subject:"Re\: \[Mikrotik\] DoS attack\: Smurf attack from customer's CPE address"

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-04 Thread Robert Andrews

Very well might be that the router has been compromised...

On 10/04/2014 08:42 AM, RickG wrote:
> Ya, strange, he attempts to update the router but it fails.
> 
> On Sat, Oct 4, 2014 at 8:57 AM, Mike Hammett 
> wrote:
> 
>> He can't update it or there isn't an update available?
>>
>>
>>
>>
>> -
>> Mike Hammett
>> Intelligent Computing Solutions
>> http://www.ics-il.com
>>
>> - Original Message -
>>
>> From: "RickG" 
>> To: "Mikrotik discussions" 
>> Sent: Friday, October 3, 2014 10:31:33 PM
>> Subject: Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE
>> address
>>
>> Interesting. He says he cannot update the firmware on his router (ASUS
>> RT-N16). I found this on ASUS' support page:
>> http://www.asus.com/support/FAQ/1007348/ so I told him to reset his router
>> and try again
>>
>> On Fri, Oct 3, 2014 at 10:58 PM, Bill Prince <
>> part...@skylinebroadbandservice.com> wrote:
>>
>>> We recently had an incident with a Dlink router participating with a DDoS
>>> attack. All the outgoing traffic was on port 1900, so it made it easy to
>>> identify. Firmware upgrade fixed it.
>>>
>>> bp
>>>
>>>
>>> On 10/3/2014 7:38 PM, RickG wrote:
>>>
>>>> I've got a customer complaining about intermittent speed issues and
>> short
>>>> cut off's on his connection. My MT box shows he has a high connection
>>>> rate.
>>>> I also noticed in the logs on my Netgear router that his IP shows with
>> the
>>>> following message: [DoS attack: Smurf] attack packets in last 20 sec
>> from
>>>> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
>>>> I assume he has a virus but he says he has run virus scans on all his
>>>> computers and devices. I'm not sure what to tell him next. Any ideas?
>>>> -- next part --
>>>> An HTML attachment was scrubbed...
>>>> URL: <http://mail.butchevans.com/pipermail/mikrotik/
>>>> attachments/20141003/74df16e8/attachment.html>
>>>> ___
>>>> Mikrotik mailing list
>>>> Mikrotik@mail.butchevans.com
>>>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>>>
>>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>>> RouterOS
>>>>
>>>>
>>> ___
>>> Mikrotik mailing list
>>> Mikrotik@mail.butchevans.com
>>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>>
>>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>>> RouterOS
>>>
>>
>>
>>
>> --
>> -RickG KyWiFi
>> -- next part --
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/6dfc3ea1/attachment.html
>>>
>> ___
>> Mikrotik mailing list
>> Mikrotik@mail.butchevans.com
>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
>> -- next part --
>> An HTML attachment was scrubbed...
>> URL: <
>> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141004/a55a0bcd/attachment.html
>>>
>> ___
>> Mikrotik mailing list
>> Mikrotik@mail.butchevans.com
>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
> 
> 
> 
___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-04 Thread RickG

Ya, strange, he attempts to update the router but it fails.

On Sat, Oct 4, 2014 at 8:57 AM, Mike Hammett 
wrote:

> He can't update it or there isn't an update available?
>
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> - Original Message -
>
> From: "RickG" 
> To: "Mikrotik discussions" 
> Sent: Friday, October 3, 2014 10:31:33 PM
> Subject: Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE
> address
>
> Interesting. He says he cannot update the firmware on his router (ASUS
> RT-N16). I found this on ASUS' support page:
> http://www.asus.com/support/FAQ/1007348/ so I told him to reset his router
> and try again
>
> On Fri, Oct 3, 2014 at 10:58 PM, Bill Prince <
> part...@skylinebroadbandservice.com> wrote:
>
> > We recently had an incident with a Dlink router participating with a DDoS
> > attack. All the outgoing traffic was on port 1900, so it made it easy to
> > identify. Firmware upgrade fixed it.
> >
> > bp
> >
> >
> > On 10/3/2014 7:38 PM, RickG wrote:
> >
> >> I've got a customer complaining about intermittent speed issues and
> short
> >> cut off's on his connection. My MT box shows he has a high connection
> >> rate.
> >> I also noticed in the logs on my Netgear router that his IP shows with
> the
> >> following message: [DoS attack: Smurf] attack packets in last 20 sec
> from
> >> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
> >> I assume he has a virus but he says he has run virus scans on all his
> >> computers and devices. I'm not sure what to tell him next. Any ideas?
> >> -- next part --
> >> An HTML attachment was scrubbed...
> >> URL: <http://mail.butchevans.com/pipermail/mikrotik/
> >> attachments/20141003/74df16e8/attachment.html>
> >> ___
> >> Mikrotik mailing list
> >> Mikrotik@mail.butchevans.com
> >> http://mail.butchevans.com/mailman/listinfo/mikrotik
> >>
> >> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> >> RouterOS
> >>
> >>
> > ___
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> > RouterOS
> >
>
>
>
> --
> -RickG KyWiFi
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/6dfc3ea1/attachment.html
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141004/a55a0bcd/attachment.html
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>



