think you'll want to find out what your firewall defines as "DoS protection."

    That will tell you what's triggering the firewall and whether or not you should worry about it. Based on what you've posted, there's no way to tell.

    Edit: Ha! I didn't even glance at the IP at first. The IP listed is in the IANA "private" range. Which means this is probably some machine on your ISP's private network. It may be something that just pings periodically - again, I don't know what the router defines as "DoS protection."
    So, I should probably locate the user manual and see if there is any explanation for DoS protection? This might take awhile! heh
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

  4. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,672
    OK, the IP Address is Private range but will not stop the packet from coming from anywhere in the world. Routing is done on the Destination address not the Source.

    DoS - Denial of Service Attack.

    If I were to attempt to do a DoS on someone I too would use a private address range in order to make it more difficult for you to find me.

    This type of attack is designed to clog your connection and stop your service. I would not just ignore them.

    If you are a normal user then I would reset my DHCP connection to get a new one. This would stop the attacks unless the person who is sending the attack is sending it on a range of ports.

    If you own the address, static, then I would have my provider start looking into where the DoS is coming from. If it is local they will be able to locate it and put an end to it.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  5. #5
    Administrator jayd512's Avatar
    Join Date
    Feb 2008
    Location
    Kentucky
    Posts
    5,023
    Howdy, Mike!

    Not sure if you're still looking into your router logs, but I found this link... it's got some info on the Black Hole servers. In fact, down near the bottom is an FAQ section. #6 seems to be part of what you may be looking for.

    Hope it helps!
    Jay

    New users, read this first.
    New Member FAQ
    Registered Linux User #463940
    I do not respond to private messages asking for Linux help. Please keep it on the public boards.

  6. #6
    Administrator MikeTbob's Avatar
    Join Date
    Apr 2006
    Location
    Texas
    Posts
    7,864
    Thanks Jayd, that is exactly what I needed, I still haven't figured out what to do about it though. I guess I need to try setting my DNS by hand rather than using DHCP.
    I do not respond to private messages asking for Linux help, Please keep it on the forums only.
    All new users please read this.** Forum FAQS. ** Adopt an unanswered post.

    I'd rather be lost at the lake than found at home.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •