UDP Flood attack

I've recently switched from a BT homehub (which broke [stopped giving out more that 1 bar of signal]) back to our old Belkin router (model #F5D7632-4)

I can access the internet for about 5 minutes, before I lose it and get "could not connect" type messages from my browser. After investigating further I noticed something interesting in the routers security log, A UDP flood.. I'll put the log below:

Code: 03/31/2010 17:29:33 **UDP Flood to Host** 192.168.2.2, 56853->> 158.43.240.4, 53 (from ATM1 Outbound)03/31/2010 17:29:32 **UDP Flood to Host** 192.168.2.2, 56853->> 194.72.0.98, 53 (from ATM1 Outbound)03/31/2010 17:29:31 **UDP Flood to Host** 192.168.2.2, 56853->> 8.8.8.8, 53 (from ATM1 Outbound)03/31/2010 17:29:22 **SYN Flood to Host** 192.168.2.2, 50549->> 72.21.81.133, 80 (from ATM1 Outbound)03/31/2010 17:29:05 192.168.2.2 login success03/31/2010 17:29:00 NTP Date/Time updated. 08/01/2003 00:00:16 If(ATM1) PPP connection ok !08/01/2003 00:00:15 ATM1 get IP:86.146.56.13608/01/2003 00:00:13 ATM1 start PPP 08/01/2003 00:00:13 ADSL Media Up ! 08/01/2003 00:00:01 sending ACK to 192.168.2.2There's also a SYN flood just before the others.

Anyone have a clue about why this might be happening? Am I at the receiving end of someone just having fun giving me a DDOS attack, or have I got a dodgy configuration somewhere. I've scanned my computer with AVG to no avail.

Oh, also, I can still access the internet wireless, even when the internet is unavailable on the wired computer

EDIT: here's a pingtest result. yes, that is 96% packet loss.

EDIT2: latest security log:
Code: 03/31/2010 19:11:51 **SYN Flood to Host** 192.168.2.2, 51439->> 72.21.81.133, 80 (from ATM1 Outbound)03/31/2010 19:10:02 **UDP Flood to Host** 192.168.2.2, 8080->> 213.229.66.233, 8080 (from ATM1 Outbound)03/31/2010 19:06:31 sending ACK to 192.168.2.403/31/2010 19:06:31 sending OFFER to 192.168.2.403/31/2010 18:51:32 sending ACK to 192.168.2.303/31/2010 18:48:36 **UDP Flood to Host** 192.168.2.2, 59068->> 158.43.240.4, 53 (from ATM1 Outbound)03/31/2010 18:48:35 **UDP Flood to Host** 192.168.2.2, 63235->> 194.72.0.98, 53 (from ATM1 Outbound)03/31/2010 18:48:34 **UDP Flood to Host** 192.168.2.2, 58891->> 8.8.8.8, 53 (from ATM1 Outbound)03/31/2010 18:01:53 sending ACK to 192.168.2.503/31/2010 17:54:14 192.168.2.2 login success 03/31/2010 17:54:10 sending ACK to 192.168.2.503/31/2010 17:53:32 **SYN Flood to Host** 192.168.2.2, 51078->> 72.21.81.133, 80 (from ATM1 Outbound)03/31/2010 17:53:29 sending ACK to 192.168.2.303/31/2010 17:52:54 NTP Date/Time updated. 08/01/2003 00:00:20 If(ATM1) PPP connection ok !08/01/2003 00:00:19 ATM1 get IP:86.128.35.104 08/01/2003 00:00:14 ATM1 start PPP 08/01/2003 00:00:14 ADSL Media Up ! 08/01/2003 00:00:03 sending ACK to 192.168.2.2
View complete forum thread


Related threads

My Router is being UDP flood attacked?!?

... has been getting disconnected...I decided to check my router security log and found loads of UDP flood attacks on my router?? Firstly why is this happening? was it my fault? Secondly how do i stop this? :( Thanks in advance, Luke.

UDP Flood - The problem with my interenet?

... the log and noticed lots and lots of UDP Flood attack reports from many different IP addresses. Can someone tell me what this means and if it could be the reason my internet seems to be 5 times slower than usual? A Also, is there anything I can do? I have a D-Link router. Thanks!

UDP Flood? Is someone spamming our network?

... Wireless Router (G) Devices Connected to Network: WinVista Machine (Wired) ... Wii From looking at the logs, what do you guys think? 01/01/2010 19:14:37 **UDP Flood Stop** (from PPPoE1 Inbound) ... 46349 (from PPPoE1 Inbound) 01/01/2010 19:05:09 **UDP flood** 77.47.25.25, 63389->> 70.227.26. ...

SYN FLOOD ATTACKS - Please help

... any. One of our servers is currently under a syn flood dos attack. I installed network monitor to view the traffic and also checked netstat -a -n. I tried configuring my windows to protect against syn flood attacks link. This caused my system to hang so I blocked port 80 ...

best home router for syn flood attacks

What is the best home router to correctly protect against syn flood attacks...netgear fvs-318 seems to just block the spoofed IP, thereby blocking legitimate traffic from the server with the spoofed ip address.

UDP Flood

01/21/2006 08:29:53 **UDP flood** 221.234.xxx.xxx, 15668->> 192.168.2.100, ... Inbound) I have an SMC router with FW enabled. I also use XP SP2 firewall. My router has tons and tons of UDP Flood entries in the log. The router has a bunch of settings under: Connection Policy and DoS Detect Criteria. ...

UDP Attack on Gaming Server

... couple of weeks they have initiated a UDP flood attack using a command on the game's mechanics to retrieve basic player information ... command to retrieve the info and that does stop the attack. On the downside though, it is causing us not to get the numbers we would get on the server because ...

