What to do about ddos attack, amongst other things.

[reboot]

I've been under a ddos attack since noon yesterday.
It's amost 8 am now, still happening.
I have my router set to block it, but it's still using a TON of bandwidth.
I've been on the phone for over 2 hours with my isp, they had me jump through hoops on my computer, until I finally got it through their thick heads, that I can turn my computer OFF, and my router is still having to block it, so it's NOT a trojan on my system.
Been through spybot, adaware, swatit, NOD32, so I know it's not my system.
ISP says they can't do anything unless I can produce a log of the attack.
There's 2 problems with that. My router doesn't have a logging function, and if I take the router out of line, my computer is open to whatever attack this is.

Anyhow, does anyone have any real simple logging software? Even if I take the router out, and run for just long enough to maybe get an IP from the attacker out of the log?
I've found a few programs on the internet, but the ones that write a log all seem designed around network genius geek types, which leaves me out. The other sort are all demoware or something, and only allow logging of 1 port, or will only write a log if you buy the thing.
My other option is to try and figure out how to get my SMC Barricade 7004VBR to actually produce a log. It's not in the options, and it's "we can email you if we detect an attack" doesn't work anyhow.

Need suggestions soon. This has got to stop.
TIA

[demandred55]

Zone Alarm keeps a log of every attempt to connect from outside.

[reboot]

ZA simply logs the IP as coming from my router, thus it's in the 192.168.xxx.xxx range. No good. Tried that already.

[Statica]

Hey 'boot sorry I dont quite have a windows based solution for you (if you had the patience to put in a UNIX I could help you), but have you checked the updates to the firmware of your router? I noticed the version history mentioning fixing email reports issues fixed. Also while going through the manual I do see the status page having logs, I don't know if it works or not.
Have you tried getting your IP address changed from your ISP?

[catfishjoe_1]

you could take the router out of the equation. ZA will work then.
cat

[rambler]

The Barricade manual says access to logs is via the Status screen on the Manager screen..

[reboot]

Finally got the router updated, got the logs. It was a firmware issue, thanks guys.
Next problem, getting the ISP's of the offending IP's to actually respond to an abuse email. It's been 5 days, still no response.
I have changed IP's twice in that time, so at least I can surf for a day or so, then I have to phone and have them remove my old IP from their system completely, change MY IP via the router, and then get Windows to actually connect.
Stupid router takes an hour to get the connection sorted when it's IP changes.
Now I'm getting nice logs
The trouble is getting anyone's attention, especially from IP owners/ISP's that are NOT under ARIN's purvey, but are from mainland China, and wouldn't know what to do with an English complaint if they saw it. And they're just a bunch of old NT4 servers with no firewall, being used as a bounce point, from other IP's in the US. Makes it difficult to track.