How to get protection of DOS attack against udpEcho Chargen attack?

[jraju]

How to get protection of DOS attack against updEcho Chargen attack?
I repeat the question to stress that my router logs shown such thing in a normal log. the exact log is
My Router log.Is given below:
DoS: UdpEchoChargen Attack source=foreign ip= destination IsP assigned external ip
The IPs are removed for security purposes. Which are the ports to be blocked in the router. I am having Dlink 2730U india model

[Boggin]

Routers are attacked all of the time but the router's firewall blocks them - nothing to worry about normally.

Some router's firmware type is prone to such router hijacks though and a Google to see if your router falls into that category may put your mind at rest.

Netgear and Linksys seem to be the most prone but there are other methods of hijacking.

Google which routers are prone to hijacking and you'll see a number of links.

[jraju]

Hi, boggin, now i understand, i have enabled both errors and notice in the system log in the router. So, any attack or any activity would be notified by it , even though it is only a kind of information and not the actual attack. Now, i removed the notice, but kept errors report, as it will save me from opening the router page often to clear the logs.
                    All the routers are affected, as far  as i know, as most routers are configured for internet access only. They do not enable or disable anything, and leave the rest settings as default. But default settings allow some initial ports for the users. It is the users who have to be very careful about  those settings. For example, dlink , does not enable the DOS attack by default. i did. Likewise, ping was enabled in Lan and Wan. This is mainly responsible for age old ping attack, echo attack etc.
                            Thanks. i disabled the ping and avast now shows nothing and router logs does not show, any linkdown etc in the router logs. When you open other electronic, only physical things are seen , but when you open the  router page, you could see so many things that affect your gateway. Your service providers would provide normal protection and it is you, who has to see the pages of settings of the router to correct the settings
Do shane has any security software in his other tools forum?

[Boggin]

Your router's firewall is usually sufficiently robust to stop these attacks but from the article I'd posted, some routers because of their firmware, there are gaps in the router's security which allow them to be hacked and it is up to the router manufacturers to modify and update their firmware to counter these hijacks.

MS do it all of the time in releasing security patches for various aspects of Windows, unfortunately, router manufacturers may be a bit slower in addressing these problems.

[Samson]

J, FYI the CIA used "CherryBlossom" to hack a whole bunch of routers. A full list here....

https://wikileaks.org/vault7/document/WiFi_Devices/WiFi_Devices.pdf

[jraju]

Hi, Samson,
                        Thanks for the list. It contains a-z, 0-9 , by http and other attacks. Here , i point out the reason. The ISP is only providing the configuration for internet access, without looking deeper in to router settings. The consumer thought that it is just another electronic device , helpful in getting him internet access. You would not believe, that when i contacted the dlink helpdesk, he has asked me to look in to tr 069 port , in network tools menu. There was some http, which he has asked me to change to some other http, to dlink and also changed the password. He says that the router default settings in my router is obselete. But , i did update to the latest firmware available for that model.
                   Then there was ping enabled, and i deleted that to get the avast wifi inspector  no vulnerability certificate.
                         I do not think, all will look into their router page to correct it. They simply think that it is another electronic device.
                         Is there any Shane Tool to safeguard router? i have asked in my previous posts

[Samson]

J, Hi.

Shane does n't do any security tools, at least I'm not aware of any.

But if you have updated to the latest firmware, and disabled "Respond to Ping", then you have done all that you can as far as security goes, and that is more than most users do 

[jraju]

Hi, thanks.
                It is curious that even though ping is enabled and tr069 is suspicious ip address, avast alerts dns hns hijack and ask you to change the dns. But that is not the cure at all.
                        Now , i am having my isp server, auto detect, but after disabling the ping, tr069 and enabled protection from Dos attack, my router in grc.com and avast does not show any vulnerability. So mere change of dns would not do safe to the comuter, as generally believes. It only changes the domain name to ips and it may give faster access .
                 I find a simple tool, i do not know whether it is free for all the time or trail, but nice . i downloaded and it shows the unknown device and i have selected a small dog barking sound to denote it in my settings. So, if it finds anything not known and not identified by you as known, then , the dog barks to look in to and there is also a provision to some command what to do, which i am not familiar with so far.
the link
https://www.softperfect.com/products/wifiguard/.
                     

[Boggin]

This is probably why Avast is snagging TR-069 http://www.pcworld.com/article/2463480/many-home-routers-supplied-by-isps-can-be-compromised-en-masse-researchers-say.html

However, in my ISP supplied routers, I can uncheck its box but would then lose out to any firmware upgrades which could make the router more secure.

It's a bit of a Catch-22 situation.

[jraju]

Hi, But in my case, the tr069 port 7547 is not used by my ISP, but the vendor of the router , Dlink.The Dlink helpdesk asked me to change the url and user id and password from the old url, that was in, but asked me to disable the settings and it is not enabling automatically, which was the stage, when i disabled the same. The user id, dlink, and pw and url all belong to dlink router. As i say, the configuration is only done for internet access in most of the routers and not for internet security, resulting this kind of vulnerability. The url was obselete the helpdesk said. Only four or five entries like circuit no. user id pw, wifi id , wifi pw are the nly entries configured in a isp supplied modem or otherwise.
                                 If your modem is supplied by ISP, but the vendor is different, then also the problem of internet security, as i stress that most routers are configured only for internet access and not for router/internet security.

[jraju]

This is the tone i set for alert of unknown device