Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help determining if I have malware and part of botnet


  • Please log in to reply
2 replies to this topic

#1 Cowman715

Cowman715

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 15 November 2016 - 08:25 PM

I've been posting on the cox forums here and was being told to come here to post about it and try to fix it by another user http://forums.cox.com/forum_home/internet_forum/f/5/t/15881.aspx

 

I've been having random packet loss and huge spikes in latency affecting my upload speed among other things

 

My ISP knows about it and basically said there is nothing they can do (talked to a tier 2 agent so it sounded serious)

 

Netgear wanted money to fix the problem. 

 

My logs

2016-11-15, 07:23:31.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-15, 03:50:22.0 Error (4) DHCP RENEW WARNING - Field invalid in response v4 option;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-15, 02:49:26.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 22:03:51.0 Warning (5) Admin login authentication fail 2016-11-14, 21:37:27.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 15:50:24.0 Notice (6) TLV-11 - unrecognized OID;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 15:50:24.0 Critical (3) TLV-11 - Illegal Set operation failed;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 15:49:08.0 Critical (3) Resetting the cable modem due to docsDevResetNow 2016-11-14, 15:41:29.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 15:39:46.0 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 15:39:04.0 Critical (3) TLV-11 - Illegal Set operation failed;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 15:37:49.0 Critical (3) Resetting the cable modem due to docsDevResetNow 2016-11-14, 15:15:47.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-14, 08:24:37.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 20:12:03.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 08:27:26.0 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 08:26:43.0 Critical (3) TLV-11 - Illegal Set operation failed;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 08:18:44.0 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 08:18:01.0 Critical (3) TLV-11 - Illegal Set operation failed;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 07:50:37.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 01:46:37.0 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 01:45:55.0 Critical (3) TLV-11 - Illegal Set operation failed;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-13, 01:44:38.0 Critical (3) Resetting the cable modem due to docsDevResetNow 2016-11-13, 01:04:33.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-12, 22:51:31.0 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-12, 22:51:15.0 Critical (3) Started Unicast Maintenance Ranging - No Response received - T3 time-out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-12, 22:50:48.0 Critical (3) TLV-11 - Illegal Set operation failed;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; 2016-11-12, 22:00:47.0 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.1;CM-VER=3.0; Time Not Established Warning (5) DHCP WARNING - Non-critical field invalid in response ;CM-MAC=a4:2b:8c:2f:cd:e0;CMTS-MAC=00:14:f1:e8:69:a0;CM-QOS=1.0;CM-VER=3.0; Time Not Established Notice (6) Honoring MDD; IP provisioning mode = IPv4 Time Not Established Notice (6) WiFi Interface [wl0] set to Channel 1 (Side-Band Channel:N/A) - Reason:INIT Time Not Established Notice (6)

WiFi Interface [wl1] set to Channel 36 (Side-Band Channel:N/A) - Reason:INIT

 

 

Description Count Last Occurrence Target Source [Teardrop or derivative] 2 Tue Nov 15 11:39:52 2016 84.12.76.107:0 130.192.156.0:0 [Illegal Fragments] 1 Tue Nov 15 11:39:52 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 2 Tue Nov 15 11:39:52 2016 84.12.76.107:0 130.192.156.0:0 [Illegal Fragments] 1 Tue Nov 15 11:39:52 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 9 Tue Nov 15 11:39:53 2016 84.12.76.107:0 130.192.156.0:0 [Illegal Fragments] 1 Tue Nov 15 11:39:53 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 1 Tue Nov 15 11:40:23 2016 84.12.76.107:0 130.192.156.0:0 [Illegal Fragments] 1 Tue Nov 15 11:40:24 2016 84.12.76.107:0 130.192.156.0:0 [Ping Of Death] 1 Tue Nov 15 11:40:24 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 10 Tue Nov 15 11:43:34 2016 84.12.76.107:0 130.192.156.0:0 [Ping Of Death] 2 Tue Nov 15 11:43:34 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 4 Tue Nov 15 11:43:34 2016 84.12.76.107:0 130.192.156.0:0 [Ping Of Death] 1 Tue Nov 15 11:43:34 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 12 Tue Nov 15 11:44:36 2016 84.12.76.107:0 130.192.156.0:0 [Ping Of Death] 1 Tue Nov 15 11:44:39 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 9 Tue Nov 15 11:44:41 2016 84.12.76.107:0 130.192.156.0:0 [Ping Of Death] 1 Tue Nov 15 11:44:41 2016 84.12.76.107:0 130.192.156.0:0 [Teardrop or derivative] 18 Tue Nov 15 11:49:22 2016 84.12.76.107:0 130.192.156.0:0 [Illegal Fragments] 1 Tue Nov 15 11:50:53 2016 84.12.76.107:0 130.192.156.0:0 [TCP- or UDP-based Port Scan] 2 Tue Nov 15 14:38:36 2016 98.162.168.135:61830 68.105.29.11:53 [FAILURE: User interface login] 2 Tue Nov 15 14:38:40 2016 192.168.0.1:80 192.168.0.4:54833 [SUCCESS: User interface login] 1 Tue Nov 15 14:38:50 2016 192.168.0.1:80 192.168.0.4:55068 [Public Network Interface up] 1 Tue Nov 15 14:41:40 2016 0.0.0.0:0 0.0.0.0:0 [Firewall Up] 1 Tue Nov 15 14:41:40 2016 0.0.0.0:0 0.0.0.0:0 [TCP- or UDP-based Port Scan] 1 Tue Nov 15 14:41:56 2016 98.162.168.135:52128 68.105.28.12:53 [Public Network Interface up] 1 Tue Nov 15 14:42:43 2016 0.0.0.0:0 0.0.0.0:0 [Firewall Up] 1 Tue Nov 15 14:42:43 2016 0.0.0.0:0 0.0.0.0:0 [Public Network Interface up] 1 Tue Nov 15 14:43:35 2016 0.0.0.0:0 0.0.0.0:0 [Firewall Up] 1 Tue Nov 15 14:43:35 2016 0.0.0.0:0 0.0.0.0:0 [TCP- or UDP-based Port Scan] 1 Tue Nov 15 14:47:38 2016 98.162.168.135:62493

