My home network being DDos'd?

[d00by]

Alright, I was having internet troubles so i figure check out the router cause Comcast claims on their life that its not them (and they've been out here already once and fixed one problem, then fixed the actual problem from their end) so i know they are legit. I check the router and in the log i see this:

Firewall log:
Tue Jul 11 20:46:42 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:46:43 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:46:43 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:46:47 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:46:47 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:46:50 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:46:53 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:12 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:12 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:16 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:17 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:23 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:25 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:26 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:26 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:26 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:26 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:27 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:36 2006 Blocked by DoS protection 204.16.208.102
Tue Jul 11 20:47:39 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:40 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:40 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:43 2006 Blocked by DoS protection 130.69.215.69
Tue Jul 11 20:47:50 2006 Blocked by DoS protection 61.53.79.163
Tue Jul 11 20:47:51 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:51 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:55 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:47:58 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:00 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:01 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:03 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:07 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:10 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:10 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:10 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:15 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:15 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:18 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:29 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:34 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:40 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:40 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:40 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:44 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:44 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:47 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:53 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:57 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:48:57 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:03 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:07 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:09 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:09 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:10 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:14 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:15 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:22 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:24 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:24 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:25 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:26 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:27 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:31 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:31 2006 Blocked by DoS protection 45.67.179.12
Tue Jul 11 20:49:31 2006 Blocked by DoS protection 45.67.179.12
Tue Jul 11 20:49:31 2006 Blocked by DoS protection 45.67.179.12
Tue Jul 11 20:49:31 2006 Blocked by DoS protection 45.67.179.12
Tue Jul 11 20:49:31 2006 Blocked by DoS protection 45.67.179.12
Tue Jul 11 20:49:35 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:35 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:37 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:37 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:38 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:38 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:38 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:44 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:49:44 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:03 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:10 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:10 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:28 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:28 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:29 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:35 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:37 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:41 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:41 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:49 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:49 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:52 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:50:52 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:07 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:07 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:11 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:11 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:14 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:21 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:21 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:21 2006 Blocked by DoS protection 10.176.156.1
Tue Jul 11 20:51:24 2006 Blocked by DoS protection 10.176.156.1

So i am all like wtf m8? but really. I have to restart my modem to get the issue to go away, then like 10 minutes later it comes back. All the times on there are hh:mm:ss, and they are up to date on the minute. Anybody have any idea whats up? cause 10.0.0.1 is some special ip thing or whatnot, is 10.176.156.1 the same? But there are other IP's scattered in here and there, so is this like an organized attack, or am i just flipping out for the wrong reasons? I notice that when i reboot the modem, the attacks stop for a couple minutes, and the conection speed is at like 7 mpbs, but when they start again, the speed plummets. I am currently on the line with LInksys, to which no avail. Their lovely babelfish using tech supports responds with:

Linksys: Yes, It mean somebody has tried hack your router.
Linksys: But the router has stopped it from being attacked.

So i know they can read log files correctly, but that didnt help any. Any ideas on what is to be done or what i can possibly do, or if i need to contact somebody authoritative then who and what do i say?

 

[Half Evil]

Someone is useing wireless to access your router. I had the same problem with my Dlink and my moms laptop. Everytime it got on the internet, my compturs firewall freaked out.

Someone externally is accessing your router, I think. Try slapping on a network code and see what happens after that.

 

[d00by]

ive got wep? Should i change encryption key?

 

[mayorredbeard]

ive got wep? Should i change encryption key?

Change the encryption key and add MAC address filtering. Contact the manufacturer of your router and ask them how to do that if you don't know how to. This will add another layer of security, making it harder for anyone to access your wirless network.


EDIT: Well that log just means their trying to, it doesnt mean they have accessed it. Someone can always try to access your wireless network and get blocked, i dont see how someone getting blocked from connecting to your router could effect your computers peformance. What problem exactly is it causing? Is your firewall freaking out? Is it preventing you from accessing the internet? My best advice is to trace the ip. I'll try and trace them for you, possibly find out their ISP and report them.





IP TRACES
Ive traced some of the IP's, i'll let you decide what your going to do about it

Network Contact Information: The following details refer to the network that the system is on.

10.176.156.1
Internet Assigned Numbers Authority
+1-310-301-5820
4676 Admiralty Way, Suite 330 Marina del Rey CA 90292-6695 US

204.16.208.102
FAST COLOCATION SERVICES
abusedept@fastcolocation.net
+1-703-637-6336
3791 N. Edgewater Dr Wasilla AK 99654 US

130.69.215.69
Tokyo, Japan

45.67.179.12
Interop Show Network
795 Folsom St Lvl 6 San Francisco CA 94107 US


Now obviously someone from Tokyo Japan isn't trying to access your router, but if any of those locations are close enough to you i'd follow through on it. Hope this helps

 

[d00by]

i have read that 10.0.0.0 through 10.255.255.255 are non routable network addresses over the net and that they are usually internal addresses... Does this make any sense?

 

[Cx]

there's no question about am i getting dossed, YOU KNOW IT. a few settings on a firewall isn't going to stop a botnet either...

i think the 10 something has to do something with your isp's network. either someone inside it, or your isp itself.

now the colocation you might be getting dossed from, if you're experiencing downtime / horrible lag i'd contact em and tell em your situation.

these aren't wireless...

contact your isp about the ip address w/ the 10, the rest are probabaly just random bots scanning ip ranges... nothing to worry about, everyone gets those...

 

[d00by]

I dont know whats up. I upgraded my Router's firmware and the attacks just disappear. The speed is back up to 3-4 mbps at 4-5 pm so I dont know. Beats me, i am assuming its the crappy linksys router just being stupid.

 

[Cx]

could be someone scanning for older firmware w/ exploits, and now you upgrade you don't show up no more.

 

[DJ-CHRIS1]

With an IP address like that, it would leave me to believe that it's the ISP's equipment.

I havnt thought about this much, but it's probolly because you have WAN ping turned off and the ISP's DHCP server is getting pissy about you not responding.