MikroTik

I am using a 533 router, lately I have been disconnected from my pppoe connection quite often. The log is full of statements I do not understand, can someone please interpret this for me. This appears hudreds of times in the logs. The first IP, and the len changes.

firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [SYN],217.172.179.248:29151>74.180.3.164:21, len 60

firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [SYN,ACK],217.172.179.248:29151>74.180.3.164:21, len 60

firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [ACK,FIN],217.172.179.248:29151>74.180.3.164:21, len 60

firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [RST],217.172.179.248:29151>74.180.3.164:21, len 60

Lets try to translate:

firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [SYN],217.172.179.248:29151>74.180.3.164:21, len 60
firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP SYN,ACK],217.172.179.248:29151>74.180.3.164:21, len 60
firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [ACK,FIN],217.172.179.248:29151>74.180.3.164:21, len 60
firewall info DROP INPUT input:in:pppoe-user-phil out:none, proto TCP [RST],217.172.179.248:29151>74.180.3.164:21, len 60

Connection to your box (INPUT), via pppoe-user-phil interface, using TCP protocol, from IP 217.172.179.248, to IP 74.180.3.164 (your IP I think), to FTP service (21), has BLOCKED


It appears to be SYN Flood DoS, scan or someone trying to connect to your router FTP service (without success)