Your question
Solved

Cannot stop hundreds of DOS attacks (an hour) SYN Floods & many others no matter what I try. What can I do?

Tags:
  • DOS
  • Remote Access
Last response: in Antivirus / Security / Privacy
April 26, 2017 4:16:24 PM

Have tried over 2 dozen methods to stop this, including switching modems - but nothing is working? Is there ANY WAY that I can put an end to this? I briefly read up on utilizing a script to allow a handshake to occur and thereby putting an end to the half-handshakes that are occurring, but I wanted to reach out to the community first. Any help would be greatly appreciated!

More about : stop hundreds dos attacks hour syn floods matter

April 27, 2017 12:13:30 PM

How are you seeing/detecting the attacks?

Can you document the nature and scope of the attacks?

Start by contacting your ISP and reporting abuse.

If someone is targeting the ISP's address for your router then the ISP should be able to see the attacks and respond as warranted.

Note the ISP's address for your router is referred to as your "Public IP" and should not be given to anyone. You can find your own public IP via online tools such as "What is my IP".

Here is a reference link with more information:

https://www.lifewire.com/what-is-private-ip-address-818...
m
0
l
April 27, 2017 3:06:40 PM

Ralston18 said:
How are you seeing/detecting the attacks?

Can you document the nature and scope of the attacks?

Start by contacting your ISP and reporting abuse.

If someone is targeting the ISP's address for your router then the ISP should be able to see the attacks and respond as warranted.

Note the ISP's address for your router is referred to as your "Public IP" and should not be given to anyone. You can find your own public IP via online tools such as "What is my IP".

Here is a reference link with more information:

https://www.lifewire.com/what-is-private-ip-address-818...


I am seeing them in my router's logs and in a product called Snort.

I have pages and pages of documents showing several hundreds of attack, which I gave to my ISP. They were very interested for days, and then the next day, I got an email that said, they were unwilling to help me since I was using a (Comcast approved) Netgear C-7000 modem/router.

I never have given out my IP to anyone, and the attacks come from hundreds of other IP addresses. It's never the same. I once saw an IP used more than once and used Whois. It traced it down to an address in the U.K. from some small subsidiary of Virgin Media. After filing an "Abuse of Internet" report with them, they believed they had found the culprit, but the attacks just kept going. Then they called me 2 days later and stated that his IP address had been spoofed to appear it was coming from him. They then told me to contact my ISP.

Again, I tried contacting them, and again, they adamantly refused to help.
m
0
l

Best solution

April 27, 2017 5:17:51 PM

From your post I infer that your ISP is Comcast - is that correct?

Try calling again and escalating the call. Try to get to someone who can help.

About the only thing that is left to do is to unplug your router for a awhile, stay offline, and hope that your ISP actually assigns you another public IP which would then be, or should be, unknown to the attacker(s).

Not using a modem or modem/router from your ISP means that they do not have to accept any responsibility for problems regarding that device.

And, being naturally cynical, it seems that your ISP has identified another way to encourage you to rent their devices.....

Share
May 4, 2017 9:15:17 PM

Try using OpenDNS or Google DNS. You'll have to go into your modem and switch the dns setting there instead of auto or whatever settings are in there.
m
0
l
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS