cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Taco1
Beginner
1,253 Views
Message 1 of 5

Tcp reset Attack?

Hi,

I was just looking in the event log of my HH5 and for about 48hrs the following message keeps showing up:

 

"OUT: BLOCK [9] Packet invalid in connection (tcp reset attack is suspected: TCP"

 

There are similar ones too such as :

 

"IN: BLOCK [9] Packet invalid in connection (Invalid tcp flags for current tcp state:"

 

The outward messages seem linked to an ip address of one of my devices but the inward is not. 

 

Is this something to worry about or anything I need to counter?

 

I have a couple of ports forwarded for a couple of Xbox and PS games, should I close them again?

 

Thanks 

0 Ratings
Reply
4 REPLIES 4
Jonkarra
Expert
1,197 Views
Message 2 of 5

Re: Tcp reset Attack?

The message indicates that the router is blocking some suspicious traffic. The fact that its being blocked means there is no problem. There are networks of compromised PCs out on the internet that amongst other things scan random IP addresses to find other machines to compromise. Nothing you can do about it. If you are seeing a lot of traffic you can always power down your router and will be provided with a different IP address which hopefully isnt seeing the same traffic.

0 Ratings
Reply
Taco1
Beginner
1,176 Views
Message 3 of 5

Re: Tcp reset Attack?

Many thanks for the reply. There are also several messages about remote administration that don't say blocked. is that an issue?

0 Ratings
Reply
rawli1981
Beginner
1,129 Views
Message 4 of 5

Re: Tcp reset Attack?

Hi Taco - I am having the same issue except not all connections were blocked and now my internet has not worked for 3 days. Did you get any answers on the issue?
0 Ratings
Reply
Jonkarra
Expert
1,110 Views
Message 5 of 5

Re: Tcp reset Attack?

Rawli,

 

Have you checked if your line is up ? On the front page it normally says "Connected" or "Disconnected" if you are seeing a lot of crud like that in the logs try powering down your HH for a few minutes and then restarting it, you should get a new IP address. Unless you've setup port forwarding or uPNP is opening up ports for you automatically nothing from the internet can get to your PC or other devices the traffic will terminate on the HH which is itself pretty locked down and hardened. If in doubt reset your hub back to factory defaults as that will reapply the default firewall filtering policy, which unless there is a port forward will block all incoming traffic.

0 Ratings
Reply