PDA

View Full Version : Router constantly getting SYN flood and fragmentation attacks



Angsty
6th April 2009, 10:27 PM
OK team, I seek your assistance and guidance.

My router (Belkin F5D7633au4) is being *hammered* by SYN flood, LAND and Fragmentation floods galore. I have to reset the router at least once a day when my internet speed drops to dial-up speeds.

I have a Dynamic IP address so the restarting means I get a new IP from my ISP, but this is not stopping the problem for too long - minutes??

I have Googled and Wikied for solutions and advice online and now know how these attacks work (yes, I even read through the CERT docs for fun). This has not helped me find a way to stop this happening.

Alternatively, Google gives me sites that want to teach me how to do this, or offer me software to do this. Nope, I want to stop this happening.

The third type of Google results I get are responses from 2004 -ish and usually talk about fiddling with the ipconfig settings and refer to windows network settings that I don't think I want to touch.

I have checked all the settings on my router: I have WPA Personal (TKP/AES) security with a 30 character key. My SSID is broadcast but I also have MAC address filtering set up.

I port forward for my P2P apps.

I have checked the firmware on my router and it says its the latest. I have just downloaded and installed the slightly more up to date firmware I found directly from the Belkin website.

So, I have now reached the end of my ignorance and am not sure what else I can do. I am quite happy to do the legwork myself, but I don't even know what questions to ask in order to find a new path for further research and a solution.

Is anyone able to provide some hints and advice on where I can look for a solution to my problem?

Help me Obi-Wan, you are my only hope!

Sad Angsty :(

Nevets_Anderson
7th April 2009, 09:26 AM
Ok you sure it's comeing from outside?

Couple of thoughts

have you tried sending an email to your isp? They may be able to help esp if the attack or what ever it is comeing from within your network own.

(sorry to ask a dumb sounding question?) do you have another router you could try?
(It may be the router is faulty )

Are you sure that all that is comeing from your internet connection? (It is possible someone is doing this via wireless ... ) have a look at Kismet (http://www.kismetwireless.net/)

Hope this helps

Angsty
7th April 2009, 10:21 PM
Thank you!!!! New path to explore and investigate :)

Ang