Router access and attacks

September 12, 2011 at 16:47:29
Specs: Windows Vista, Intel Core 2 Quad CPU 2.50GHz/6gigs
I have a netgear router and recently we've been getting huge lag spikes and disconnects, when I checked the router log it seems all this crazy stuff happens right when we get the disconnects and lag but I'm not really sure what it means. Hoping someone could help me out with this thing

[DoS Attack: RST Scan] from source: 71.3.226.96, port 16556, Monday, September 12,2011 08:33:51
[DoS Attack: RST Scan] from source: 217.121.136.31, port 58352, Monday, September 12,2011 08:28:53
[DoS Attack: RST Scan] from source: 71.3.226.96, port 13901, Monday, September 12,2011 08:28:17
[DoS Attack: RST Scan] from source: 71.3.226.96, port 12977, Monday, September 12,2011 08:26:41
[DoS Attack: RST Scan] from source: 217.121.136.31, port 57818, Monday, September 12,2011 08:24:00
[DoS Attack: RST Scan] from source: 217.121.136.31, port 57673, Monday, September 12,2011 08:22:16
[LAN access from remote] from 169.226.216.190:58989 to 192.168.1.5:49408, Monday, September 12,2011 08:15:49
[LAN access from remote] from 85.250.128.217:53354 to 192.168.1.5:49408, Monday, September 12,2011 08:15:41
[DoS Attack: RST Scan] from source: 82.171.61.24, port 21951, Monday, September 12,2011 08:14:49
[LAN access from remote] from 124.171.199.183:60339 to 192.168.1.5:49408, Monday, September 12,2011 08:14:10
[LAN access from remote] from 83.163.239.52:55921 to 192.168.1.5:49408, Monday, September 12,2011 08:13:08
[LAN access from remote] from 89.112.5.130:18521 to 192.168.1.5:49408, Monday, September 12,2011 08:12:55
[LAN access from remote] from 92.53.18.20:62759 to 192.168.1.5:49408, Monday, September 12,2011 08:12:05
[LAN access from remote] from 213.46.198.92:60167 to 192.168.1.5:49408, Monday, September 12,2011 08:11:34
[LAN access from remote] from 109.237.116.210:53747 to 192.168.1.5:49408, Monday, September 12,2011 08:10:17
[DoS Attack: RST Scan] from source: 80.213.119.112, port 13497, Monday, September 12,2011 08:10:07
[LAN access from remote] from 92.32.21.227:54244 to 192.168.1.5:49408, Monday, September 12,2011 08:09:39
[DoS Attack: RST Scan] from source: 82.171.61.24, port 21017, Monday, September 12,2011 08:09:25
[LAN access from remote] from 77.168.240.141:55286 to 192.168.1.5:49408, Monday, September 12,2011 08:09:20
[LAN access from remote] from 93.139.147.232:62281 to 192.168.1.5:49408, Monday, September 12,2011 08:08:36
[LAN access from remote] from 65.92.214.176:49719 to 192.168.1.5:49408, Monday, September 12,2011 08:07:26
[LAN access from remote] from 85.250.128.217:53354 to 192.168.1.5:49408, Monday, September 12,2011 08:06:54
[LAN access from remote] from 124.171.199.183:60339 to 192.168.1.5:49408, Monday, September 12,2011 08:06:33
[LAN access from remote] from 190.183.84.195:52461 to 192.168.1.5:49408, Monday, September 12,2011 08:06:26
[LAN access from remote] from 77.168.240.141:54242 to 192.168.1.5:49408, Monday, September 12,2011 08:06:03
[DoS Attack: RST Scan] from source: 82.171.61.24, port 20252, Monday, September 12,2011 08:05:52
[LAN access from remote] from 112.198.64.49:36103 to 192.168.1.5:49408, Monday, September 12,2011 08:05:44
[DoS Attack: RST Scan] from source: 80.213.119.112, port 12650, Monday, September 12,2011 08:05:04


See More: Router access and attacks

Report •


#1
September 13, 2011 at 05:00:37
The DoS stand for denial of service. That means your network is being attacked. The attacks are coming from many difference places, New york, Montana & the Netherlands, just to name a few.

Do you have any enemies?

How do you know when a politician is lying? His mouth is moving.


Report •

#2
September 13, 2011 at 11:29:05
No, I don't really use the computer for much but playing video games and studying. I'm guessing the fact that my router is showing me warnings means that it's blocking the people trying to get in. What really worries me is the [LAN access from remote] thing, does that mean all those different IP addresses are accessing my computer? I don't even know what they're doing on my computer since I don't seem to have any viruses or anything, just random disconnects.

Report •

#3
September 13, 2011 at 12:05:09
What really worries me is the [LAN access from remote] thing, does that mean all those different IP addresses are accessing my computer?

You mention playing video games on your computer. Is there any chance you're running some sort of game server that other people are connecting to? All instances point to the exact same destination (192.168.1.5:49408)

It matters not how straight the gate,
How charged with punishments the scroll,
I am the master of my fate;
I am the captain of my soul.

***William Henley***


Report •

Related Solutions

#4
September 13, 2011 at 13:02:57
Nope, we connect to game servers though. We play Rift and LotRO. But we always play on our two PCs. I just checked and that destination is the IP address of my boyfriend's laptop, which is usually idling in the den when we're playing. Not sure what the 49408 after the IP address means though.