-- 
-RickG KyWiFi
-- next part --
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20141004/3bc414ee/attachment.html>
___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-04 Thread Mike Hammett

He can't update it or there isn't an update available? 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 

- Original Message -

From: "RickG"  
To: "Mikrotik discussions"  
Sent: Friday, October 3, 2014 10:31:33 PM 
Subject: Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address 

Interesting. He says he cannot update the firmware on his router (ASUS 
RT-N16). I found this on ASUS' support page: 
http://www.asus.com/support/FAQ/1007348/ so I told him to reset his router 
and try again 

On Fri, Oct 3, 2014 at 10:58 PM, Bill Prince < 
part...@skylinebroadbandservice.com> wrote: 

> We recently had an incident with a Dlink router participating with a DDoS 
> attack. All the outgoing traffic was on port 1900, so it made it easy to 
> identify. Firmware upgrade fixed it. 
> 
> bp 
> 
> 
> On 10/3/2014 7:38 PM, RickG wrote: 
> 
>> I've got a customer complaining about intermittent speed issues and short 
>> cut off's on his connection. My MT box shows he has a high connection 
>> rate. 
>> I also noticed in the logs on my Netgear router that his IP shows with the 
>> following message: [DoS attack: Smurf] attack packets in last 20 sec from 
>> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51 
>> I assume he has a virus but he says he has run virus scans on all his 
>> computers and devices. I'm not sure what to tell him next. Any ideas? 
>> -- next part -- 
>> An HTML attachment was scrubbed... 
>> URL: <http://mail.butchevans.com/pipermail/mikrotik/ 
>> attachments/20141003/74df16e8/attachment.html> 
>> ___ 
>> Mikrotik mailing list 
>> Mikrotik@mail.butchevans.com 
>> http://mail.butchevans.com/mailman/listinfo/mikrotik 
>> 
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik 
>> RouterOS 
>> 
>> 
> ___ 
> Mikrotik mailing list 
> Mikrotik@mail.butchevans.com 
> http://mail.butchevans.com/mailman/listinfo/mikrotik 
> 
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik 
> RouterOS 
> 



-- 
-RickG KyWiFi 
-- next part -- 
An HTML attachment was scrubbed... 
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/6dfc3ea1/attachment.html>
 
___ 
Mikrotik mailing list 
Mikrotik@mail.butchevans.com 
http://mail.butchevans.com/mailman/listinfo/mikrotik 

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS 

-- next part --
An HTML attachment was scrubbed...
URL: 
<http://mail.butchevans.com/pipermail/mikrotik/attachments/20141004/a55a0bcd/attachment.html>
___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread RickG

Interesting. He says he cannot update the firmware on his router (ASUS
RT-N16). I found this on ASUS' support page:
http://www.asus.com/support/FAQ/1007348/ so I told him to reset his router
and try again

On Fri, Oct 3, 2014 at 10:58 PM, Bill Prince <
part...@skylinebroadbandservice.com> wrote:

> We recently had an incident with a Dlink router participating with a DDoS
> attack.  All the outgoing traffic was on port 1900, so it made it easy to
> identify. Firmware upgrade fixed it.
>
> bp
>
>
> On 10/3/2014 7:38 PM, RickG wrote:
>
>> I've got a customer complaining about intermittent speed issues and short
>> cut off's on his connection. My MT box shows he has a high connection
>> rate.
>> I also noticed in the logs on my Netgear router that his IP shows with the
>> following message: [DoS attack: Smurf] attack packets in last 20 sec from
>> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
>> I assume he has a virus but he says he has run virus scans on all his
>> computers and devices. I'm not sure what to tell him next. Any ideas?
>> -- next part --
>> An HTML attachment was scrubbed...
>> URL: > attachments/20141003/74df16e8/attachment.html>
>> ___
>> Mikrotik mailing list
>> Mikrotik@mail.butchevans.com
>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
>>
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>



-- 
-RickG KyWiFi
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread RickG

Nothing unusual on torch however I notice his complaints are durign the day
when he is online using his vpn. I'm going to inquire more about that and
have him upgrade his firmware on the router if an upgrade is available.

