Security Alerts on router IP Subnet Broadcast Amplification

I have interesting issue, hopefully you can help. I have a little knowledge of networking, so please be patient.

I have Windows 2003 Server Standard Edition
Server got 2 NIC Cards. One for Internal Network, 2nd for external.
External NIC card IP address   69.224.245.102
                          Subnet Mask   255.255.255.248                              
                    Default Gateway  69.224.245.101

Internal NIC IP Address 1.1.1.5
              Subnet Mask      255.255.2550

I am using Cayman 3546 route that’s connected straight to External NIC card.
No DHCP on Router straight Static IP

How everything started:
I installed brand new OS on computer, updated with latest Service pack, and got all necessary updates. Everything was working fine for few days, all of the sudden I noticed lots of popups. Viruses, Spy ware, etc. As I cleaned everything with Norton Corp 10.0 Edition I noticed tat I can get to major websites without any issues, but when I sign in to my hotmail.com account, page cannot be displayed. I noticed that I cannot ping Default gateway, (69.224.245.101) I restarted the router, I was able to ping everything and able to get to hotmail account, in 5-8 min, same thing again. As I logged in to the router, I got message to review Security Log and this is what it’s said:

Security alert type              : IP Source Address Spoofing
IP source address                : 69.224.245.134
IP destination address           : 69.224.245.105
Number of attempts               : 125
Time at last attempt             : Thu Mar 08 01:51:40 2007(UTC)
IP Interface                     : PPP (pppoe/vcc1)

Security alert type              : IP Subnet Broadcast Amplification
IP source address                : 24.64.76.220
IP destination address           : 69.224.245.135
Number of attempts               : 3
Time at last attempt             : Thu Mar 08 01:44:59 2007(UTC)
IP broadcast address             : 192.0.2.100

Security alert type              : IP Subnet Broadcast Amplification
IP source address                : 53.147.1.215
IP destination address           : 69.224.245.135
Number of attempts               : 1
Time at last attempt             : Thu Mar 08 01:52:26 2007(UTC)
IP broadcast address             : 192.0.2.100

Security alert type              : IP Subnet Broadcast Amplification
IP source address                : 24.64.85.121
IP destination address           : 69.224.245.135
Number of attempts               : 3
Time at last attempt             : Thu Mar 08 01:53:49 2007(UTC)
IP broadcast address             : 192.0.2.100

Security alert type              : IP Subnet Broadcast Amplification
IP source address                : 218.74.116.99
IP destination address           : 69.224.245.135
Number of attempts               : 1
Time at last attempt             : Thu Mar 08 01:54:32 2007(UTC)
IP broadcast address             : 192.0.2.100

Security alert type              : IP Subnet Broadcast Amplification
IP source address                : 219.148.119.6
IP destination address           : 69.224.245.135
Number of attempts               : 1
Time at last attempt             : Thu Mar 08 01:55:50 2007(UTC)
IP broadcast address             : 192.0.2.100

I don’t understand what it means after doing lots of searches.

Machine is going insane; I don’t know what to do. As soon as I restart my router, I can get to it’s console, ping default gateway, able to brose hotmail act, etc, in 5-8 min it’s back to popups and getting this error on security logs.

My question, How do I stop all this errors, and what you recommend? Maybe I need firewall, what kind? Hardware software.

If you ask why everything is Static: I do remote desktop to multiple computers behind this router. And every machine connected to this router got same behavior.

Thanks for all your help.



                             

Start Free Trial