• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos0

Interesting entries in Router log...

The previous v22.5.0.120 Liveupdate push and its failed/corrupted installation which lead to my Outlook issues, and my subsequent futile attempts to correct the issues, ultimately required me to resort to using Norton Support Chat.  The tech used remote access to come into one of my affected systems to try and resolve the problem - unsuccessfully.

Since then I have been seeing some rather interesting DOS events logged by my router, typically in the wee hours when all computer systems are off.

For example, last evening's router log had the following consecutive entry block:

[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:14:28
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:14:12
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:13:13
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:12:57
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:11:58
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:11:42
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:10:43
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:10:27
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:09:28
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:09:12
[DoS Attack: ACK Scan] from source: 143.127.93.95, port 80, Friday, June 26, 2015 00:08:13
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:06:42
[DoS Attack: ACK Scan] from source: 143.127.93.117, port 80, Friday, June 26, 2015 00:05:52
[DoS Attack: ACK Scan] from source: 143.127.93.103, port 80, Friday, June 26, 2015 00:04:12
[DoS Attack: ACK Scan] from source: 143.127.93.96, port 80, Thursday, June 25, 2015 22:48:07
[DoS Attack: ACK Scan] from source: 143.127.93.96, port 80, Thursday, June 25, 2015 22:43:07
[DoS Attack: ACK Scan] from source: 143.127.93.96, port 80, Thursday, June 25, 2015 22:41:52

I checked all these IPs using Network Solutions - "whois".

They all came back the same as to owner...

WHOIS Results

You Searched for: 143.127.93.95

143.127.93.95

Record Type: IP Address

NetRange:       143.127.0.0 - 143.127.255.255
CIDR:           143.127.0.0/16
NetName:        SYMC-143-127
NetHandle:      NET-143-127-0-0-1
Parent:         NET143 (NET-143-0-0-0-0)
NetType:        Direct Assignment
OriginAS:       
Organization:   Symantec Corporation (SYMN-Z)
RegDate:        1990-09-19
Updated:        2015-05-15
Ref:            http://whois.arin.net/rest/net/NET-143-127-0-0-1


OrgName:        Symantec Corporation
OrgId:          SYMN-Z
Address:        350 Ellis St.
City:           Mountain View
StateProv:      CA
PostalCode:     95117
Country:        US
RegDate:        2008-08-01
Updated:        2015-05-15
Ref:            http://whois.arin.net/rest/org/SYMN-Z


OrgNOCHandle: SIA9-ARIN
OrgNOCName:   Symantec IP Administrator
OrgNOCPhone:  +1-650-527-8000 
OrgNOCEmail:  dl-it-ip-admin@symantec.com
OrgNOCRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

OrgTechHandle: SIA9-ARIN
OrgTechName:   Symantec IP Administrator
OrgTechPhone:  +1-650-527-8000 
OrgTechEmail:  dl-it-ip-admin@symantec.com
OrgTechRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

OrgAbuseHandle: SIA9-ARIN
OrgAbuseName:   Symantec IP Administrator
OrgAbusePhone:  +1-650-527-8000 
OrgAbuseEmail:  dl-it-ip-admin@symantec.com
OrgAbuseRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RAbuseHandle: SIA9-ARIN
RAbuseName:   Symantec IP Administrator
RAbusePhone:  +1-650-527-8000 
RAbuseEmail:  dl-it-ip-admin@symantec.com
RAbuseRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RTechHandle: SIA9-ARIN
RTechName:   Symantec IP Administrator
RTechPhone:  +1-650-527-8000 
RTechEmail:  dl-it-ip-admin@symantec.com
RTechRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

RNOCHandle: SIA9-ARIN
RNOCName:   Symantec IP Administrator
RNOCPhone:  +1-650-527-8000 
RNOCEmail:  dl-it-ip-admin@symantec.com
RNOCRef:    http://whois.arin.net/rest/poc/SIA9-ARIN

Any thoughts?

Replies

Kudos0

Re: Interesting entries in Router log...

Hello johnnie

Will try to get you some help on this one from Norton.

@Tony_Weiss

Success always occurs in private and failure in full view. Windows 10 Pro 64 bit Norton Core Security Plus 22.18.0.213 Core Firmware 282 I E 11 Chrome latest version.
Kudos0

Re: Interesting entries in Router log...

Thanks Flo!  

This thread is closed from further comment. Please visit the forum to start a new thread.