Skip to content
PatsFan's profile

New Contributor

 • 

5 Messages

Tuesday, January 20th, 2015 5:00 PM

Firewall settings

I'm trying to figure out the optimum firewall settings.  I was looking through my event log today and came across several DoS attack entries like the ones below:

 

Firewall[378]: DoS Attack - TCP SYN Flooding IN=erouter0 OUT= MAC=68:ee:96:de:0a:c3:00:01:5c:70:de:46:08:00 src=222.208.119.169 DST=98.237.0.250 LEN=40 TOS=00 PREC=0x20 TTL=45 ID=33007 CE DF PROTO=TCP SPT=17209 DPT=8213 SEQ=30804541

 

Firewall[378]: DoS Attack - ICMP Flooding IN=erouter0 OUT= MAC=68:ee:96:de:0a:c3:00:01:5c:70:de:46:08:00 src=68.86.15.176 DST=98.237.0.250 LEN=84 TOS=00 PREC=0x20 TTL=56 ID=0 DF PROTO=ICMP TYPE=0 CODE=0 ID=3423 SEQ=12

 

Until today, I had disabled the firewall.  After looking at the entries, I changed it to medium security.  Can someone explain what they mean, if they indicate my network is being attacked and what steps, if any, I can take to secure it.  

 

I am also seeing many critical entries:

 

[Docsis][679]: No Ranging Response received - T3 time-out

 

Should I be concerned with these?

 

Thank you.

Advocate

 • 

1.4K Messages

10 years ago

Hello PatsFan and welcome,

 

If you are just running your Comcast Gateway (CG) in DHCP mode always acquiring a 10.1.10.x dynamic IP, then unless you have any Ports forwarded (opened) then external hackers cannot access anything on these 10.1.10.x devices for 2 reasons: a.)   CG Port forwarding not open, b.) your Computer's Operating System and/or Anti-Virus is blocking any attacks. If you are using a staticIP, then you should disable your true static manangement port FW, then go to your Static IP Port Management facility and make sure that "block all ports with the following exceptions". This is the most secure manner for any Static IP device to be locked down, if you will. Now if your have a static IP device application that has a port (i.e. port 999) you need open for private or secret access from the outside, this is where you would add new , then use SecretPort 999 999 both Routable.Static.IP. Address of the actual device.

 

You can also block known potential culprits such as those in your [Firewall[378] by ip address or MAC address, too. The DOCSIS[679] T3 Timeout looks like a Comcast Cable Modem Termination System (CMTS) random T3 Time Out warnings that is very irrelevant. You will see these whenever there is an outage impacting your internet service.

 

Hope this helps you out.

 

btw Go PATS beat SeaChickens for TFB's 4th SB !!! Smiley Happy

New Contributor

 • 

5 Messages

10 years ago

I am running in DHCP mode.  The only device I use port forwarding for is a voip adapter.  I've opened ports 5004 - 65000, as instructed to the ip I've assigned to the device.

 

And yes, GO PATS!