Help
Hi - posting this on behalf of my boyfriend who can't get on the internet except for Skype and occasionally facebook 80% of the time. Skype always works, most webpages don't and this has been happening for a while now. I'm acting as the messenger here so i'm sorry for anything I don't know. ;P
He checked his firewall log and found:
Firewall Log
10/13/2011 19:46:52 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 25278 (from ATM1 Outbound)
10/13/2011 19:27:20 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 12812 (from ATM1 Outbound)
10/13/2011 19:10:24 **UDP Flood to Host** 194.80.33.153, 55310->> 192.168.2.4, 32732 (from ATM1 Inbound)
10/13/2011 18:58:02 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 50068 (from ATM1 Outbound)
10/13/2011 18:43:44 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 33110 (from ATM1 Outbound)
10/13/2011 18:37:02 **UDP Flood Stop** (from ATM1 Inbound)
10/13/2011 18:37:00 **UDP flood** 217.170.124.108, 13102->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:58 **UDP flood** 192.168.2.4, 32732->> 99.48.254.105, 21523 (from ATM1 Outbound)
10/13/2011 18:36:58 **UDP flood** 192.168.2.4, 32732->> 77.22.248.87, 53108 (from ATM1 Outbound)
10/13/2011 18:36:57 **UDP flood** 62.213.32.186, 10106->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:53 **UDP flood** 86.31.175.208, 13283->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:51 **UDP flood** 79.120.49.50, 41937->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:51 **UDP flood** 113.232.193.181, 16001->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:50 **UDP flood** 194.168.8.100, 53->> 192.168.2.4, 32732 (from ATM1 Inbound)
10/13/2011 18:36:50 **UDP flood** 194.168.4.100, 53->> 192.168.2.4, 32732 (from ATM1 Inbound)
10/13/2011 18:36:50 **UDP flood** 82.26.220.146, 32768->> 194.168.8.100, 53 (from ATM1 Outbound)
10/13/2011 18:36:50 **UDP flood** 82.26.220.146, 32768->> 194.168.4.100, 53 (from ATM1 Outbound)
10/13/2011 18:36:46 **UDP flood** 65.95.27.65, 60636->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:46 **UDP flood** 95.84.139.95, 15701->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:46 **UDP flood** 178.95.253.88, 21114->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:46 **UDP flood** 117.204.89.94, 14577->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:42 **UDP flood** 68.195.130.189, 44074->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:41 **UDP flood** 192.168.2.4, 61066->> 82.66.150.167, 51413 (from ATM1 Outbound)
10/13/2011 18:36:41 **UDP flood** 194.168.8.100, 53->> 192.168.2.4, 32732 (from ATM1 Inbound)
10/13/2011 18:36:41 **UDP flood** 194.168.4.100, 53->> 192.168.2.4, 32732 (from ATM1 Inbound)
10/13/2011 18:36:41 **UDP flood** 82.26.220.146, 32768->> 194.168.8.100, 53 (from ATM1 Outbound)
10/13/2011 18:36:41 **UDP flood** 82.26.220.146, 32768->> 194.168.4.100, 53 (from ATM1 Outbound)
10/13/2011 18:36:41 **UDP flood** 192.168.2.4, 61066->> 142.163.156.94, 31061 (from ATM1 Outbound)
10/13/2011 18:36:41 **UDP flood** 192.168.2.4, 61066->> 95.58.113.209, 60604 (from ATM1 Outbound)
10/13/2011 18:36:40 **UDP flood** 189.55.48.166, 30711->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:39 **UDP flood** 83.149.17.50, 54966->> 192.168.2.4, 61066 (from ATM1 Inbound)
10/13/2011 18:36:39 **UDP flood** 192.168.2.4, 61066->> 117.254.87.203, 38152 (from ATM1 Outbound)
10/13/2011 18:23:32 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 24320 (from ATM1 Outbound)
10/13/2011 18:10:59 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 6418 (from ATM1 Outbound)
10/13/2011 17:58:25 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 63758 (from ATM1 Outbound)
10/13/2011 17:45:56 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 47309 (from ATM1 Outbound)
10/13/2011 17:33:35 **UDP Flood to Host** 194.80.33.153, 39237->> 192.168.2.4, 32732 (from ATM1 Inbound)
10/13/2011 17:20:47 **UDP Flood to Host** 192.168.2.4, 32732->> 194.80.33.153, 30768 (from ATM1 Outbound)
10/13/2011 17:07:57 **UDP Flood to Host** 194.80.33.153, 14978->> 192.168.2.4, 32732 (from ATM1 Inbound)
and after research we concluded this was a UDP flood attack..
He runs a Mac and Macbook, both with os 10.7 and his parents run from the same router with Windows, his parents can only get on the internet when both his macbook and mac are off, otherwise they have the same problems.
Happy to resolve this in any way, all suggestions welcome, thanks in advance!
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Page 1 of 1
UDP floods
Back to top
#2
- OBleepin Investigator
-
- Group: Moderator
- Posts: 29,827
- Joined: 14-July 06
- Gender:Not Telling
- Location:Bloomington, IN
Posted 13 October 2011 - 09:45 PM
Hello,
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Orange Blossom
Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.
Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.
If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.
If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
Orange Blossom
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.
Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
Orange Blossom
An ounce of prevention is worth a pound of cure
SuperAntiSpyware, SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript
#3
- Forum Addict
-
- Group: Malware Response Team
- Posts: 1,366
- Joined: 06-November 08
- Gender:Male
- Location:@localhost
Posted 16 October 2011 - 10:28 AM
Hi chewybacon,
This site wont help you much, its all Windows platform here.
Quote
He runs a Mac and Macbook, both with os 10.7
This site wont help you much, its all Windows platform here.
Is It Real or ScareWare?
How Can I Reduce My Risk.
How Can I Reduce My Risk.
#4
- Bleep Bleep!
-
- Group: Admin
- Posts: 36,603
- Joined: 24-January 04
- Gender:Male
- Location:USA
Posted 17 October 2011 - 08:46 AM
shelf life, on 16 October 2011 - 10:28 AM, said:
This site wont help you much, its all Windows platform here.
I disagree with that statement. There are plenty of people who can help with mac problems.
Regardless, what firewall are you using?
Lawrence Abrams
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
Circle BleepingComputer on Google+!
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
How to detect vulnerable programs using Secunia Personal Software Inspector <- Everyone should do this!
#5
- Forum Addict
-
- Group: Malware Response Team
- Posts: 1,366
- Joined: 06-November 08
- Gender:Male
- Location:@localhost
Posted 17 October 2011 - 06:24 PM
Quote
There are plenty of people who can help with mac problems.]
On second thought there probably are MAC users here.
Do you have any p2p clients running or on line gaming going on?
Is It Real or ScareWare?
How Can I Reduce My Risk.
How Can I Reduce My Risk.
Share this topic:
Page 1 of 1