DoS attack fom Berkley.edu???


log in

Advanced search

Questions and Answers : Getting started : DoS attack fom Berkley.edu???

Author Message
OWNER
Send message
Joined: 6 May 10
Posts: 1
Credit: 430,390
RAC: 0
United States
Message 1180406 - Posted: 24 Dec 2011, 9:11:52 UTC

from my router logs:

[DoS Attack: ACK Scan] from source: 208.68.240.18, port 80, Saturday, December 24,2011 00:42:29


there are a lot of them and tracert shows:

Tracing route to boinc2.ssl.berkeley.edu [208.68.240.18]
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms READYSHARE [192.168.1.1]
2 8 ms 5 ms 7 ms 10.28.0.1
3 53 ms 15 ms 6 ms 72.240.0.207
4 14 ms 15 ms 18 ms cer-edge-17.inet.qwest.net [208.47.34.193]
5 16 ms 14 ms 15 ms chp-brdr-04.inet.qwest.net [67.14.8.234]
6 14 ms 15 ms 15 ms te6-2-10G.ar3.chi2.gblx.net [208.178.58.137]
7 64 ms 78 ms 64 ms Hurrican-Electric-LLC.Port-channel100.ar3.SJC2.gblx.net [64.214.174.246]
8 71 ms 74 ms 74 ms 10gigabitethernet3-2.core1.pao1.he.net [72.52.92.69]
9 66 ms 75 ms 64 ms 64.71.140.42
10 106 ms 116 ms 107 ms 208.68.243.254
11 113 ms 106 ms 108 ms boinc2.ssl.berkeley.edu [208.68.240.18]


ANY IDEAS as to why my router rejects this?

blakey
Send message
Joined: 24 Dec 11
Posts: 2
Credit: 0
RAC: 0
Canada
Message 1180503 - Posted: 24 Dec 2011, 20:46:26 UTC - in response to Message 1180406.

does this cause any type of outage or you can't connect to a specific site? I've seen the [DoS Attack] come up in my logs and I don't think it's anything major

blakey
Send message
Joined: 24 Dec 11
Posts: 2
Credit: 0
RAC: 0
Canada
Message 1180505 - Posted: 24 Dec 2011, 20:48:13 UTC - in response to Message 1180406.

I also checked the IP on multiple DNSBLs and it comes up clean (unless it's a brand new threat)..


is not listed in bl.spamcop.net
is not listed in pbl.spamhaus.org
is not listed in cbl.abuseat.org
is not listed in IP.v4BL.org
is not listed in sbl.spamhaus.org
is not listed in xbl.spamhaus.org


source

Profile BilBg
Volunteer tester
Avatar
Send message
Joined: 27 May 07
Posts: 2894
Credit: 6,609,304
RAC: 7,896
Bulgaria
Message 1180655 - Posted: 25 Dec 2011, 17:13:54 UTC - in response to Message 1180406.

ANY IDEAS as to why my router rejects this?


The SETI@home Servers are:

208.68.240.13 download
208.68.240.16 upload
208.68.240.18 download
208.68.240.20 scheduler

They never contact your computer on their own,
only after your BOINC contacts them they (may) respond.

If the response is too late (connection dropped/timeout at your computer)
your router may think that this too late response is some kind of "attack".


____________



- ALF - "Find out what you don't do well ..... then don't do it!" :)

Questions and Answers : Getting started : DoS attack fom Berkley.edu???

Copyright © 2014 University of California