Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

DOS attack: STORM entry in router log file


  • Please log in to reply
5 replies to this topic

#1 TheAAGuy

TheAAGuy

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 04 September 2010 - 04:38 PM

I have noticed an issue with my router logs and I don't know what is going on. Perhaps someone here can help. I have a iMac 9.1 connected to a Netear WNR3500 router via an ethernet cable. I noticed my router log file contains DOS attack: STORM entries that seem to indicate the attack is originating from my iMac. Note the logfile below: [Admin login] from source 192.168.1.5, Thursday, Sep 02,2010 13:23:44 [Admin login] from source 192.168.1.5, Thursday, Sep 02,2010 13:01:13 [DOS attack: STORM] attack packets in last 20 sec from ip [192.168.1.5], Thursday, Sep 02,2010 12:39:30 [DOS attack: STORM] attack packets in last 20 sec from ip [192.168.1.5], Thursday, Sep 02,2010 12:39:05 [DOS attack: STORM] attack packets in last 20 sec from ip [192.168.1.5], Thursday, Sep 02,2010 12:38:3 [Admin login] from source 192.168.1.5, Thursday, Sep 02,2010 10:43:12 [Admin login] from source 192.168.1.5, Thursday, Sep 02,2010 10:05:26 192.168.1.5 is my iMac. I notice that these attacks, or whatever they are, seem to come in bursts about 3-5 at a time and these occur about 3-5 times a day. I have no problem accessing the net. I have no idea what these are, or even if they are a problem. I have VirusBarrier X5 and NetBarrier X5, and a scan showed no problem. However, when I first setup the mac (a little over a year ago) I didn't enable the trojan horse and spyware stuff on NetBarrier, but they are now. Thanks.

#2 Doug

Doug

    Retired Administrator -Tech Team

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,051 posts

Posted 05 September 2010 - 08:34 AM

From your posted information, it appears you are concerned that your iMac has an infection that is attempting to spread itself via local network?

If the above is an accurate summation of the problem...
Remove the iMac from network and internet access.
Then using another machine, head over to our Malware Removal Forum to gain assistance with tools that may provide diagnostics for your iMac.

Best Regards

#3 Doug

Doug

    Retired Administrator -Tech Team

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,051 posts

Posted 05 September 2010 - 11:28 AM

Hello again TheAAGuy,

You "may" be better served by searching various Mac specific Forums.


Here's a link that discusses detections on systems using Netgear Routers.
Possibly a false positive, but worth investigating.
http://discussions.i...hreadID=2528350

Here's another "general" help article for Mac Security:
http://reviews.cnet....ml?tag=mfiredir


Do you run MS Office or similar on your machine.

Office utilities offer the ability to customize documents and spreadsheets, using a feature known as a Macro.
Unhappily, it is also possible for "Macros" to become infected by Malware.

You may benefit by saving all of your documents and spreadsheets, and dbase files to external media such as CD/DVD or External HD.
Then run the free version of some well respected antivirus against the files on that saved media. (consider Avira, Sophos, Clamv, AVG)

If a virus is detected in a Word Macro, it will be saved in a file similar to Normal.dot, or Custom.dot, or similar "name".dot file.
If you know that you have created a Macro or customized Normal.dot, keep it.
If not, you can safely delete any/all "name".dot files.
MS Office will create a fresh and neutral Normal.dot for you, the next time you boot your machine.

#4 TheAAGuy

TheAAGuy

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 05 September 2010 - 05:03 PM

Doug, Thanks for the update. I had posted this inquiry at the Netgear forum and a Mac forum (but not the one you linked to) with no response to date. I had suspected this might be a false alarm, but I wanted to see if anyone had any ideas about what this might be. I'm not really sure what program is doing this; from my perspective everything appears to be working the way it should. The only exception is the MAC Software Update tool, which is supposed to check every week but didn't appear to be working. I have had to check for updates manually. I will go to the mac forum and see what they say. Thanks.

#5 Doug

Doug

    Retired Administrator -Tech Team

  • Authentic Member
  • PipPipPipPipPipPipPip
  • 10,051 posts

Posted 05 September 2010 - 05:58 PM

You are on the right track for best trouble-shooting via specific Apple/Mac forum and/or Netgear Forum. You are welcome back to explore other learning and problem solving as the situation may arise. Best Regards

#6 appleoddity

appleoddity

    SuperMember

  • Tech Team
  • 3,031 posts
  • Interests:Eating, Movies, Family, Church, Music, Volleyball, Softball, Poker, Computers, Electronics, Reading.

Posted 05 September 2010 - 11:19 PM

http://discussions.a...m...3

Its a false alarm. But, it is not harmless. It will block communication on your iMac and cause problems.

My suggestion: Turn off any firewall on the router. It is worthless. There is no need for a firewall to attempt to block INCOMING connections on computers behind Network Address Translation, therefore the only thing it is useful for is blocking outbound connections from your internal computers which apparently it can't even do that right.



Similar Topics: DOS attack: STORM entry in router log file     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users