68.105.28.12:53

 

 

 

.0.0.1:12119 mike-PC:0 LISTENING
TCP 127.0.0.1:12143 mike-PC:0 LISTENING
TCP 127.0.0.1:12465 mike-PC:0 LISTENING
TCP 127.0.0.1:12563 mike-PC:0 LISTENING
TCP 127.0.0.1:12993 mike-PC:0 LISTENING
TCP 127.0.0.1:12995 mike-PC:0 LISTENING
TCP 127.0.0.1:21320 mike-PC:0 LISTENING
TCP 127.0.0.1:21321 mike-PC:0 LISTENING
TCP 127.0.0.1:21323 mike-PC:0 LISTENING
TCP 127.0.0.1:21332 mike-PC:0 LISTENING
TCP 127.0.0.1:27275 mike-PC:0 LISTENING
TCP 127.0.0.1:49761 mike-PC:49762 ESTABLISHED
TCP 127.0.0.1:49762 mike-PC:49761 ESTABLISHED
TCP 127.0.0.1:49763 mike-PC:0 LISTENING
TCP 127.0.0.1:49764 mike-PC:49765 ESTABLISHED
TCP 127.0.0.1:49765 mike-PC:49764 ESTABLISHED
TCP 127.0.0.1:49766 mike-PC:0 LISTENING
TCP 127.0.0.1:65000 mike-PC:0 LISTENING
TCP 192.168.0.4:139 mike-PC:0 LISTENING
TCP 192.168.0.4:49700 msnbot-65-52-108-198:https ESTABLISHED
TCP 192.168.0.4:49775 mia25:http ESTABLISHED
TCP 192.168.0.4:49888 msnbot-65-52-108-232:https ESTABLISHED
TCP 192.168.0.4:50124 r-149-58-45-5:http CLOSE_WAIT
TCP 192.168.0.4:50376 oi-in-f125:5222 ESTABLISHED
TCP 192.168.0.4:52730 50.57.196.159:http TIME_WAIT
TCP 192.168.0.4:52731 50.57.196.159:http TIME_WAIT
TCP 192.168.0.4:52732 50.57.196.159:http TIME_WAIT
TCP 192.168.0.4:52733 50.57.196.159:http TIME_WAIT
TCP 192.168.0.4:52734 50.57.196.159:http TIME_WAIT
TCP 192.168.0.4:52735 50.57.196.159:http TIME_WAIT
TCP 192.168.0.4:52741 grandsport:https TIME_WAIT
TCP 192.168.0.4:52963 68.99.123.171:http TIME_WAIT
TCP 192.168.0.4:52965 68.99.123.171:http TIME_WAIT
TCP 192.168.0.4:52967 ip-68-71-251-224:http TIME_WAIT
TCP [::]:80 mike-PC:0 LISTENING
TCP [::]:135 mike-PC:0 LISTENING
TCP [::]:445 mike-PC:0 LISTENING
TCP [::]:1801 mike-PC:0 LISTENING
TCP [::]:2103 mike-PC:0 LISTENING
TCP [::]:2105 mike-PC:0 LISTENING
TCP [::]:2107 mike-PC:0 LISTENING
TCP [::]:2869 mike-PC:0 LISTENING
TCP [::]:5357 mike-PC:0 LISTENING
TCP [::]:7680 mike-PC:0 LISTENING
TCP [::]:15600 mike-PC:0 LISTENING
TCP [::]:49664 mike-PC:0 LISTENING
TCP [::]:49665 mike-PC:0 LISTENING
TCP [::]:49666 mike-PC:0 LISTENING
TCP [::]:49667 mike-PC:0 LISTENING
TCP [::]:49668 mike-PC:0 LISTENING
TCP [::]:49669 mike-PC:0 LISTENING
TCP [::]:49688 mike-PC:0 LISTENING
TCP [::]:49758 mike-PC:0 LISTENING
TCP [::1]:12025 mike-PC:0 LISTENING
TCP [::1]:12110 mike-PC:0 LISTENING
TCP [::1]:12119 mike-PC:0 LISTENING
TCP [::1]:12143 mike-PC:0 LISTENING
TCP [::1]:12465 mike-PC:0 LISTENING
TCP [::1]:12563 mike-PC:0 LISTENING
TCP [::1]:12993 mike-PC:0 LISTENING
TCP [::1]:12995 mike-PC:0 LISTENING