On Fri, Oct 3, 2014 at 10:58 PM, Bill Prince <
part...@skylinebroadbandservice.com> wrote:

> We recently had an incident with a Dlink router participating with a DDoS
> attack.  All the outgoing traffic was on port 1900, so it made it easy to
> identify. Firmware upgrade fixed it.
>
> bp
>
>
> On 10/3/2014 7:38 PM, RickG wrote:
>
>> I've got a customer complaining about intermittent speed issues and short
>> cut off's on his connection. My MT box shows he has a high connection
>> rate.
>> I also noticed in the logs on my Netgear router that his IP shows with the
>> following message: [DoS attack: Smurf] attack packets in last 20 sec from
>> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
>> I assume he has a virus but he says he has run virus scans on all his
>> computers and devices. I'm not sure what to tell him next. Any ideas?
>> -- next part --
>> An HTML attachment was scrubbed...
>> URL: > attachments/20141003/74df16e8/attachment.html>
>> ___
>> Mikrotik mailing list
>> Mikrotik@mail.butchevans.com
>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
>>
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>



-- 
-RickG KyWiFi
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread RickG

I'll torch his IP and see whats coming out of it.

On Fri, Oct 3, 2014 at 10:58 PM, Bill Prince <
part...@skylinebroadbandservice.com> wrote:

> We recently had an incident with a Dlink router participating with a DDoS
> attack.  All the outgoing traffic was on port 1900, so it made it easy to
> identify. Firmware upgrade fixed it.
>
> bp
>
>
> On 10/3/2014 7:38 PM, RickG wrote:
>
>> I've got a customer complaining about intermittent speed issues and short
>> cut off's on his connection. My MT box shows he has a high connection
>> rate.
>> I also noticed in the logs on my Netgear router that his IP shows with the
>> following message: [DoS attack: Smurf] attack packets in last 20 sec from
>> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
>> I assume he has a virus but he says he has run virus scans on all his
>> computers and devices. I'm not sure what to tell him next. Any ideas?
>> -- next part --
>> An HTML attachment was scrubbed...
>> URL: > attachments/20141003/74df16e8/attachment.html>
>> ___
>> Mikrotik mailing list
>> Mikrotik@mail.butchevans.com
>> http://mail.butchevans.com/mailman/listinfo/mikrotik
>>
>> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
>> RouterOS
>>
>>
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>



-- 
-RickG KyWiFi
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread RickG

Since all my CPE are in router mode and on private non-routable addresses,
I dont understand how his CPE IP can be spoofed.

On Fri, Oct 3, 2014 at 10:59 PM, Grand Avenue Broadband <
grandav...@grandavebb.com> wrote:

> Smurf attack is someone spoofing a victim's source address in a broadcast
> packet so as to have everybody on the network gang-bang him with
> responses.  The guy who has all the traffic is the victim, not the perp.
>
> When your Netgear router reports that the packets are coming "from"
> 10.10.45.103, you first need to know whether the address it is reporting is
> the spoofed address (victim) or the actual address (perp).  If it's the
> victim, the Netgear isn't telling you what you need to know to stop the
> abuse.
>
> Best option is to configure your router to turn off forwarding of directed
> broadcasts (https://www.nordu.net/articles/smurf.html).
>
> On Oct 3, 2014, at 7:38 PM, RickG  wrote:
>
> > I've got a customer complaining about intermittent speed issues and short
> > cut off's on his connection. My MT box shows he has a high connection
> rate.
> > I also noticed in the logs on my Netgear router that his IP shows with
> the
> > following message: [DoS attack: Smurf] attack packets in last 20 sec from
> > ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
> > I assume he has a virus but he says he has run virus scans on all his
> > computers and devices. I'm not sure what to tell him next. Any ideas?
> > -- next part --
> > An HTML attachment was scrubbed...
> > URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/74df16e8/attachment.html
> >
> > ___
> > Mikrotik mailing list
> > Mikrotik@mail.butchevans.com
> > http://mail.butchevans.com/mailman/listinfo/mikrotik
> >
> > Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>



-- 
-RickG KyWiFi
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread RickG

He doesnt have any kids. I suspect a trojan or malware. I notice that his
CPE LAN port is receiving a lot more traffic outbound than his WAN port is
transmitting. I'm guessing the packets are hitting the CPE (in router mode)
from his inside network and have no where to go?

