If not, maybe you should.
I have a Netgear NightHawk router. Like many, if not most routers, it keeps a simple log of events. I have my router email me a copy of this log once a week.
Going through my log today, I noticed a few DoS attacks, specifically, "DoS Attack: ACK Scan" attempts - all from different IP addresses. These are actually fairly common and typically harmless as most are just bots hackers randomly testing to see if they can gain access through an open port. If not, they quickly move on. This would be similar to a simple car thief moving through a crowded parking lot, checking for unlocked doors, keys in the ignition and obvious valuables sitting in view on the back seat. If the doors are locked, and no visible keys or valuables, they quickly move on.
As seen here:
What is [DoS Attack: ACK Scan] ? these type attacks happen all the time and typically are not something to worry about. And this is true
UNLESS your router is being constantly bombarded with 100s or 1000s of such attacks. In that event, you might suspect you (your router/network) is being targeted specifically. And in that event, you need to make sure your router's firmware is current and you may want to contact your ISP and request a different IP address. Probably a good idea to make sure your OS and security software on all your connected devices are current too.
Also noted in that article is to verify "
Port Scan and DoS Protection" is enabled in your router's Admin menu. Note that verbiage is for Netgear routers. Other brands may word it slightly different but the intent should be the same. For the record, "
Port Scan and DoS Protection" is enabled by default in my Netgear and I suspect in most home routers - but again, best to verify.
Anyway, the reason why I was prompted to create this thread today is because the following log entry from my most recent log really caught my interest,
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [193.176.79.44], Monday, Jul 22,2024 12:59:05
When I looked into that IP address, I got the following Whois report:
Whois IP 193.176.79.44.
FTR, I keep a spreadsheet database of these attacks on my network. Now I have had "attacks" from Russia before. But none like this. Note "Zolotaya dolina" is a former Russian Air Force airbase and the owner of the site claims to be from the "Russian Federation". Now, as noted, I've had multiple "attacks" from "Russia", the last as recently as 3 weeks ago. But this is the first from the "Russian Federation".
Does that mean I was attacked by a state sponsored hacker? No clue! But in light of recent current events, it sure makes me wonder.
If curious, I have also been hit by sites in Belgium, Brazil, Canada, China, Germany, Japan, Lithuania, Montenegro, Peru, Poland, Portugal, Sweden, Turkey, UK, Ukraine, USA and Vietnam.