UDP Flood Help

Neablis · 06-28-2009, 11:52 PM

I moved into a new house recently that had Internet already set up. And right away i noticed something wierd, it didnt run slow, but every 15 min on the dime it would slow to a stop for about 2 min, then start up again. I was confused at first, but then i checked the routers securtiy logs and i see this,

Quote:

06/28/2009 14:45:39 **UDP Flood Stop** (from WAN Outbound)
06/28/2009 14:45:39 **UDP flood** 85.66.111.58, 21385->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:38 **UDP flood** 77.231.243.54, 48084->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:38 **UDP flood** 75.137.70.165, 22807->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:37 **UDP flood** 83.54.253.141, 21752->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:37 **UDP flood** 85.127.196.208, 21600->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:36 **UDP flood** 89.44.26.152, 7946->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:36 **UDP flood** 84.71.4.133, 13358->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:35 **UDP flood** 94.71.170.88, 13171->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:34 **UDP flood** 84.77.59.155, 7490->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:34 **UDP flood** 219.84.124.55, 21127->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:34 **UDP flood** 151.61.9.187, 17129->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:34 **UDP flood** 76.31.80.238, 20719->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:34 **UDP flood** 98.245.157.134, 56006->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:33 **UDP flood** 218.63.40.242, 22735->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:32 **UDP flood** 218.168.201.114, 20072->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:32 **UDP flood** 84.64.59.214, 24371->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:32 **UDP flood** 78.84.5.66, 12824->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:32 **UDP flood** 217.26.6.4, 30398->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:31 **UDP flood** 192.168.2.4, 55370->> 24.207.15.37, 63469 (from WAN Outbound)
06/28/2009 14:45:31 **UDP flood** 60.48.207.52, 7237->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:31 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
06/28/2009 14:45:31 **UDP flood** 24.83.111.120, 7903->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:31 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
06/28/2009 14:45:31 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:45:31 **UDP flood** 72.208.166.228, 60079->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:30 **UDP flood** 192.168.2.4, 55370->> 206.248.174.37, 52415 (from WAN Outbound)
06/28/2009 14:45:30 **UDP flood** 114.44.181.18, 21869->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:29 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
06/28/2009 14:45:29 **UDP flood** 203.212.198.246, 17298->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:29 **UDP flood** 90.31.113.12, 14451->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:28 **UDP flood** 118.168.191.104, 16283->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:27 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
06/28/2009 14:45:27 **UDP flood** 62.117.51.195, 44129->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:26 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
06/28/2009 14:45:21 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
06/28/2009 14:45:20 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:45:19 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
06/28/2009 14:45:18 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
06/28/2009 14:45:15 **UDP flood** 60.53.10.139, 16001->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:45:12 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
06/28/2009 14:45:12 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:45:06 **UDP flood** 192.168.2.4, 55560->> 188.132.54.235, 55600 (from WAN Outbound)
06/28/2009 14:45:06 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:45:05 **UDP flood** 192.168.2.4, 55370->> 81.234.247.46, 56669 (from WAN Outbound)
06/28/2009 14:45:04 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
06/28/2009 14:45:04 **UDP flood** 192.168.2.4, 55370->> 206.248.174.37, 52415 (from WAN Outbound)
06/28/2009 14:44:59 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
06/28/2009 14:44:59 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:44:49 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:44:47 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:44:45 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:44:43 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
06/28/2009 14:44:43 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:44:36 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
06/28/2009 14:44:35 **UDP flood** 75.166.243.44, 25523->> 192.168.2.4, 37611 (from WAN Inbound)
06/28/2009 14:44:29 **UDP flood** 192.168.2.4, 55370->> 206.248.174.37, 52415 (from WAN Outbound)
06/28/2009 14:44:27 **UDP flood** 192.168.2.4, 55560->> 188.132.54.235, 55600 (from WAN Outbound)
06/28/2009 14:44:25 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
06/28/2009 14:44:25 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
06/28/2009 14:44:24 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
06/28/2009 14:44:19 **UDP flood** 94.139.72.198, 14814->> 192.168.2.4, 37611 (from WAN Inbound)

It obviously looks like something malicious, because it happens consistently every 15 min. So what am i spose to do to stop something like this?

