Jump to content
Sign in to follow this  
zeroality

router being attacked, slowing down my internet - help

Recommended Posts

This is ongoing 24 hours a day. It is seriously impacting my internet speed. I know I can't stop the attacks, but is there a way to filter them so they don't interfere with my connection?

 

Here is a snippet from my router log:

 

INF    2018-04-19T17:58:23-07:00    fw,fwmon    src=122.146.178.34 dst=xx.xx.xx.xx ipprot=6 sport=45816 dport=1433 Telnet Dropped
INF    2018-04-19T17:58:23-07:00    fw,fwmon    src=122.146.178.34 dst=xx.xx.xx.xx ipprot=6 sport=45816 dport=1433 Telnet Dropped
INF    2018-04-19T17:58:05-07:00    fw,fwmon    src=196.52.43.113 dst=xx.xx.xx.xx ipprot=6 sport=6666 dport=143 Telnet Dropped
INF    2018-04-19T17:58:05-07:00    fw,fwmon    src=196.52.43.113 dst=xx.xx.xx.xx ipprot=6 sport=6666 dport=143 Telnet Dropped
INF    2018-04-19T17:57:10-07:00    fw,fwmon    src=191.209.2.63 dst=xx.xx.xx.xx ipprot=6 sport=41874 dport=2000 Telnet Dropped
INF    2018-04-19T17:57:10-07:00    fw,fwmon    src=191.209.2.63 dst=xx.xx.xx.xx ipprot=6 sport=41874 dport=2000 Telnet Dropped
INF    2018-04-19T17:56:28-07:00    fw,fwmon    src=123.108.186.164 dst=xx.xx.xx.xx ipprot=6 sport=54251 dport=23 Telnet Dropped
INF    2018-04-19T17:56:28-07:00    fw,fwmon    src=123.108.186.164 dst=xx.xx.xx.xx ipprot=6 sport=54251 dport=23 Telnet Dropped
INF    2018-04-19T17:55:00-07:00    fw,fwmon    src=185.153.198.196 dst=xx.xx.xx.xx ipprot=6 sport=45881 dport=9356 Telnet Dropped
INF    2018-04-19T17:55:00-07:00    fw,fwmon    src=185.153.198.196 dst=xx.xx.xx.xx ipprot=6 sport=45881 dport=9356 Telnet Dropped
INF    2018-04-19T17:53:28-07:00    fw,fwmon    src=185.222.211.36 dst=xx.xx.xx.xx ipprot=6 sport=50938 dport=10639 Telnet Dropped
INF    2018-04-19T17:53:28-07:00    fw,fwmon    src=185.222.211.36 dst=xx.xx.xx.xx ipprot=6 sport=50938 dport=10639 Telnet Dropped
INF    2018-04-19T17:53:27-07:00    fw,fwmon    src=179.106.102.95 dst=xx.xx.xx.xx ipprot=6 sport=48868 dport=2000 Telnet Dropped
INF    2018-04-19T17:53:27-07:00    fw,fwmon    src=179.106.102.95 dst=xx.xx.xx.xx ipprot=6 sport=48868 dport=2000 Telnet Dropped
INF    2018-04-19T17:53:17-07:00    fw,fwmon    src=194.28.112.49 dst=xx.xx.xx.xx ipprot=6 sport=41793 dport=5059 Telnet Dropped
INF    2018-04-19T17:53:17-07:00    fw,fwmon    src=194.28.112.49 dst=xx.xx.xx.xx ipprot=6 sport=41793 dport=5059 Telnet Dropped
INF    2018-04-19T17:53:16-07:00    fw,fwmon    src=77.72.82.103 dst=xx.xx.xx.xx ipprot=6 sport=41758 dport=5565 Telnet Dropped
INF    2018-04-19T17:53:16-07:00    fw,fwmon    src=77.72.82.103 dst=xx.xx.xx.xx ipprot=6 sport=41758 dport=5565 Telnet Dropped
INF    2018-04-19T17:52:04-07:00    fw,fwmon    src=5.188.11.89 dst=xx.xx.xx.xx ipprot=6 sport=50521 dport=26104 Telnet Dropped
INF    2018-04-19T17:52:04-07:00    fw,fwmon    src=5.188.11.89 dst=xx.xx.xx.xx ipprot=6 sport=50521 dport=26104 Telnet Dropped
INF    2018-04-19T17:51:10-07:00    fw,fwmon    src=94.177.177.213 dst=xx.xx.xx.xx ipprot=6 sport=54547 dport=20220 Telnet Dropped
INF    2018-04-19T17:51:10-07:00    fw,fwmon    src=94.177.177.213 dst=xx.xx.xx.xx ipprot=6 sport=54547 dport=20220 Telnet Dropped
INF    2018-04-19T17:50:23-07:00    fw,fwmon    src=130.204.147.173 dst=xx.xx.xx.xx ipprot=6 sport=28241 dport=23 Telnet Dropped
INF    2018-04-19T17:50:23-07:00    fw,fwmon    src=130.204.147.173 dst=xx.xx.xx.xx ipprot=6 sport=28241 dport=23 Telnet Dropped

Share this post


Link to post
Share on other sites

I don't think there's a lot you can do locally; apart from ensure your router firmware is update and you have a good firewall inplace.

Might be worth talking to your ISP.

Share this post


Link to post
Share on other sites

usually you have a dynamic ip address provided by your isp, so simply turning off your router and then restarting it means your isp will automatically issue you with a new ip address which is different from the one being attacked. this should then solve the problem.

Share this post


Link to post
Share on other sites
17 minutes ago, terry1966 said:

usually you have a dynamic ip address provided by your isp, so simply turning off your router and then restarting it means your isp will automatically issue you with a new ip address which is different from the one being attacked. this should then solve the problem.
 

 

:tup:

 

Didn't even think of that!!

Share this post


Link to post
Share on other sites

Hi all, I hadn't given this another thought as internet stopped being slow. But now it is unbearable again.

 

I could paste another log but it's similar to the one above. Restarting router does not seem to work, the attacks always start again shortly after.

Either a computer is compromised or the router is. How do I find out which? I can already rule out mine at least. It's either the win8 laptop my roomate uses or the router.

Edited by zeroality

Share this post


Link to post
Share on other sites

Well, as fortune would have it, the ethernet ports on the gateway blew out. It was really strange, ethernet wouldn't work but wifi was still chugging along.

 

Anyway got a new one and so far seems clear - must have been the router that was compromised. Strange, can't imagine how that could have happened.

I miss the old PC pitstop forums, back in the early aughts I would've had a dozen answers/solutions posted here. RIP all things must pass I guess.

Share this post


Link to post
Share on other sites

sorry haven't replied earlier but to be honest your first log doesn't look that bad to me, there's nothing there i'd say was a concentrated attack, or anything that would slow down your internet connection in my opinion.

so if restarting the router never fixed the issues then i'd guess the problem would be that some other device was connecting to your network and taking up most of the bandwidth causing your pc to have a slow internet.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×