Cox Pass-through of DoS attacks?

Question

Connecting to a web page often requires two or three attempts.&nbsp; HTML email often doesn't render without going back and forth between them several times.&nbsp; When this is occurring I found the following (or similar) in the router log:
[DoS Attack: RST Scan] from source: 45.232.131.151, port 16187, Monday, January 31,2022 15:52:29[DoS Attack: RST Scan] from source: 45.232.128.54, port 1121, Monday, January 31,2022 15:40:17[DoS Attack: RST Scan] from source: 45.232.130.47, port 25736, Monday, January 31,2022 15:25:31[DoS Attack: ACK Scan] from source: 45.61.142.182, port 10668, Monday, January 31,2022 14:41:49
In this particular instance, the first three IPs trace to cert.br / registgro.br, servers that refuse to expose all the IPs they control and that appear to be set up for spammers, scammers and dark web use.&nbsp; Therefore COX security should block all communications that originate from IPs belonging to the users of these domains.
The latter one was from a server in San Francisco and so COX should be able to prosecute them under state and federal anti-hacking laws.&nbsp; WHY DON"T THEY? After all COX IS scanning all our OUTGOING web traffic so they can throttle-down the responses from competing streaming services and those who don't pay the fare for favorable treatment when routing through COX servers.&nbsp; Seems like they could easily throttle a DOS attack to 0.

bruce · Answer

RST Scan
It looks okay and not malicious or an attack.
RST Scan is a type of port scan and port scans are as old as the Internet.&nbsp; Port scans aren't malicious per se but instead could be reconnaissance before an actual DoS.&nbsp; Port scans are like walking down the street and looking into car windows.&nbsp; It looks suspicious but you're not doing anything wrong other than looking suspicious.
RST means the ports are closed and your router is doing its job…especially after 2-3 attempts.&nbsp; However, if it's happening on 1 website, the website is probably trying to sync with these ports at 1 time and some routers will get confused and log as a DoS attack.&nbsp; It's not an attack because the port was reset.
As long as you're seeing these "RST Scan" entries, you're good to go.

crystals · Answer

Hello @Wmcole,

I am so very sorry to learn of your Internet troubles and I'd like to help. Thank you for the feedback. We are always looking for ways to better serve our customers. Please scan your device with virus removal software. Then change your network password. This should resolve your issue.

Crystal S. 
Cox Support Forum Moderator

Forum Discussion

Cox Pass-through of DoS attacks?

2 Replies

Related Content

External wifi router can't to get internet through cable modem, but can when passed through another router

Roommate Account - Netgear CM1000 not passing internet through to Netgear RAX80

DoS attack] ICMP Flood from

Being hit with DDOS attacks. Need advice.

Cox homelife hub

Recent Discussions

Successful Email transition to Yahoo: using Thunderbird on Windows

Problems with Email on Yahoo

The connection to smtp.cox.net failed !??!

WARNING: Yahoo hides spam from third-party email apps

Cox email transition - has anyone completed the transition to Yahoo