I have been getting multiple DoS attacks over the last month and these are real DoS attacks, not a fluke or anything. I have been playing an online game and every now and then some clown will directly call out that he is going to DDoS attack us and right after my ping shoots to near 1000 and my internet connection cuts out. I saw these in the event logs at those times:
Firewall: DoS Attack - ICMP Flooding IN=erouter0 OUT= MAC=REDACTED src=126.96.36.199 DST=REDACTED LEN=96 TOS=00 PREC=0x20 TTL=55 ID=11241 PROTO=ICMP TYPE=3 CODE=1
Firewall: DoS Attack - TCP SYN Flooding IN=erouter0 OUT= MAC=REDACTED src=188.8.131.52 DST=REDACTED LEN=52 TOS=00 PREC=0x20 TTL=107 ID=3562 DF PROTO=TCP SPT=61320 DPT=42218 SEQ=4294
Firewall: DoS Attack - TCP SYN Flooding IN=erouter0 OUT= MAC=REDACTED src=184.108.40.206 DST=REDACTED LEN=40 TOS=00 PREC=0x20 TTL=239 ID=123 PROTO=TCP SPT=65530 DPT=3328 SEQ=100 ACK=0 WIND
It has happened at least 5 or 6 times in the last month and provides for a bad experience. I changed my firewall settings to Custom and made sure "Block ICMP" is checked however it seemed there were other types of DoS attacks besides ICMP flooding so I'm not sure how much it would help. Is there something I can do about this?
You could try changing your WAN / public IP address. If you are using a router that has a MAC address cloning feature, you can clone a different MAC address in to it. This will force a change of your Comcast assigned WAN / public IP address.