I've got a Netgear router doing some logging and it's reporting tons of
stuff like this:
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [66.75.159.89], Friday, 08 Feb 2008 13:01:00
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [77.73.32.120], Friday, 08 Feb 2008 13:00:37
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.28.145.39], Friday, 08 Feb 2008 13:00:29
[DOS attack: ACK Scan] attack packets in last 20 sec from ip [66.75.159.110], Friday, 08 Feb 2008 13:00:15
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [63.215.202.17], Friday, 08 Feb 2008 12:59:35
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [69.28.145.39], Friday, 08 Feb 2008 12:59:27
[DOS attack: FIN Scan] attack packets in last 20 sec from ip [63.215.202.17], Friday, 08 Feb 2008 12:59:27
A couple of weeks ago I looked up some of these IP addresses, and they
were all from Akamai Technologies. I sent emails to the abuse address
asking what's going on, and was informed that Akamai Technologies
provides duplicate servers (sorry if the lingo is incorrect) for
customers with high volume websites, and that this activity is most
likely due to someone browsing one of these websites. However no one
was doing any such browsing at the time.
My question is, why would results from a browser request look like a DOS
attack to a Netgear router? And could these packets be generated by the
server even if the user just left the browser sitting on a website?
They don't seem to be affecting response time too much, but I would like
to know what's going on.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.