UDP Flood attack
I can access the internet for about 5 minutes, before I lose it and get "could not connect" type messages from my browser. After investigating further I noticed something interesting in the routers security log, A UDP flood.. I'll put the log below:
Code: 03/31/2010 17:29:33 **UDP Flood to Host** 192.168.2.2, 56853->> 158.43.240.4, 53 (from ATM1 Outbound)03/31/2010 17:29:32 **UDP Flood to Host** 192.168.2.2, 56853->> 194.72.0.98, 53 (from ATM1 Outbound)03/31/2010 17:29:31 **UDP Flood to Host** 192.168.2.2, 56853->> 8.8.8.8, 53 (from ATM1 Outbound)03/31/2010 17:29:22 **SYN Flood to Host** 192.168.2.2, 50549->> 72.21.81.133, 80 (from ATM1 Outbound)03/31/2010 17:29:05 192.168.2.2 login success03/31/2010 17:29:00 NTP Date/Time updated. 08/01/2003 00:00:16 If(ATM1) PPP connection ok !08/01/2003 00:00:15 ATM1 get IP:86.146.56.13608/01/2003 00:00:13 ATM1 start PPP 08/01/2003 00:00:13 ADSL Media Up ! 08/01/2003 00:00:01 sending ACK to 192.168.2.2There's also a SYN flood just before the others.
Anyone have a clue about why this might be happening? Am I at the receiving end of someone just having fun giving me a DDOS attack, or have I got a dodgy configuration somewhere. I've scanned my computer with AVG to no avail.
Oh, also, I can still access the internet wireless, even when the internet is unavailable on the wired computer
EDIT: here's a pingtest result. yes, that is 96% packet loss.
EDIT2: latest security log:
Code: 03/31/2010 19:11:51 **SYN Flood to Host** 192.168.2.2, 51439->> 72.21.81.133, 80 (from ATM1 Outbound)03/31/2010 19:10:02 **UDP Flood to Host** 192.168.2.2, 8080->> 213.229.66.233, 8080 (from ATM1 Outbound)03/31/2010 19:06:31 sending ACK to 192.168.2.403/31/2010 19:06:31 sending OFFER to 192.168.2.403/31/2010 18:51:32 sending ACK to 192.168.2.303/31/2010 18:48:36 **UDP Flood to Host** 192.168.2.2, 59068->> 158.43.240.4, 53 (from ATM1 Outbound)03/31/2010 18:48:35 **UDP Flood to Host** 192.168.2.2, 63235->> 194.72.0.98, 53 (from ATM1 Outbound)03/31/2010 18:48:34 **UDP Flood to Host** 192.168.2.2, 58891->> 8.8.8.8, 53 (from ATM1 Outbound)03/31/2010 18:01:53 sending ACK to 192.168.2.503/31/2010 17:54:14 192.168.2.2 login success 03/31/2010 17:54:10 sending ACK to 192.168.2.503/31/2010 17:53:32 **SYN Flood to Host** 192.168.2.2, 51078->> 72.21.81.133, 80 (from ATM1 Outbound)03/31/2010 17:53:29 sending ACK to 192.168.2.303/31/2010 17:52:54 NTP Date/Time updated. 08/01/2003 00:00:20 If(ATM1) PPP connection ok !08/01/2003 00:00:19 ATM1 get IP:86.128.35.104 08/01/2003 00:00:14 ATM1 start PPP 08/01/2003 00:00:14 ADSL Media Up ! 08/01/2003 00:00:03 sending ACK to 192.168.2.2
My Router is being UDP flood attacked?!?
... has been getting disconnected...I decided to check my router security log and found loads of UDP flood attacks on my router?? Firstly why is this happening? was it my fault? Secondly how do i stop this? :( Thanks in advance, Luke.
UDP Flood - The problem with my interenet?
... the log and noticed lots and lots of UDP Flood attack reports from many different IP addresses. Can someone tell me what this means and if it could be the reason my internet seems to be 5 times slower than usual? A Also, is there anything I can do? I have a D-Link router. Thanks!
UDP Flood? Is someone spamming our network?
... Wireless Router (G) Devices Connected to Network: WinVista Machine (Wired) ... Wii From looking at the logs, what do you guys think? 01/01/2010 19:14:37 **UDP Flood Stop** (from PPPoE1 Inbound) ... 46349 (from PPPoE1 Inbound) 01/01/2010 19:05:09 **UDP flood** 77.47.25.25, 63389->> 70.227.26. ...
SYN FLOOD ATTACKS - Please help
... any. One of our servers is currently under a syn flood dos attack. I installed network monitor to view the traffic and also checked netstat -a -n. I tried configuring my windows to protect against syn flood attacks link. This caused my system to hang so I blocked port 80 ...
best home router for syn flood attacks
What is the best home router to correctly protect against syn flood attacks...netgear fvs-318 seems to just block the spoofed IP, thereby blocking legitimate traffic from the server with the spoofed ip address.
UDP Flood
01/21/2006 08:29:53 **UDP flood** 221.234.xxx.xxx, 15668->> 192.168.2.100, ... Inbound) I have an SMC router with FW enabled. I also use XP SP2 firewall. My router has tons and tons of UDP Flood entries in the log. The router has a bunch of settings under: Connection Policy and DoS Detect Criteria. ...
