My router is reporting massive Syncflood attacks......

My internet connection has slowed to a snails pace, this is like using dialup@2400 baud. I checked my security logs to find outside IP addresses launching Syncflood attacks.

IN=vlan2 OUT=NONE src=120.132.4.36 DST=173.94.233.82 SPORT=35611 DPORT=1099 PROTO=TCP
IN=vlan2 OUT=NONE src=220.133.204.50 DST=173.94.233.82 SPORT=26983 DPORT=23 PROTO=TCP
IN=vlan2 OUT=NONE src=186.45.251.2 DST=173.94.233.82 SPORT=37454 DPORT=7547 PROTO=TCP
IN=vlan2 OUT=NONE src=80.82.65.66 DST=173.94.233.82 SPORT=57607 DPORT=7186 PROTO=TCP
IN=vlan2 OUT=NONE src=46.166.162.17 DST=173.94.233.82 SPORT=44824 DPORT=3393 PROTO=TCP
IN=vlan2 OUT=NONE src=14.164.184.122 DST=173.94.233.82 SPORT=9475 DPORT=5358 PROTO=TCP
IN=vlan2 OUT=NONE src=72.21.91.97 DST=173.94.233.82 SPORT=80 DPORT=59561 PROTO=TCP
IN=vlan2 OUT=NONE src=72.21.91.97 DST=173.94.233.82 SPORT=80 DPORT=59564 PROTO=TCP
IN=vlan2 OUT=NONE src=72.21.91.97 DST=173.94.233.82 SPORT=80 DPORT=59563 PROTO=TCP
IN=vlan2 OUT=NONE src=117.206.168.47 DST=173.94.233.82 SPORT=19707 DPORT=22 PROTO=TCP
IN=vlan2 OUT=NONE src=14.173.107.139 DST=173.94.233.82 SPORT=38378 DPORT=23 PROTO=TCP
IN=vlan2 OUT=NONE src=46.1.48.121 DST=173.94.233.82 SPORT=363 DPORT=7547 PROTO=TCP
IN=vlan2 OUT=NONE src=80.82.65.66 DST=173.94.233.82 SPORT=57607 DPORT=3474 PROTO=TCP
IN=vlan2 OUT=NONE src=80.82.65.66 DST=173.94.233.82 SPORT=57607 DPORT=3494 PROTO=TCP
Found Syncflood attack from 120.132.4.36 in port 1099 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 220.133.204.50 in port 23 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 186.45.251.2 in port 7547 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 80.82.65.66 in port 7186 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 46.166.162.17 in port 3393 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 14.164.184.122 in port 5358 => Fri Mar 17 12:10:18 2017

Found PortScanner attack from 72.21.91.97 in port 59561 => Fri Mar 17 12:10:18 2017

Found PortScanner attack from 72.21.91.97 in port 59564 => Fri Mar 17 12:10:18 2017

Found PortScanner attack from 72.21.91.97 in port 59563 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 117.206.168.47 in port 22 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 14.173.107.139 in port 23 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 46.1.48.121 in port 7547 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 80.82.65.66 in port 3474 => Fri Mar 17 12:10:18 2017

Found Syncflood attack from 80.82.65.66 in port 3494 => Fri Mar 17 12:10:18 2017

6 REPLIES

Re: My router is reporting massive Syncflood attacks......

HOW do I get this to stop and restore my internet speed?

Expert

Re: My router is reporting massive Syncflood attacks......

get rid of the virus or malware first...

 

Sharer

Re: My router is reporting massive Syncflood attacks......


lieutenantstarz wrote:

HOW do I get this to stop and restore my internet speed?


Unplug all your devices / disconnect then from your LAN.

 

Connect them back, one at a time, to see which one brings down the house.  When you find the guilty part (and it might be more than one device), you will need to take it off-line and sanitize it.

Re: My router is reporting massive Syncflood attacks......

Already done from clean USB boot disk, router and modem rebooted and it comes back every time.

Highlighted
Established Sharer

Re: My router is reporting massive Syncflood attacks......

First, you know your modem and probably your router are working correctly.  That's the part this particular peer-to-peer forum is here to support. 

Next, follow the advice you were given:  Run your computer's virus protection software and tell it to quarantine all suspicious files.  If you don't already use some sort of VPS, you were asking for trouble and it has found you.  I suggest you also run the free version of adwcleaner that is now part of MalwareBytes.  Again, tell it to quarantine everything it finds, then permanently delete those files.  Do the same with your USB drive to ensure you are not reinfecting from that source.  When you have finally eradicated the viruses, install a good antivirus package on each of your internet devices and use it regularly, if not continuously.  

You can use "whois" to figure out who is attacking you on each hostile IP address and from what part of the world, if you are interested.  Chances are that each is another infected computer whose owner is unaware of what's going on in the background. 

You can ask additional anti-virus questions and get more of the same advice from staff in the Antivirus & Internet Security  forum.

