 |  |  | ||||
| | |
| |||||||
| Networking Networking problems? Problems with a router? Wondering whether wireless networking or hardwire is better for you? Chat here! Lan parties? Lan events? You talk about them, you schedule them here! CPL? Cyberglobe? Were you there!? Chat here! |
 |
| | LinkBack | Thread Tools | Display Modes |
07-05-2006, 07:51 PM
| #1 | ||||
| Junior Member Join Date: Jan 2005
Posts: 106
 |  DoS attack A couple days ago someone hit my connection with a Denial of Service attack because there was a flood of connections from a few different IP's and the router was going crazy. After two days of ****ing with the router trying to get it to release the current IP ( for a IP change ) which was almost hopeless ( rebooting the router did nothing at all to change the IP ) our IP finally changed. The problem now is that my firewall is picking up connections such as the following: Quote:
The other thing I noticed is my computer keeps trying to connect to the router along with other computers on the network. And also this: Quote:
I'd like to have some people post back as soon as possible. This is in the routers incoming log by the way: Quote:
This is what the log files looked like the other day when the router was going insane: Quote:
Last edited by PHASER8; 07-05-2006 at 07:54 PM. | ||||
|  |
|
07-05-2006, 08:44 PM
| #2 |
| More Than You! Join Date: Jul 2005 Location: Panama City
Posts: 4,823
  | i would blame a virus with the amount of port scanning its doing. Its going through every single port one at a time. Also is their another computer you could test out on the network instead of yours? If so you could definitely be 100% sure which computer it is if not both. If you dont have two computers try getting a knoppix disk and just booting your computer with it while connected to the router and see if it stops going insane. In either case you can narrow down that its your computer thats infected. Traceroute, Ping, Domain Name Server (DNS) Lookup, WHOIS, and DNS Records Lookup Whatever its trying to connect to doesn't like to exist apparently. |
|
| |
|
07-05-2006, 09:02 PM
| #3 |
| KuCoUyF  Join Date: Mar 2004 Location: OC
Posts: 6,920
| i usually get these when connecting to emule. just disconnecting and reseting the router works for me/ |
|
| |
|
07-05-2006, 10:43 PM
| #4 | |
| Junior Member Join Date: Jan 2005
Posts: 106
| My brother has a computer ( the only protection he has is AVG ) and my parents have their machine. The logs on zone alarm on their computer show that their machine is trying to connect to my brothers machine on port 137 ( which is the netBIOS port ) and my computer when connected to the internet keeps acting up with weird ****. I have a slax CD and I have PHLAK which I rarely use. I do not know how to log activty for internet connection on either, just like how on windows the command 'netstat' wont show me the IP's I just gave you. Here's some more weird stuff ( I am currently on my other machine on PHLAK since I dont trust my main machine on the net with this thing ).: 127.0.0.1:3969 tries to access 239.255.255.250:1900 My IP address keeps trying to hit 198.87.31.198:80 And it keeps showing up in my logs that the router itself is trying to access the .255 address on the network which does not exist using port 162. Our ISP is too busy with trying to get new customers onto their already overloaded systems and got extremely bitchy when we asked for them to get a tech out here to fix the problem ( we use vonage so our phones were out as well ). An idiot wont be out here tll friday and more than likely all he is going to say is that its our fault and they cannot do anything about it. I even doubt they will put the IP's plastered all over our logs file into their blacklist...and no we cannot switch, they are the only ones that serve cable in our area. Resetting router does not help, nor does resetting the modem. Believe it or not PeerGuardian is the only program that actually picks up all this activity, zone alarm rarel detects it. Should we reformat all the computers? Could the router itself be damaged and or have a virus on it? Also the incoming IP's on the logfile for the router are starting to scare me with all the attempts to access the netbios ports and the strange 100000 port. Should I try to have my ISP block all these IP's at their NOC? Quote:
| |
|
| |
|
07-05-2006, 10:49 PM
| #5 |
| More Than You! Join Date: Jul 2005 Location: Panama City
Posts: 4,823
| try updating the routers firmware. Also update your antivirus software and try getting the newest. Try booting windows in safemode and run the antivirus. Really weird whats happening. Too bad I cant bring my lappy over to give you a resolution =P oh well <3 for my lappy anyways. Its saved the day plenty of times since i have gotten it. |
|
| |
|
07-05-2006, 10:57 PM
| #6 |
| Junior Member Join Date: Jan 2005
Posts: 106
| Port 10k seems to be Vonage which would match up considering we do use Vonage for our phones. Is it normal for people to try and connect to netBIOS ports? Pretty sure the routers firmware is up to date but Norton AV on my parents and my machine are out of date. The defs were last updated back in Feb. |
|
| |
|
07-08-2006, 03:36 AM
| #7 |
| Junior Member Join Date: Jan 2005
Posts: 106
| Technician came out, he was pretty much clueless and when he called his manager to tell him about the issues we had they blamed it on 'touchy firewall'. A touchy firewall doesn't DoS the living crap out of my cable connection, completely take over my router ( with 100% packet loss when pinged by the way ) and cause the computers to behave strangely. Is there a network engineer on these boards that could at least point me in the right direction? Reformatting all of the machines that were connected at that time would be a nightmare because at the moment we have 200GB hard drives and not even close to enough DVD's to backup all the important data on them. I'd like to know why my software is picking up other people on the network for instance or how to fix 127.0.0.1 from constantly trying to connect to our router or something. Oh believe it or not, I can no longer access xoxideforums.com from in WinXP on my machine, I have to boot up Fedora or another linux OS just to post here. We have Norton Corporate edition which is up to date and new as of this year yet found no viruses. Adaware and spybot finds no 'threats' and nor does Zone Alarm. ( Zone Alarm by the way wont block the IP's I put on its blocklist, incoming or outgoing. ) We've tried different methods such as using other routers and unplugging the modem from the LAN entirely. Which slightly worked but the logs still popped up with info but not as fast. Should I keep the computers off the internet? The hard part comes from trying to find out if the computers do indeed have a virus as currently the logging software I use in WinXP ( Peer Guardian ) which seems to pick up ANYTHING that touches my eth card doesnt work right in Linux and netstat is pointless in both OS's as it doesnt show it all. Does anyone know of any software for Linux or commands that could list all attempted,dropped and connected connections? |
|
| |
|
07-08-2006, 12:18 PM
| #8 |
| More Than You! Join Date: Jul 2005 Location: Panama City
Posts: 4,823
| yeah im pretty sure you have a virus man.. firewalls block packets not spam them |
|
| |
|
07-08-2006, 12:49 PM
| #9 |
| AMD addict  Join Date: Jun 2006 Location: Powhatan VA
Posts: 293
| TRy running hijack this to see what stuff is running, i agree w/ tencent that it is likely a virus. Also try connecting one computer running Linux to the Modem directly and see what happens. Do the same w/ windows and see if you still get all the crap flying at you. |
|
| |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| project Hack Attack | rancidafi9959 | Worklog Section | 83 | 09-24-2005 12:10 AM |
| [H] under attack! lol | Andrew_K | The Lounge | 8 | 07-21-2005 12:52 AM |
| Terrorist's Hidden Mental Attack on US | KiGrind | The Lounge | 39 | 07-06-2005 12:17 PM |
| JESUS! HELP MY COMPUTER IS UNDER SPYWARE ATTACK?!!?!? | CRIMSONGHOST | General Hardware | 31 | 12-18-2004 11:24 AM |
| Dos | KikiyoMerc | The Lounge | 5 | 04-14-2004 07:40 AM |
All times are GMT -5. The time now is 03:44 AM.