Report •

#5
September 13, 2011 at 16:15:42
49408 is the port number that's being used by that IP address. Reboot the PC. Don't open any windows except a command prompt. Start, run, type cmd & press enter. At the prompt type:
netstat -an

Post the output here. It's easier than me trying to explain it.

How do you know when a politician is lying? His mouth is moving.


Report •

#6
September 13, 2011 at 23:54:56
Okay, I didn't know if it matters which computer it's from, so this is the one from his laptop

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5357 127.0.0.1:49163 TIME_WAIT
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 127.0.0.1:49161 ESTABLISHED
TCP 127.0.0.1:49161 127.0.0.1:27015 ESTABLISHED
TCP 192.168.1.5:139 0.0.0.0:0 LISTENING
TCP 192.168.1.5:49157 64.4.18.90:80 TIME_WAIT
TCP 192.168.1.5:49158 184.84.220.64:80 ESTABLISHED
TCP 192.168.1.5:49159 74.204.71.160:80 ESTABLISHED
TCP 192.168.1.5:49162 192.168.1.6:3910 SYN_SENT
TCP 192.168.1.5:49164 192.168.1.4:2869 TIME_WAIT
TCP 192.168.1.5:49165 192.168.1.4:2869 ESTABLISHED
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49156 [::]:0 LISTENING
TCP [::1]:2869 [::1]:49166 TIME_WAIT
TCP [::1]:2869 [::1]:49167 ESTABLISHED
TCP [::1]:49167 [::1]:2869 ESTABLISHED
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:49154 *:*
UDP 0.0.0.0:49156 *:*
UDP 0.0.0.0:55695 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49152 *:*
UDP 127.0.0.1:49153 *:*
UDP 127.0.0.1:55693 *:*
UDP 127.0.0.1:55694 *:*
UDP 127.0.0.1:55700 *:*
UDP 127.0.0.1:58515 *:*
UDP 192.168.1.5:137 *:*
UDP 192.168.1.5:138 *:*
UDP 192.168.1.5:1900 *:*
UDP 192.168.1.5:5353 *:*
UDP 192.168.1.5:55699 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:49155 *:*
UDP [::]:49157 *:*
UDP [::]:55696 *:*
UDP [::1]:1900 *:*
UDP [::1]:5353 *:*
UDP [::1]:55698 *:*
UDP [fe80::9478:bb09:6abb:b65e%10]:546 *:*
UDP [fe80::9478:bb09:6abb:b65e%10]:1900 *:*
UDP [fe80::9478:bb09:6abb:b65e%10]:55697 *:*


Report •

#7
September 13, 2011 at 23:55:21
This is the one from my computer

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:554 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING
TCP 0.0.0.0:10243 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49157 0.0.0.0:0 LISTENING
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING
TCP 127.0.0.1:27015 127.0.0.1:49161 ESTABLISHED
TCP 127.0.0.1:49161 127.0.0.1:27015 ESTABLISHED
TCP 192.168.1.4:139 0.0.0.0:0 LISTENING
TCP 192.168.1.4:49171 70.38.25.71:80 CLOSE_WAIT
TCP [::]:135 [::]:0 LISTENING
TCP [::]:445 [::]:0 LISTENING
TCP [::]:554 [::]:0 LISTENING
TCP [::]:2869 [::]:0 LISTENING
TCP [::]:5357 [::]:0 LISTENING
TCP [::]:10243 [::]:0 LISTENING
TCP [::]:49152 [::]:0 LISTENING
TCP [::]:49153 [::]:0 LISTENING
TCP [::]:49154 [::]:0 LISTENING
TCP [::]:49155 [::]:0 LISTENING
TCP [::]:49157 [::]:0 LISTENING
TCP [fe80::ccf5:10c9:19ee:24a%15]:2869 [fe80::9478:bb09:6abb:b65e%15]:4927
3 ESTABLISHED
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5004 *:*
UDP 0.0.0.0:5005 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:55902 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:54638 *:*
UDP 127.0.0.1:54639 *:*
UDP 127.0.0.1:55900 *:*
UDP 127.0.0.1:55901 *:*
UDP 127.0.0.1:64576 *:*
UDP 192.168.1.4:137 *:*
UDP 192.168.1.4:138 *:*
UDP 192.168.1.4:1900 *:*
UDP 192.168.1.4:5353 *:*
UDP 192.168.1.4:64575 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:5004 *:*
UDP [::]:5005 *:*
UDP [::]:5355 *:*
UDP [::]:55903 *:*
UDP [::1]:1900 *:*
UDP [::1]:5353 *:*
UDP [::1]:64573 *:*
UDP [fe80::28b0:28b9:3f57:fefb%10]:1900 *:*
UDP [fe80::28b0:28b9:3f57:fefb%10]:64574 *:*
UDP [fe80::ccf5:10c9:19ee:24a%15]:1900 *:*
UDP [fe80::ccf5:10c9:19ee:24a%15]:64572 *:*


Report •

#8
September 14, 2011 at 04:14:37
I just looked more closely at the original post & Curt is 100% correct. That remote connection to 192.168.1.5 (his laptop) on port 49408, does not belong there. That machine needs to be cleaned.

Download, install, update & run anti malware from malwarebytes.org

How do you know when a politician is lying? His mouth is moving.


Report •


Ask Question