Expert

Re: My router is reporting massive Syncflood attacks......

inetnum:        117.203.0.0 - 117.207.255.255
netname:        BB-Multiplay
descr:          Broadband Multiplay Project, O/o DGM BB, NOC BSNL Bangalore
country:        IN
admin-c:        BH155-AP
tech-c:         DB374-AP
status:         ASSIGNED NON-PORTABLE
mnt-by:         MAINT-IN-DOT
mnt-irt:        IRT-BSNL-IN
changed:        hostmaster@bsnl.in 20141128
source:         APNIC

irt:            IRT-BSNL-IN
address:        Internet Cell
address:        Bharat Sanchar Nigam Limited
address:        8th Floor,148-B Statesman House
address:        Barakhamba Road, New Delhi - 110 001
e-mail:         abuse@bsnl.in
abuse-mailbox:  abuse@bsnl.in
admin-c:        NC83-AP
tech-c:         CGMD1-AP
auth:           # Filtered
mnt-by:         MAINT-IN-DOT
changed:        abuse@bsnl.in 20101111
changed:        hm-changed@apnic.net 20101112
source:         APNIC

person:         BSNL Hostmaster
nic-hdl:        BH155-AP
e-mail:         hostmaster@bsnl.in
address:        Broadband Networks
address:        Bharat Sanchar Nigam Limited
address:        2nd Floor, Telephone Exchange, Sector 62
address:        Noida
phone:          +91-120-2404243
fax-no:         +91-120-2404241
country:        IN
changed:        dnwplg@bsnl.in 20021108
mnt-by:         MAINT-IN-PER-DOT
source:         APNIC

person:         DGM Broadband
address:        BSNL NOC Bangalore
country:        IN
phone:          +91-080-25805800
fax-no:         +91-080-25800022
e-mail:         dnwplg@bsnl.in
nic-hdl:        DB374-AP
mnt-by:         MAINT-IN-PER-DOT
changed:        hostmaster@bsnl.in 20110218
source:         APNIC


route:          117.206.160.0/20
descr:          BSNL Internet
country:        IN
origin:         AS9829
mnt-lower:      MAINT-IN-DOT
mnt-routes:     MAINT-IN-DOT
mnt-by:         MAINT-IN-AS9829
changed:        dnw_jtotech@bsnl.in 20070914
source:         APNIC

 

NetRange:       72.21.80.0 - 72.21.95.255
CIDR:           72.21.80.0/20
NetName:        EDGECAST-NETBLK-01
NetHandle:      NET-72-21-80-0-1
Parent:         NET72 (NET-72-0-0-0-0)
NetType:        Direct Allocation
OriginAS:       AS15133
Organization:   MCI Communications Services, Inc. d/b/a Verizon Business (MCICS)
RegDate:        2007-04-23
Updated:        2016-07-28
Ref:            https://whois.arin.net/rest/net/NET-72-21-80-0-1



OrgName:        MCI Communications Services, Inc. d/b/a Verizon Business
OrgId:          MCICS
Address:        22001 Loudoun County Pkwy
City:           Ashburn
StateProv:      VA
PostalCode:     20147
Country:        US
RegDate:        2006-05-30
Updated:        2017-01-28
Ref:            https://whois.arin.net/rest/org/MCICS


OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName:   abuse
OrgAbusePhone:  +1-800-900-0241 
OrgAbuseEmail:  abuse-mail@verizonbusiness.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/ABUSE3-ARIN

OrgTechHandle: SWIPP9-ARIN
OrgTechName:   SWIPPER
OrgTechPhone:  +1-800-900-0241 
OrgTechEmail:  swipper@verizon.com
OrgTechRef:    https://whois.arin.net/rest/poc/SWIPP9-ARIN

OrgTechHandle: SWIPP-ARIN
OrgTechName:   swipper
OrgTechPhone:  +1-800-900-0241 
OrgTechEmail:  swipper@verizonbusiness.com
OrgTechRef:    https://whois.arin.net/rest/poc/SWIPP-ARIN

OrgNOCHandle: OA12-ARIN
OrgNOCName:   UUnet Technologies, Inc., Technologies 
OrgNOCPhone:  +1-800-900-0241 
OrgNOCEmail:  help4u@verizonbusiness.com
OrgNOCRef:    https://whois.arin.net/rest/poc/OA12-ARIN

 

IP address:46.166.162.17
hostname:hst-46-166-162-17.balticservers.eu
ISP:Uab Duomenu Centras
Organization:Dedicated servers
Country:Lithuania (LT) flag
latitude:56
longitude:24
inetnum:        46.166.162.0 - 46.166.162.255
netname:        BALTICSERVERS-LT-DEDICATED
descr:          Dedicated servers
country:        LT
admin-c:        MS33333-RIPE
tech-c:         MS33333-RIPE
status:         ASSIGNED PA
mnt-by:         DUOMENUCENTRAS-MNT
created:        2014-03-27T12:23:39Z
last-modified:  2014-03-27T12:23:39Z
source:         RIPE