Strange home router logs.. why is the GH IP address showing up like this?

[Psybin]

So I was playing around with some settings in my router yesterday and started looking through the logs. I'm by no means a networking pro, but I'm not completely inept, so school me. What does this mean?

I would assume a real DOS attack would be a absolute flood of packets, not just a couple. But is strange that the originating IP address is the address for Geekhack.

Side note I don't work Mondays, and when I'm home and doing homework or what not I just keep a tab open to GH on the topic spy. That's why its two Mondays in a row.

[DoS attack: ACK Scan] attack packets in last 20 sec from ip [67.214.104.143], Monday, Jun 09,2014 15:56:05
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:54:19
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:53:06
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:51:53
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:50:40
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:49:27
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:48:13
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:47:00
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:45:47
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:44:34
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:43:21
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 09,2014 11:42:08
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:11:35
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:10:22
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:09:09
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:07:56
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:06:43
[DoS attack: ACK Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:05:30
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:04:16
[DoS attack: RST Scan] attack packets in last 20 sec from ip [65.111.241.205], Monday, Jun 02,2014 14:03:03

[digi]

Most likely a false positive on your firewall/soho router log, probably because geekhack.org validates your source IP address.

[bueller]

From what I can tell those two IP's are from different ISP's, take a quick look at the WHOIS records.

[Psybin]

Ah ok. I figured it was a false positive, was just curious what it was. I don't think I get on many other sites that validate the IP; well not as much as I lurk on GH. I wonder if the gear at work flags anything.

Yea the one IP that's different isn't the geekhack IP, that's something else /shrug

[paicrai]

2spooks m8

[tp4tissue]

pretty sure this was designed to filter out  Ripster... 

excessive IMHO..  he's still here regardless....  we just don't know which current user he's cloaked under...

[Psybin]

link me the cliffnotes about the ripster deal. I've gleaned some of the story from various posts but not much.

[mkawa]

false positive, probably due to the proxy configuration that we use here.