DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Making sense of alerts.

  • marcw
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
02 Dec 2009 18:10 #1 by marcw
Making sense of alerts. was created by marcw
I keep getting alerts from my router, looking as thouh it's attacking itself.

The source and destination IPs are almost always that of one of my external IP addresses. Am I missing something subtle, here, or is it just a pointless alert?

Draytek 2820vn

Example entries:

DOS][Block][udp_flood, timeout=10][2??.1??.??.2??:60142->2??.1??.??.2??:35974][UDP][HLen=20, TLen=1308]
[DOS][Block][udp_flood, timeout=10][2??.1??.??.222:63885->2??.1??.??.222:35974][UDP][HLen=20, TLen=249]
[DOS][Block][udp_flood, timeout=10][2??.1??.??.222:63885->2??.1??.??.222:35974][UDP][HLen=20, TLen=399]
[DOS][Block][tcp_flag, scanner=fin_wo_ack][2??.1??.??.222:55657->222.1??.??.222:25][TCP][HLen=20, TLen=40, Flag=F, Seq=3020597573, Ack=0, Win=65535]
[DOS][Block][tcp_flag, scanner=fin_wo_ack][2??.1??.??.217:58064->2??.1??.??.217:25][TCP][HLen=20, TLen=40, Flag=F, Seq=4024456782, Ack=0, Win=65535]
[DOS][Block][udp_flood, timeout=10][90.206.45.197:55753->90.206.45.197:58977][UDP][HLen=20, TLen=520]
[DOS][Block][udp_flood, timeout=10][90.206.45.197:55753->90.206.45.197:58977][UDP][HLen=20, TLen=101]
[DOS][Block][tcp_flag, scanner=fin_wo_ack][2??.1??.??.222:46449->2??.1??.??.222:25][TCP][HLen=20, TLen=40, Flag=F, Seq=3698167683, Ack=0, Win=65535]

(I've redacted the IP address, as who knows who's out there reading this- nevertheless, it's the same (WAN) address on both sides).
--
Marc

Cleopatra Consultants Ltd

Please Log in or Create an account to join the conversation.

Moderators: Sami