Solved: SYN flood attack

Can someone explain what a "detected syn flood attack" means? lately I've noticed my broadband connection has slowed ... in the alerts it mentioned detected syn flood attack,is this a symptom of some malware on my computer or is the problem coming from my isp? I'm using a WAG54Gv.3 wireless modem on ...

why do i keep getting UDP floods when i try to download a torrent?

... internet fine again. any idea whats going on? 06/13/2011 23:21:17 **UDP Flood Stop** (from PPPoE1 Outbound ... 87.232.1.40, 53 (from PPPoE1 Outbound) 06/13/2011 23:21:16 **UDP flood** 92.96.136.20, 52018->> ... 87.232.1.40, 53 (from PPPoE1 Outbound) 06/13/2011 23:21:14 **UDP flood** 70.74.87.177, 36290->> ...

ICMP flood attack not32?

'm getting , many ICMP Flood attacks ... and i dont know what to do. Please tell me, what is wrong with my computer?? http://imageshack.us/photo/my-images/402/cask.png/ The image is over there

My antivirus detecting "ICMP Flooding attack" HELP!?

... nod 32 keeps popping up a messege that it is detecting an "ICMP flooding attack" And it shows an I.P address directly below it, the IP ... , now what is free) but my computer used to hold over 600 GB. Could this be related to the flooding attack? Dont know how all this happened, I take care of my PC ...

ICMP Flooding Attack

40 minutes ago I turned my Computer on. and ESET Smart Security notified me "Detected ICMP Flooding Attack Remote IP Address: (Don't think its necessary to post it) " . So I freaked out did and Quick Scan with Malwarebytes and Full Scan with ESET Smart ...

DNS cache poisoning/ICMP flooding attacks

... since I've installed Eset Nod32 whenever the "downtime" happens I've been getting: "Detected DNS cache poisoning attack" "Detected ICMP flooding attack" I was on an IRC chat and someone told me that my computer is being hacked and ...

Network under attack

... to my router's logs, my network is under attack. Here are some sample messages from the log: # ... :2801 ATTACK 35 2009-12-09 18:08:51 ports scan UDP (L to L/ZW) 0.0.0.0:68 255.255.255.255:67 ATTACK 36 2009-12-09 18:08:34 ports scan UDP (L to L/ZW) 0.0.0.0:68 255.255.255.255:67 ATTACK 37 ...

Help: Drop UDP packet from LAN

Hi guys, Please kindly help me understand if my network is under attack, or my computer is being scanned, or if there is a virus on my computer? I have only ... the router's log for the first time yesterday and I saw 60 pages of this: Drop UDP packet from LAN (src:192.168.0.1:2052, dst:239.255. ...

TCP SYN FLOOD? I need help.

... right forum for this question please advise. I have had a home network with a older Belkin router serving 2 ... .243.104:80 2007/05/23 12:14:49 ** TCP SYN Flooding ** 192.168.2.4:3358 ->> 199 ... but dont yet know how to stop or at least reduce this DOS flood attack ( or understand why it is me receiving it ...

Can't figure it out

... of them belong to Google. I've also got a lot of DMCA notices for things I haven't even downloaded. I think my network/IP is being used to attack Google and do illegal activities. Anyways, ... .145, 56621 (from WAN Outbound) 03/21/2011 15:38:17 **UDP Flood to Host** 75.15.233.51, 3074->> ...

Windows 2k3 UDP flood, help please

... standard ed sp1 and since few days ago someone is flooding us through udp ports. I have followed these guides ... .serverintellect.com/suppo...c-blockip.aspx but the upd flood still goes on. I'm using outpostfirewall to see the packets ... . svchost.exe is shown as flooded through UDP 123 port ...

UDP DoS to internal systems, what actions to be taken ?

... connected through VPN and trying to attack the other internal systems on our network. Category: UDP DOS Logs show them as : UDP BOMB The suggestion I gave to my internal ... service has happened with this host like whether it has, -Unusually slow network performance. -Inability to access ...

How to get the most out of my network?

... a LAN Party every Quarter and it's seems the network gets flooded once people start file sharing. Sometimes the network crawls on certain peoples computers vs other who can still shareabout ... rest of the lan. My question to you is how do I maximize this network or make minor changes to improve ...

Is my system under attack?

... router log and this is what I see: Aug/10/2003 23:34:13 SYN Flood Attack Detect Packet Dropped Aug/10/2003 23:34:11 SYN Flood Attack Detect Packet Dropped ... Packet Dropped Ok, so what exactly is an SYN flood attack? I assume I've been targeted by someone. Does anyone have any idea what ...

Server 2003 Firewall logs insane?

... info path 2008-11-10 16:10:26 OPEN UDP 192.168.1.100 ... 45813 20657 - - - - - - - - - 2008-11-10 16:10:26 OPEN UDP 192.168.1.100 ... 24841 - - - - - - - - - 2008-11-10 16:10:27 OPEN UDP 192.168.1.100 ... often. Also, my router logs say that I have a "SYN Flood Attack Detect." I'm not sure if that makes ...

Computers loosing internet connection at differnt times

... , the internet would cut at different times for different computers on the same network. These disconnections happen about every 20mins nd last between 10seconds ... things in the log like: 11/29/2009 20:29:46 **UDP Flood Stop** (from ATM1 ... .168.1.105, 4778 (from ATM1 Inbound) 11/29/2009 21:12:56 **UDP ...

fail2ban is freaking awesome

So I've been having DoS flood attacks semi-regularly hit my DNS servers. They were built on Windows 2003, so there's no ... - 59.175.255.255 netname: CHINANET-HB descr: CHINANET Hubei province network descr: Data Communication Division descr: China Telecom country: CN ...