Constant stream of UDP packets from same four addresses...

T

The Traveller

Guest
I need some help with the following...

My router has been blocking a steady stream of UDP packets from the

same four IP addresses. This has been going on for several days now.

Here is an extract from the router's log. This same sequence repeats

itself "ad infinitum" ;-)

[iNFO] Sun Apr 20 15:25:11 2008 Blocked incoming UDP packet from

207.118.109.219:50197 to 76.***.***.***:38043

[iNFO] Sun Apr 20 15:25:05 2008 Blocked incoming UDP packet from

75.167.206.47:29547 to 76.***.***.***:38043

[iNFO] Sun Apr 20 15:24:53 2008 Blocked incoming UDP packet from

71.54.69.146:14853 to 76.***.***.***:38043

[iNFO] Sun Apr 20 15:24:51 2008 Blocked incoming UDP packet from

189.47.157.200:60611 to 76.***.***.***:38043

Just in case, I rebooted the router and the computer... same results.

I also checked SANS to see if there was any new activity and none was

noted in relation to these ports.

Comments?

______________________

The Traveller

Carlsbad, California

 
C

Carey Frisch [MVP]

Guest
Consider installing a good antivirus program, such as Windows OneCare.

You can try it absolutely FREE for 90 days.

http://onecare.live.com/standard/en-us/default.htm

--

Carey Frisch

Microsoft MVP

Windows Desktop Experience -

Windows System & Performance

---------------------------------------------------------------

"The Traveller" wrote:

I need some help with the following...

My router has been blocking a steady stream of UDP packets from the

same four IP addresses. This has been going on for several days now.

Here is an extract from the router's log. This same sequence repeats

itself "ad infinitum" ;-)

[iNFO] Sun Apr 20 15:25:11 2008 Blocked incoming UDP packet from

207.118.109.219:50197 to 76.***.***.***:38043

[iNFO] Sun Apr 20 15:25:05 2008 Blocked incoming UDP packet from

75.167.206.47:29547 to 76.***.***.***:38043

[iNFO] Sun Apr 20 15:24:53 2008 Blocked incoming UDP packet from

71.54.69.146:14853 to 76.***.***.***:38043

[iNFO] Sun Apr 20 15:24:51 2008 Blocked incoming UDP packet from

189.47.157.200:60611 to 76.***.***.***:38043

Just in case, I rebooted the router and the computer... same results.

I also checked SANS to see if there was any new activity and none was

noted in relation to these ports.

Comments?

______________________

The Traveller

Carlsbad, California

 
T

The Traveller

Guest
On Sun, 20 Apr 2008 21:18:09 -0500, "Carey Frisch [MVP]"

<cnfrisch@nospamgamil.com> wrote:

<span style="color:blue">

>Consider installing a good antivirus program, such as Windows OneCare.

>You can try it absolutely FREE for 90 days.

>http://onecare.live.com/standard/en-us/default.htm</span>

Hmm... thanks, but I fail to see the relevance?

I am using AVG Security Suite 8.x on this computer, Norton 360 on my

wife's system, and the router has its own firewall. Remember that

those UDP packets are INBOUND and that they are being stopped by the

router. No unusual OUTBOUND traffic is being monitored (I even used

WIRESHARK to monitor all traffic).

______________________

The Traveller

Carlsbad, California

 
M

Mick Murphy

Guest
You "might" have something on your computer that is trying to download more

garbage to infect your computer.

Try scanning with Spybot S & D, and then leave Spywareblaster running in the

background.

http://www.safer-networking.org/en/index.html

For Spyware removal, use the above link to “Spybot Search & Destroy 1.5.2â€Â

Download it, install it, update it, immunize your system and scan your

System with it.

http://www.javacoolsoftware.com/

For a non-scanning, but running in the background, Program to STOP Spyware

being downloaded to your Computer, use SpywareBlaster 4, available at the

above link.

Mick Murphy - Qld - Australia

"The Traveller" wrote:

<span style="color:blue">

> On Sun, 20 Apr 2008 21:18:09 -0500, "Carey Frisch [MVP]"

> <cnfrisch@nospamgamil.com> wrote:

> <span style="color:green">

> >Consider installing a good antivirus program, such as Windows OneCare.

> >You can try it absolutely FREE for 90 days.

> >http://onecare.live.com/standard/en-us/default.htm</span>

>

> Hmm... thanks, but I fail to see the relevance?

>

> I am using AVG Security Suite 8.x on this computer, Norton 360 on my

> wife's system, and the router has its own firewall. Remember that

> those UDP packets are INBOUND and that they are being stopped by the

> router. No unusual OUTBOUND traffic is being monitored (I even used

> WIRESHARK to monitor all traffic).

>

> ______________________

>

> The Traveller

> Carlsbad, California

> </span>

 
T

The Traveller

Guest
On Mon, 21 Apr 2008 12:43:01 -0700, Mick Murphy

<MickMurphy@discussions.microsoft.com> wrote:

<span style="color:blue">

>You "might" have something on your computer that is trying to download more

>garbage to infect your computer.

>

>Try scanning with Spybot S & D, and then leave Spywareblaster running in the

>background.</span>

Nope... scanned using emergency CD to no avail. Used AVG's emergency

disk and Ad-Aware. WIRESHARK shows no outgoing activity. I will run

SPYBOT S&D and report back.

However, 3/5 UPD sources have stopped pinging me.

To my surprise, ISPs "do" respond to problems.

I traced each of the five offenders. Some were in Brazil and in Europe

while the others were in the USA. I then sent polite E-mail messages

to the security administrators for each ISP. The first to respond was

COMCAST (pre-canned message). However, it did not stop there.

COMCAST took action. I can see in my log when another IP from COMCAST

probed my system (TCP & UDP), then killed the offending IP address.

(i.e. multiple probes, then the offending IP disappeared).

Next was the ISP from Brazil. Very similar logs... they probe my

system then kill the IP. The same occurred for another one in Europe.

Now only two remain and one of the ISPs responded that the

administrator was out until Wednesday (sic)

There is hope ;-)

______________________

The Traveller

Carlsbad, California

 
You must log in or register to reply here.
Top Bottom