Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer constantly sending out tcp packets to my wireless router


  • Please log in to reply
1 reply to this topic

#1 guttyguppy

guttyguppy

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 27 January 2009 - 02:39 PM

Hi,
My router logs show my ip sending tcp packets to random ip addresses every second. It's bringing my entire home network down. The router blocks the packets. It's a dlink-here's an example:

Priority Time Message
[INFO] Tue Jan 27 14:35:39 2009 Blocked TCP packet from 192.168.0.197:1860 to 216.163.188.58:25 as control None in not valid
[INFO] Tue Jan 27 14:35:38 2009 Blocked TCP packet from 192.168.0.197:2757 to 64.18.4.13:25 as control None in not valid
[INFO] Tue Jan 27 14:35:38 2009 Blocked TCP packet from 192.168.0.197:4810 to 192.117.142.202:25 as control None in not valid
[INFO] Tue Jan 27 14:35:38 2009 Blocked TCP packet from 192.168.0.197:3304 to 61.144.209.199:25 as control None in not valid

Can anyone tell me how to fix this, or why it's happening? Thanks,
GG

Edited by guttyguppy, 27 January 2009 - 02:40 PM.


BC AdBot (Login to Remove)

 


#2 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,568 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:12:23 PM

Posted 29 January 2009 - 09:27 PM

It's a e-mail port 25 on the remote computers. So you're sending mail and if not sending, at least connecting via TCP. If you didn't intend to mail and mail again, it sounds like Trojan of some sort. Perhaps posting HijackThis log might be a good idea.

According to DNSstuff, these are the IPs resolved:

216.163.188.58
OrgName: Commtouch Software Inc.
OrgID: COMMTO
Address: 2029 Stierlin Court
City: Mountain View
StateProv: CA
PostalCode: 94303
Country: US

64.18.4.13
OrgName: Postini, Inc.
OrgID: POSTI
Address: 1600 Amphitheatre Parkway
City: Mountain View
StateProv: CA
PostalCode: 94043
Country: US

192.117.142.202
% Information related to '192.117.142.192 - 192.117.142.207'

inetnum: 192.117.142.192 - 192.117.142.207
netname: SCHEMA
descr: Schema LTD.
country: IL
admin-c: KM6635-RIPE
tech-c: KM6635-RIPE
status: ASSIGNED PA
mnt-by: AS5486-MNT
changed: *****@co.zahav.net.il 20010204
changed: ********@ripe.net 20040430
source: RIPE

person: Koby Meid
address: Kibutz Glil Yam
address: Hertzelia
address: IL
phone: +972-9-9567955
fax-no: +972-9-9567958
nic-hdl: KM6635-RIPE
changed: *****@co.zahav.net.il 20010204
source: RIPE

61.144.209.199
inetnum: 61.144.209.192 - 61.144.209.223
netname: CHINA-MERCHANTS-BANK-INFROMATION-TECHNOLOGY-DEPARTMENT
descr: CHINA MERCHANTS BANK INFROMATION TECHNOLOGY DEPARTMENT
country: CN
admin-c: ZZS3-AP
tech-c: ZZS3-AP
status: ASSIGNED NON-PORTABLE
changed: *****@gddc.com.cn 20041022
mnt-by: MAINT-CHINANET-GD
source: APNIC

It appears the router is blocking, right?

Edited by tos226, 29 January 2009 - 09:29 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users