DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

DoS udp_flood attacks

  • garydrew
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
23 Feb 2014 10:59 #79166 by garydrew
DoS udp_flood attacks was created by garydrew
Recently I have noticed an increase in “DoS udp_flood Block” entries registered by my router.
They occur at various times of day and night.
They are coming from 8.26.56.26,53. ARIN states 8.26.56.26 as Level 3 Communications, Inc.

I use Wireshark to monitor my network and extracts provide...
LOCAL0.INFO: Feb 23 10:31:06 Feb 23 10:31:06 gjdpc.router: DoS udp_flood Block(10s) 8.26.56.26,53 -> ??.?.?.??,19999 PR udp len 20 77
(with ??.?.?.?? my IP address, hidden to retain privacy)

I have contacted the company, but in the meantime I was wondering if these are genuine udp flood attacks, or just legitimate background activity (such as banner ad traffic) that I cannot pin down.

Any thoughts please?

---
Specs: Vigor2600 router, Lubuntu 12.04.03 (also Windows XP on another machine), private home network (not a business), Wireshark v1.6.7

Please Log in or Create an account to join the conversation.

More
23 Feb 2014 12:30 #79167 by babis3g
Replied by babis3g on topic Re: DoS udp_flood attacks
if you have performed request of testing dns lookups maybe the router drops the packets so the computer will try again ... i would say is not danger ... it looks like the 8.26.56.26,53 is your dns server

If you have a server running which other people accessing it also can be a case of someone flooding you (maybe don't like your server, other ways why to flood you ) but then if your connection is not going down it may not be the case

Please Log in or Create an account to join the conversation.

  • garydrew
  • Topic Author
  • Offline
  • Junior Member
  • Junior Member
More
28 Feb 2014 11:59 #79225 by garydrew
Replied by garydrew on topic Re: DoS udp_flood attacks
I am guessing that they are intrusion attacks. My router blocks DoS udp_flood attacks, so they are not causing my connection to fail.
It is not one of my own DNS servers, the addresses for those are completely different.
Thanks anyway.

Please Log in or Create an account to join the conversation.

More
04 Mar 2014 07:14 #79268 by broccoli
Replied by broccoli on topic Re: DoS udp_flood attacks

Please Log in or Create an account to join the conversation.

Moderators: Sami