On Fri, Oct 3, 2014 at 10:45 PM, Terri Kelley 
wrote:

> Have had some similar either file sharing or virus. Showed them a graph of
> their use. Can't really argue with that. Sometimes turns out to be one of
> the kids doing something.
>
> Terri Kelley
> Network Engineer
> Farm to Market Broadband
>
> -Original Message-
> From: RickG 
> To: Mikrotik discussions 
> Sent: Fri, 03 Oct 2014 9:39 PM
> Subject: [Mikrotik] DoS attack: Smurf attack from customer's CPE address
>
> I've got a customer complaining about intermittent speed issues and short
> cut off's on his connection. My MT box shows he has a high connection rate.
> I also noticed in the logs on my Netgear router that his IP shows with the
> following message: [DoS attack: Smurf] attack packets in last 20 sec from
> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
> I assume he has a virus but he says he has run virus scans on all his
> computers and devices. I'm not sure what to tell him next. Any ideas?
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/74df16e8/attachment.html
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
> -- next part --
> An HTML attachment was scrubbed...
> URL: <
> http://mail.butchevans.com/pipermail/mikrotik/attachments/20141003/90cef9da/attachment.html
> >
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik
> RouterOS
>



-- 
-RickG KyWiFi
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread Bill Prince

We recently had an incident with a Dlink router participating with a 
DDoS attack.  All the outgoing traffic was on port 1900, so it made it 
easy to identify. Firmware upgrade fixed it.


bp

On 10/3/2014 7:38 PM, RickG wrote:

I've got a customer complaining about intermittent speed issues and short
cut off's on his connection. My MT box shows he has a high connection rate.
I also noticed in the logs on my Netgear router that his IP shows with the
following message: [DoS attack: Smurf] attack packets in last 20 sec from
ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
I assume he has a virus but he says he has run virus scans on all his
computers and devices. I'm not sure what to tell him next. Any ideas?
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS



___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread Grand Avenue Broadband

Smurf attack is someone spoofing a victim’s source address in a broadcast 
packet so as to have everybody on the network gang-bang him with responses.  
The guy who has all the traffic is the victim, not the perp.

When your Netgear router reports that the packets are coming “from” 
10.10.45.103, you first need to know whether the address it is reporting is the 
spoofed address (victim) or the actual address (perp).  If it’s the victim, the 
Netgear isn’t telling you what you need to know to stop the abuse.  

Best option is to configure your router to turn off forwarding of directed 
broadcasts (https://www.nordu.net/articles/smurf.html).

On Oct 3, 2014, at 7:38 PM, RickG  wrote:

> I've got a customer complaining about intermittent speed issues and short
> cut off's on his connection. My MT box shows he has a high connection rate.
> I also noticed in the logs on my Netgear router that his IP shows with the
> following message: [DoS attack: Smurf] attack packets in last 20 sec from
> ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
> I assume he has a virus but he says he has run virus scans on all his
> computers and devices. I'm not sure what to tell him next. Any ideas?
> -- next part --
> An HTML attachment was scrubbed...
> URL: 
> 
> ___
> Mikrotik mailing list
> Mikrotik@mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
> 
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

2014-10-03 Thread Terri Kelley

Have had some similar either file sharing or virus. Showed them a graph of 
their use. Can't really argue with that. Sometimes turns out to be one of the 
kids doing something.

Terri Kelley
Network Engineer
Farm to Market Broadband

-Original Message-
From: RickG 
To: Mikrotik discussions 
Sent: Fri, 03 Oct 2014 9:39 PM
Subject: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

I've got a customer complaining about intermittent speed issues and short
cut off's on his connection. My MT box shows he has a high connection rate.
I also noticed in the logs on my Netgear router that his IP shows with the
following message: [DoS attack: Smurf] attack packets in last 20 sec from
ip [10.10.45.103], Friday, Oct 03,2014 16:05:51
I assume he has a virus but he says he has run virus scans on all his
computers and devices. I'm not sure what to tell him next. Any ideas?
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
-- next part --
An HTML attachment was scrubbed...
URL: 

___
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik

Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

Re: [Mikrotik] DoS attack: Smurf attack from customer's CPE address

11 matches

Site Navigation

Mail list logo

Footer information