DoS attack: RST Scan / IP Spoofing Attack - on Router Log

mathrisk

.: deleted :.
Adept
Mar 17, 2008
791
554
182
36
Bangalore
www.pankajnath.in
Saw an weird behavior on the iPad few minutes ago. Few keys on the keyboard were automatically getting clicked/pressed when some app was open, on homescreen some random app was opening automatically.
I had switch off the WiFi and then things became normal again.

What was that may be? Some kind of attack ??
If so, what are my next logical steps should be?
How to diagonise the iPad? My Credit Card is linked to my apple id !!! :(

I use Netgear router. Below are snippet from the router logs ....

DoS attack: RST Scan from source: 216.58.220.34:443, Sunday, August 16,2015 16:14:05
[DoS attack: RST Scan] from source: 216.58.220.37:443, Sunday, August 16,2015 16:04:13
[DoS attack: RST Scan] from source: 216.58.220.46:443, Sunday, August 16,2015 16:02:46
.....
.....
[DoS attack: RST Scan] from source: 216.58.220.46:443, Sunday, August 16,2015 15:14:04
[DoS attack: IP Spoofing Attack] from source: 192.168.1.2, Sunday, August 16,2015 14:46:11
[DoS attack: IP Spoofing Attack] from source: 192.168.1.2, Sunday, August 16,2015 14:46:02
[DoS attack: IP Spoofing Attack] from source: 192.168.1.2, Sunday, August 16,2015 14:41:10
.....
.....
[LAN access from remote] from 193.188.99.81:37079 to 192.168.1.2:55027, Sunday, August 16,2015 13:52:02
[LAN access from remote] from 2.91.211.179:15811 to 192.168.1.2:55027, Sunday, August 16,2015 13:52:02
[LAN access from remote] from 2.91.211.179:52662 to 192.168.1.2:55027, Sunday, August 16,2015 13:52:02
Are these something to worry about?
Am I being 'hacked' !!! :)

ps: I was watching Mr Robot. Hope I am not being paranoid here. :D
 
  • Like
Reactions: nimod

bigb123

Active Member
Disciple
Mar 29, 2011
157
45
41
32
Might be fsociety or the dark army...who knows...burn the ipad in oven to be on a safer side..
 

vivek.krishnan

If you cant see the green dot, I'm offline :P
Veteran
Dec 18, 2009
7,455
1,668
253
Ghatkopar, Mumbai
plus.google.com
What the hell were you doing man? those IPs - they are part of Jobs from hell! He is trying to make your iPad into another zombie device. Control you!

Anyways, are you running torrents? The last lines were consistent with DHT. As for the IP Address, that is from Google and most likely clean.
 

mathrisk

.: deleted :.
Adept
Mar 17, 2008
791
554
182
36
Bangalore
www.pankajnath.in
Anyways, are you running torrents? The last lines were consistent with DHT. As for the IP Address, that is from Google and most likely clean.
No torrent was running at that moment.

ipad is rooted?
Nope.


http://2.91.211.179.ipaddress.com/
http://193.188.99.81.ipaddress.com/

how many device you have in network ? 192.168.1.2 is ur IP address of Ipad ?

if your router have option to block source IP block traffic from above two address 2.91.211.179 & 193.188.99.81 ,

Also Remove all unwanted application from Ipad /Network devices /Update /scan

In my network, I have 2 phones + 1 iPad over Wifi, 1 desktop via ethernet.
About the IP of the ipad, I am not sure if 192.168.1.2 was assigned to my iPad, as I had toggled WiFi connection in my phone and iPad quite a few times before I checked the logs. :(

Checked the ipad, there's no such app that I don't recongnize.
 

bigb123

Active Member
Disciple
Mar 29, 2011
157
45
41
32
Google the random app that was running on your ipad...you might get some idea...
 

suds

Active Member
Adept
Jul 22, 2011
285
41
41
33
dude the ip address you mentioned belongs to google. It seems the digitizer on your ipad is gone bad

---------------------
NetRange: 216.58.192.0 - 216.58.223.255
CIDR: 216.58.192.0/19
NetName: GOOGLE
NetHandle: NET-216-58-192-0-1
Parent: NET216 (NET-216-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS15169
--------------------------------