strange Log entries

Question

I thought I would get some advice from you all all. &nbsp;The table below shows the source IP on the far right and then the destination IP to the left of the source IP. &nbsp;Neither of these is my address. &nbsp;When I block the destination IP in my router, the source just finds a new destination IP to target. &nbsp;Any suggestions on what to do?

[Ping Of Death]
1
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Teardrop or derivative]
2
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Illegal Fragments]
1
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Teardrop or derivative]
1
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Ping Of Death]
2
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Illegal Fragments]
1
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Ping Of Death]
6
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Teardrop or derivative]
1
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Ping Of Death]
1
Mon Jul 04 11:39:46 2016
145.103.253.185:0
68.133.112.0:0

[Teardrop or derivative]
7
Mon Jul 04 11:39:50 2016
105.192.137.60:0
68.133.112.0:0

[Ping Of Death]
1
Mon Jul 04 11:39:50 2016
105.192.137.60:0
68.133.112.0:0

allenp · Answer

Is this from your router's log?&nbsp; Looks like a DoS attack from outside your network.&nbsp; Your router firewall should keep them out.&nbsp; Make sure you have changed your router password and have external management disabled.&nbsp; You may want to run a malware scan on your devices but, as long as you don't see this kind of activity on devices inside your network, I wouldn't worry.

phxbarcelona · Answer

This is from our router log. &nbsp; I agree that it looks like a DoS attack. &nbsp; I have scanned the internal machine and they do not show anything. &nbsp; I do not permit remote management of the router and do not use default. &nbsp;&nbsp;
Beyond reporting this IP address, it would good if I could block this IP from using my router as a relay point but I cannot do that with my router and when I called Cox, they said they could not do so.&nbsp;

edwardh · Answer

While Support does not have a way to block a IP address if you don continue to see issues with it you can forward the logs to abuse@cox.net to have our network security department investigate further.

---

Forum Discussion

strange Log entries

3 Replies

Related Content

Strange phone number in landline call history log

Understanding entries and timestamps in panoramic wifi gateway logs

Strange email "Your account is locked for safety"

Yule Log

Strange error code - 10.1.27.1 Non-Cox MoCa device...

Recent Discussions

Welcome to the Archives

Gigablast

Beeping Noise

mic/status led on contour 2 remote

Internet connectivity frustrations

[Ping Of Death]	1	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Teardrop or derivative]	2	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Illegal Fragments]	1	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Teardrop or derivative]	1	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Ping Of Death]	2	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Illegal Fragments]	1	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Ping Of Death]	6	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Teardrop or derivative]	1	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Ping Of Death]	1	Mon Jul 04 11:39:46 2016	145.103.253.185:0	68.133.112.0:0
[Teardrop or derivative]	7	Mon Jul 04 11:39:50 2016	105.192.137.60:0	68.133.112.0:0
[Ping Of Death]	1	Mon Jul 04 11:39:50 2016	105.192.137.60:0	68.133.112.0:0