Solved: SYN flood attack
Can someone explain what a "detected syn flood attack" means? lately I've noticed my broadband connection has slowed ... in the alerts it mentioned detected syn flood attack,is this a symptom of some malware on my computer or is the problem coming from my isp? I'm using a WAG54Gv.3 wireless modem on ...
Network under attack
... to my router's logs, my network is under attack. Here are some sample messages from the log: # ... :2801 ATTACK 35 2009-12-09 18:08:51 ports scan UDP (L to L/ZW) 0.0.0.0:68 255.255.255.255:67 ATTACK 36 2009-12-09 18:08:34 ports scan UDP (L to L/ZW) 0.0.0.0:68 255.255.255.255:67 ATTACK 37 ...
Help: Drop UDP packet from LAN
Hi guys, Please kindly help me understand if my network is under attack, or my computer is being scanned, or if there is a virus on my computer? I have only ... the router's log for the first time yesterday and I saw 60 pages of this: Drop UDP packet from LAN (src:192.168.0.1:2052, dst:239.255. ...
TCP SYN FLOOD? I need help.
... right forum for this question please advise. I have had a home network with a older Belkin router serving 2 ... .243.104:80 2007/05/23 12:14:49 ** TCP SYN Flooding ** 192.168.2.4:3358 ->> 199 ... but dont yet know how to stop or at least reduce this DOS flood attack ( or understand why it is me receiving it ...
How to get the most out of my network?
... a LAN Party every Quarter and it's seems the network gets flooded once people start file sharing. Sometimes the network crawls on certain peoples computers vs other who can still shareabout ... rest of the lan. My question to you is how do I maximize this network or make minor changes to improve ...
Is my system under attack?
... router log and this is what I see: Aug/10/2003 23:34:13 SYN Flood Attack Detect Packet Dropped Aug/10/2003 23:34:11 SYN Flood Attack Detect Packet Dropped ... Packet Dropped Ok, so what exactly is an SYN flood attack? I assume I've been targeted by someone. Does anyone have any idea what ...
Server 2003 Firewall logs insane?
... info path 2008-11-10 16:10:26 OPEN UDP 192.168.1.100 ... 45813 20657 - - - - - - - - - 2008-11-10 16:10:26 OPEN UDP 192.168.1.100 ... 24841 - - - - - - - - - 2008-11-10 16:10:27 OPEN UDP 192.168.1.100 ... often. Also, my router logs say that I have a "SYN Flood Attack Detect." I'm not sure if that makes ...
Computers loosing internet connection at differnt times
... , the internet would cut at different times for different computers on the same network. These disconnections happen about every 20mins nd last between 10seconds ... things in the log like: 11/29/2009 20:29:46 **UDP Flood Stop** (from ATM1 ... .168.1.105, 4778 (from ATM1 Inbound) 11/29/2009 21:12:56 **UDP ...
fail2ban is freaking awesome
So I've been having DoS flood attacks semi-regularly hit my DNS servers. They were built on Windows 2003, so there's no ... - 59.175.255.255 netname: CHINANET-HB descr: CHINANET Hubei province network descr: Data Communication Division descr: China Telecom country: CN ...
Question about Modem Security Log .
... guys , can anyone tell me what is this ? am i been attacked or hacked ? Quote: 09/12/2010 13:22:45 PPPoE receive ... PPPoE1 Outbound) 09/12/2010 11:07:36 **SYN Flood** 58.41.22.35, 3409->> 192.168 ... (from PPPoE1 Inbound) 09/12/2010 11:06:51 **UDP Flood to Host** 192. ...
Possible bugbear network attack, please advise
... specifically for bugbear. Nothing found. I talked to our all knowing network admin and he says there's no way in hell that the server ... it strips it from the email. I think that bugbear is coming across the network somewhere and attacking my machine. I still think it's coming from the netscape ...
Apps that monitor port connections and attempted connections
I am looking for an app that will tell the user when a port is being accessed. Incoming and Outgoing. I've been getting constant SYN Flood attacks. I'd like to just know what ports so I can block them at my modem level. Thanks
2 (web)Server's connected to two different ISPs at the same time for redundancy - ok spidey, bad idea!
... be over complicating this but I want to make sure I'm not "dreaming up" something that can't actually happen. We've been plauged by network connectivity troubles over the past year off and on with our current host due to other servers on the same network under DOS attacks. We fully intend to ...
packeting
tonight i was packeted for ~30 mins. it didn't really do much damage though considering i wasn't even dropped at my isp. but my question is this. what is the best way to deal with dos/packet flood attacks that are in progress?
URGENT! Virus attack!
... virus that is attacking DCOM RPC or other services, and in connection with this, a flood-attack from your IP address, is making the work of the entire network more difficult. According to the contract with our firm, we have the right to stop your service ...
Cumulative Patch for Internet Information Service: Oct 30
... using the security settings of the third-party site rather than the attacker's. In addition, the patch causes 5.0 and 5.1 to change how frequently the socket ... changes IIS to purge the list more frequently in order to make it more resilient to flooding attacks. The backlog monitoring feature is ...
Belkin G+ Mimo dropping internet connection xbox360
... working on my computer. This was also in my Firewall log: 01/18/2009 22:15:05 **UDP Flood Stop** (from WAN Outbound) ... 28458 (from WAN Inbound) 01/18/2009 22:15:00 **UDP flood** 82.50.71.26, 26381->> 72.177. ... 26735 (from WAN Outbound) 01/18/2009 22:13:50 **UDP flood** 95.42.29.55, 22192->> 72.177. ...