ADSL Tech Question - Tech Support

ADSL Tech Question: Posted by Sean Browne \(Cardiff IT Support Ltd\) on June 8th, 2005; Guys,

I am getting the following in the logs of my Belkin 7630 ADSL modem /
router.

I help working out what could be causing it would be welcomed.

06.06.2005 17:37:43 **SYN Flood to Host** 192.168.1.241, 3708->>
195.8.181.180, 80 (from ATM1 Outbound)
06.06.2005 17:35:20 **SYN Flood to Host** 192.168.1.241, 3659->>
143.166.224.238, 80 (from ATM1 Outbound)
06.06.2005 16:37:12 **UDP Flood to Host** 192.168.1.40, 1811->>
86.126.28.229, 5736 (from ATM1 Outbound)
06.06.2005 16:25:43 **UDP Flood to Host** 192.168.1.40, 1811->>
81.231.90.64, 30556 (from ATM1 Outbound)
06.06.2005 15:57:11 **UDP Flood to Host** 192.168.1.40, 1811->> 81.99.55.26,
1961 (from ATM1 Outbound)
06.06.2005 15:54:05 **UDP Flood to Host** 192.168.1.40, 1811->>
84.13.210.56, 1412 (from ATM1 Outbound)
06.06.2005 15:38:48 **UDP Flood to Host** 192.168.1.40, 1811->>
84.13.210.56, 1412 (from ATM1 Outbound)

Many thanks,

SB; Posted by Phil Thompson on June 8th, 2005; On Wed, 08 Jun 2005 17:54:07 GMT, "Sean Browne \(Cardiff IT Support
Ltd\)" <sb@DELETETHIScardiffitsupport.com> wrote:

you appear to have two PCs with viruses trying to flood outside web
servers with packets in some sort of DOS attack

AIUI the format of the above is

date, time, type of event, source ip, source port,->> destination IP,
destination port, physical connection attack was detected on
(broadband ATM link in this case)

Phil

--
Tiscali - dialup speeds at Broadband prices, see
http://bbs.adslguide.org.uk/postlist...&Board=tiscali

AOL - the unlimited ISP of choice for heavy downloaders.; Posted by cw on June 8th, 2005; Phil Thompson <phil.thompson@spamcop.net> wrote in
news:epjea1tdp2sohr7d6bbr6qb61bicovbreg@4ax.com:

The 1.40 is Kazaa not a virus, the giveaway is port 1412, the others will
be people who have reconfigured the port that Kazaa runs on. Kazza is bad
anyway - incase you missed it there was an article on how the servers
keep logs of every search and download request.
If you check the install of Kazaa on the computer at 1.40, you will find
it configured to use port 1811.

The 1.241 doesn't appear to be a virus either - it appears to be an over
sensitive firewall. I bet someone was browsing the Aria website on a page
with a Dell advert (or followed a link to a Dell page) as those are the
two companies that the IPs resolve to.

So basically your firewall's IDS rules look a bit pants because they are
over-reacting. Kazaa and other peer2peer apps are knowing for opening
lots of connections at once, chances are the other two are due to pages
with a large number of images. Your computer sends out loads of requests
for images and it flags that.

--
Colin
*Drop DEAD from the email address to reply*; Posted by Sean Browne \(Cardiff IT Support Ltd\) on June 9th, 2005; Thanks Guys,

One of the PC's is running DC++ and the other .241 IP is - I think an
additional wireless access point. I will check later when i get to the
office.

An up to date AVG tells me there are no known viruses on my PC's.

Thanks again,
SB

Similar Posts

High Capacity DVD tech Question (Computer Hardware) by WJW
XP Tech question for MVP please (Help and Support) by Silvabod
Blantantly OT--Tech question (Computers & Technology) by Ryan Lankford, Libertarian Warrior
Another HH -> ADSL Question (Internet & Broadband) by Free@freebies4me.fsnet.co.uk
ADSL question (Computers & Technology) by justme