Respital · 06-29-2009, 02:23 AM

Hello, please download and post a log with HiJackThis and Malwarebytes', i have included the instructions below.

Click here to download HJTsetup.exe

Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

How to run a scan with Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware from Here , Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Bodaggit23 · 06-29-2009, 07:46 AM

Quote:

Originally Posted by Neablis

I moved into a new house recently that had Internet already set up.

Free internet eh? You mean you moved in with roomates that have internet?

Neablis · 06-29-2009, 01:27 PM

Quote:

Originally Posted by Bodaggit23

Free internet eh? You mean you moved in with roomates that have internet?

lol, yes we pay for the internet every month. We are not stealing wifi if that's what your insinuating. And about the hijack this log, My computer is clean, its not a local spyware on my machine. And about here machines i cant really go around and install it on theirs, but i kinda doubt its spyware unless someone is secretly a zombie computer.

Bodaggit23 · 06-29-2009, 02:23 PM

Quote:

Originally Posted by Neablis

lol, yes we pay for the internet every month. We are not stealing wifi if that's what your insinuating.

I had to ask, as it was worded.

Have you reset the modem or router to change the IP?

Neablis · 06-29-2009, 03:24 PM

[QUOTE=Bodaggit23;1273651]

Quote:

Originally Posted by Neablis

lol, yes we pay for the internet every month. We are not stealing wifi if that's what your insinuating./QUOTE]

I had to ask, as it was worded.

Have you reset the modem or router to change the IP?

Actually no i havnt, do you think changing the IP will be enough? Ill try that tonight and hopefully it will work.

Bodaggit23 · 06-29-2009, 05:27 PM

Quote:

Originally Posted by Neablis

Actually no i havnt, do you think changing the IP will be enough? Ill try that tonight and hopefully it will work.

It's worth a shot.

06-29-2009, 02:23 AM	#2 (permalink)
Respital Diamond Member Join Date: Aug 2007 Location: Canada Age: 15 Posts: 2,632	Hello, please download and post a log with HiJackThis and Malwarebytes', i have included the instructions below. Click here to download HJTsetup.exe Save HJTsetup.exe to your desktop. Double click on the HJTsetup.exe icon on your desktop. By default it will install to C:\Program Files\Hijack This. Continue to click Next in the setup dialogue boxes until you get to the Select Additional Tasks dialogue. Put a check by Create a desktop icon then click Next again. Continue to follow the rest of the prompts from there. At the final dialogue box click Finish and it will launch Hijack This. Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log. Click Save to save the log file and then the log will open in notepad. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Come back here to this thread and Paste the log in your next reply. DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required. How to run a scan with Malwarebytes' Anti-Malware Download Malwarebytes' Anti-Malware from Here , Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Full Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. __________________ Winner of Photo Tourney: Twilight /My Rig:/ /Case :/ Antec Sonata III /Power Supply :/ Antec Earthquake 500W /Motherboard :/ Gigabyte P35-DSR3 /Processor :/ Intel E6850@3.4Ghz /Ram :/ Consair 2x 1 Gb 800mhz /Video Card :/ Zotac 8800 GT /Monitor:/Samsung T220 w 20 000 : 1 Contrast and 2ms response time /3DMark06 Score :/ 11730

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Don't know what is wrong, everything is slow	roboram12	Computer Security	6	12-22-2008 11:35 PM
my laptop is slower than usual, pls help	DarkSlayR15	Laptop and Smartphones	3	09-06-2008 04:52 AM
hijackthis	duckinahat	Video Cards and Monitors	6	07-11-2008 07:00 AM
Still having issued (combofix incl)	G25r8cer	Computer Security	17	05-26-2008 10:39 PM
How to get rid of Vundo Infection?	G25r8cer	Computer Security	26	05-24-2008 04:01 PM