Hi Everyone,

I've got a Netgear router doing some logging and it's reporting tons of stuff like this:

[DOS attack: FIN Scan] attack packets in last 20 sec from ip [66.75.159.89], Friday, 08 Feb 2008 13:01:00
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [77.73.32.120], Friday, 08 Feb 2008 13:00:37
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.28.145.39], Friday, 08 Feb 2008 13:00:29
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [66.75.159.110], Friday, 08 Feb 2008 13:00:15
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [63.215.202.17], Friday, 08 Feb 2008 12:59:35
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.28.145.39], Friday, 08 Feb 2008 12:59:27
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [63.215.202.17], Friday, 08 Feb 2008 12:59:27


A couple of weeks ago I looked up some of these IP addresses, and they were all from Akamai Technologies. I sent emails to the abuse address asking what's going on, and was informed that Akamai Technologies provides duplicate servers (sorry if the lingo is incorrect) for customers with high volume websites, and that this activity is most likely due to someone browsing one of these websites. However no one was doing any such browsing at the time.

My question is, why would results from a browser request look like a DOS attack to a Netgear router? And could these packets be generated by the server even if the user just left the browser sitting on a website?

They don't seem to be affecting response time too much, but I would like to know what's going on.

*Peter Dow* /
Dow Software Services, Inc.
909 793-9050
pdow@xxxxxxxxxxxxxxx <mailto:pdow@xxxxxxxxxxxxxxx> /

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.