Community


All times are UTC - 5 hours




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: NeoRouter clients DoS Attacking/SYN Flooding Server
PostPosted: Sun Dec 20, 2015 6:27 pm 
Offline

Joined: Sun Dec 20, 2015 6:10 pm
Posts: 1
Hi All,
Long time user of NeoRouter Free, but a very strange issue has developed in the last couple of days; the device which acts as my NeoRouter "Server" has been DoS attacked/SYN Flooded by my NeoRouter "client" devices!

Here's an extract from the server's firewall log:
Image
(where xxx.xxx.xxx.xxx are the IP addresses of my various NeoRouter "clients")

Note as well from my screenshot the incremental port numbers? If I reboot a client device, the ports being "attacked" on my NR server seem to start around 1000. Several attacks occur every minute per client device.

The only way to stop these attacks is to stop the "NRClientService" Windows service on the various clients connecting to my NeoRouter server.

So my question is, why are my NR clients suddenly all attacking my NR server and trying to connect on infinitely incremental ports? The correct port for NR is open on the "server" (32976) as it's always been(as I say I've been using NR Free for years!), and no recent configuration changes have taken place.

Anti-Virus software is up-to-date on all my devices, my devices are clean, and again, I would also reiterate that the attacks cease if I stop the "NRClientService" Windows service on various client devices - so it's a specific NR issue.

Can anyone shed any light on this? ...and especially why clients are now trying to connect on every port incrementally?!

I've had to kill NR on my clients otherwise the server becomes inaccessible due to being DoS'd/SYN'd


Top
 Profile  
 
 Post subject: Re: NeoRouter clients DoS Attacking/SYN Flooding Server
PostPosted: Sun Dec 20, 2015 8:42 pm 
Offline

Joined: Sun Nov 16, 2008 6:41 am
Posts: 1847
Hi GreatMarko,

Do you have a NR client installed on the same machine as NR server? Is it running?
Which OS do you use? Can you collect the log file of the nrservice and send it to us so that we can investigate it?

There is logic in the NeoRouter software to connect to the NR server on multiple ports. NR client service get the NR server listen port information from NR domain name and connects to the server; NR server should expose the listen port to the Internet only, instead of a port range.

Thanks,
KevinZ - NeoRouter team


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 5 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron