What does it mean that my router is getting a Teardrop DoS attack?

Screenshot is here:

formatting link

I just noticed that my router reports a constant barrage of hits from:

[DoS attack: Teardrop] attack packets in last 20 sec from ip [153.224.226.205], Friday, Apr 01,2016 19:58:28

Any idea what's going on?

Reply to
Clark Higgins
Loading thread data ...

Your provider knows.

Reply to
Sjouke Burry

Sure someone is trying to break and and own your router.

Reply to
William Unruh

From wikipedia:

formatting link

Teardrop attacks A teardrop attack involves sending mangled IP fragments with overlapping, over-sized payloads to the target machine. This can crash various operating systems because of a bug in their TCP/IP fragmentation re-assembly code. Windows 3.1x, Windows 95 and Windows NT operating systems, as well as versions of Linux prior to versions 2.0.32 and

2.1.63 are vulnerable to this attack.

(Although in September 2009, a vulnerability in Windows Vista was referred to as a "teardrop attack", this targeted SMB2 which is a higher layer than the TCP packets that teardrop used).

The attacker is trying to find old machines/routers which are vulnerable to the attack, or it's just a script-kiddy found an old script and now wants to be a hacker.

Reply to
J.O. Aho

You (Clark) could try to block that IP, as it seems to be coming from one only.

Reply to
Carlos E.R.

do you know anyone in japan?

``` $ whois 153.224.226.205 [ JPNIC database provides information regarding IP address and ASN. Its use ] [ is restricted to network administration purposes. For further information, ] [ use 'whois -h whois.nic.ad.jp help'. To only display English output, ] [ add '/e' at the end of command, e.g. 'whois -h whois.nic.ad.jp xxx/e'. ]

Network Information: a. [Network Number] 153.224.128.0/17 b. [Network Name] OCN g. [Organization] Open Computer Network m. [Administrative Contact] JP00009614 n. [Technical Contact] JP00009427 p. [Nameserver] ns-kg001.ocn.ad.jp p. [Nameserver] ns-kn001.ocn.ad.jp [Assigned Date] 2014/09/04 [Return Date] [Last Update] 2014/09/04 15:11:04(JST) Less Specific Info.

---------- NTT COMMUNICATIONS CORPORATION [Allocation] 153.128.0.0-153.253.255.255

More Specific Info.

---------- No match!! ```

Reply to
Johann Klammer

The fact that your router is reporting it means that your routers firewall is working. So no real panic.

However, if it still is going on, probably easiest to acquire a different IP address from your ISP connection. This may be as simple as restarting your router, but obviously if you have a static / sticky address then this won't apply.

Reply to
Adrian Caspersz

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.