Hello All I have a Draytek 2820n router that has been running for around 2 years, with mail alert for attacks set to 'On'. Recently, (last 2 months) I've been getting a lot of alert notifications - today alone I've had 57 !! They look like this: 2012/10/07 16:58:25 -- [DOS][Block][trace_route][66.70.56.122:42877->MY PUBLIC IP + Various Port>[UDP][HLen=20, TLen=44] or this: 2012/10/07 13:21:16 -- [DOS][Block][trace_route][178.239.163.10->MY PUBLIC IP (No Port)[ICMP][HLen=20, TLen=44, Type=8, Code=0] Does this just mean my router is doing its job i.e. repelling DOS attacks? Or might there be more to this? Thanks in advance philby
Robotex doesn't show anyone owning that IP. 66.70.56 is registered to DataPipe in NJ. However, I see a lot of foreign sites listed located India and China so it is possible someone is trying to nail you. The prior ICMP was probably a port scan. You can always block inbound traffic to 66.70.56.0 - 66.70.56.255 in your software firewall to play it safe. Better to do it on the router if you have that capability.