Hay varias entradas en el archivo de registro de mi enrutador que muestran los últimos intentos de DoS en algunos de sus puertos. Se ven así:
[DoS Attack: ACK Scan] from source: 213.61.245.234, port 80, Friday, November 21,2014 11:37:59
[DoS Attack: ACK Scan] from source: 80.239.159.8, port 443, Friday, November 21,2014 11:18:09
...
[DoS Attack: RST Scan] from source: 195.39.197.142, port 30732, Wednesday, November 19,2014 22:12:35
[DoS Attack: ACK Scan] from source: 31.13.91.117, port 443, Wednesday, November 19,2014 17:56:38
[DoS Attack: ACK Scan] from source: 88.221.82.74, port 443, Wednesday, November 19,2014 17:56:33
[DoS Attack: ACK Scan] from source: 31.13.91.117, port 443, Wednesday, November 19,2014 17:56:06
[DoS Attack: ACK Scan] from source: 88.221.82.74, port 443, Wednesday, November 19,2014 17:56:01
[DoS Attack: ACK Scan] from source: 31.13.91.117, port 443, Wednesday, November 19,2014 17:55:50
[DoS Attack: ACK Scan] from source: 88.221.82.74, port 443, Wednesday, November 19,2014 17:55:44
[DoS Attack: ACK Scan] from source: 31.13.91.117, port 443, Wednesday, November 19,2014 17:55:38
[DoS Attack: ACK Scan] from source: 88.221.82.74, port 443, Wednesday, November 19,2014 17:55:36
[DoS Attack: ACK Scan] from source: 31.13.91.117, port 443, Wednesday, November 19,2014 17:55:36
[DoS Attack: ACK Scan] from source: 88.221.82.74, port 443, Wednesday, November 19,2014 17:55:30
[DoS Attack: RST Scan] from source: 128.199.49.106, port 18668, Wednesday, November 19,2014 15:06:46
Intenté escanear la IP pública de mi enrutador en busca de puertos abiertos:
sudo nmap <my-public-ip> -Pn --reason --top-ports 10
Starting Nmap 6.47 ( http://nmap.org ) at 2014-11-21 16:02 CET
Nmap scan report for <public-hostname> (<my-public-ip>)
Host is up, received user-set.
PORT STATE SERVICE REASON
21/tcp filtered ftp no-response
22/tcp filtered ssh no-response
23/tcp filtered telnet no-response
25/tcp filtered smtp no-response
80/tcp filtered http no-response
110/tcp filtered pop3 no-response
139/tcp filtered netbios-ssn no-response
443/tcp filtered https no-response
445/tcp filtered microsoft-ds no-response
3389/tcp filtered ms-wbt-server no-response
Tengo curiosidad, ¿cómo sabe mi enrutador que cada uno es un ataque DoS en primer lugar? ¿Son estos casos de usar nmap
agresivamente de alguna manera? ¿Y debería preocuparme por estos ataques?