on 18-01-2023 09:28
Hello. would it be possible to speak with a forum team member as I would like to share some network logs with you and get some advice on the matter..
Thank you
[MOD EDIT: Subject title changed for clarity]
on 18-01-2023 09:52
Post the logs here, use copy and paste and all the MAC addresses will be replaced with *****.*****.*****.****. You will get a much quicker response from some very experienced users. Also please define the problem, if you have one.
on 18-01-2023 10:39
Ok so I have the xr1000 connected to my hub, the past couple of days I have noticed in the logs these below, is this a Dos attack on me?
[DoS attack: ACK Scan] from source 142.250.178.10,port 443 Wednesday, Jan 18,2023 08:25:27
[DoS attack: ACK Scan] from source 142.250.178.10,port 443 Wednesday, Jan 18,2023 08:25:17
[DoS attack: ACK Scan] from source 157.240.225.18,port 443 Wednesday, Jan 18,2023 08:25:08
[DoS attack: ACK Scan] from source 13.33.52.60,port 80 Wednesday, Jan 18,2023 08:24:26
[DoS attack: ACK Scan] from source 13.224.81.129,port 80 Wednesday, Jan 18,2023 08:24:21
[DoS attack: ACK Scan] from source 199.232.58.132,port 443 Wednesday, Jan 18,2023 08:24:19
[DoS attack: ACK Scan] from source 192.99.44.206,port 443 Wednesday, Jan 18,2023 08:24:18
on 18-01-2023 12:44
It’s the "DoS attack:" message that is wrong in my mind. It’s just people sniffing your connection to see if there is a way into your system. I get lots of these each week. My router gives a much better message:
[WAN_IN-RET-3035] IN=eth9 OUT=br0 MAC=my MAC address:src=nnn.142.125.160 DST=192.168.0.228 LEN=60 TOS=0x00 PREC=0x00 TTL=246 ID=0 PROTO=TCP SPT=5189 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0