TCP [::1]:27275 mike-PC:0 LISTENING
TCP [::1]:49892 mike-PC:0 LISTENING
TCP [2600:8807:82c0:9c00:280a:7831:800d:32f6]:52870 dfw25s07-in-x0e:https TIME_WAIT
UDP 0.0.0.0:3544 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:3702 *:*
UDP 0.0.0.0:5050 *:*
UDP 0.0.0.0:5353 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:21328 *:*
UDP 0.0.0.0:49615 *:*
UDP 0.0.0.0:51757 *:*
UDP 0.0.0.0:57454 *:*
UDP 0.0.0.0:57456 *:*
UDP 0.0.0.0:57457 *:*
UDP 0.0.0.0:60986 *:*
UDP 0.0.0.0:60987 *:*
UDP 0.0.0.0:62023 *:*
UDP 0.0.0.0:62027 *:*
UDP 0.0.0.0:62755 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:48200 *:*
UDP 127.0.0.1:48202 *:*
UDP 127.0.0.1:50091 *:*
UDP 127.0.0.1:50092 *:*
UDP 127.0.0.1:50093 *:*
UDP 127.0.0.1:50094 *:*
UDP 127.0.0.1:50095 *:*
UDP 127.0.0.1:50096 *:*
UDP 127.0.0.1:50097 *:*
UDP 127.0.0.1:50098 *:*
UDP 127.0.0.1:55607 *:*
UDP 127.0.0.1:55609 *:*
UDP 127.0.0.1:56097 *:*
UDP 127.0.0.1:56098 *:*
UDP 127.0.0.1:57458 *:*
UDP 127.0.0.1:57459 *:*
UDP 127.0.0.1:57460 *:*
UDP 127.0.0.1:57461 *:*
UDP 127.0.0.1:59150 *:*
UDP 127.0.0.1:59848 *:*
UDP 127.0.0.1:62022 *:*
UDP 127.0.0.1:65000 *:*
UDP 192.168.0.4:137 *:*
UDP 192.168.0.4:138 *:*
UDP 192.168.0.4:1900 *:*
UDP 192.168.0.4:5353 *:*
UDP 192.168.0.4:51395 *:*
UDP 192.168.0.4:62021 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:3702 *:*
UDP [::]:5353 *:*
UDP [::]:5355 *:*
UDP [::]:57455 *:*
UDP [::]:62024 *:*
UDP [::]:62028 *:*
UDP [::]:62756 *:*
UDP [::1]:1900 *:*
UDP [::1]:5353 *:*
UDP [::1]:62020 *:*
UDP [fe80::e06c:5c18:410f:f77b%4]:1900 *:*
UDP [fe80::e06c:5c18:410f:f77b%4]:62019 *:*

 
 
_____
I believed I am getting DDoS'd 
My IP address did change after I unplugged it for a day but am still having the same issue.
I'm pretty sure I have some kind of malware issue that is letting the bot know my new IP Address
 


BC AdBot (Login to Remove)

 


#2 Cowman715

Cowman715
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:31 AM

Posted 15 November 2016 - 08:27 PM

The logs are from my modem/router combo not a malware program



#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:12:31 PM

Posted 17 November 2016 - 01:13 PM

This is an attempt at DOS (Denial Of Service) attack, which is an attempt to block you router from functioning by overloading it. The fact that you router has detected and blocked it means you have nothing to worry about – you only need to worry when it doesn't get detected and you suffer from a DOS.

If you are still concerned than make a new post.
Please follow this Preparation Guide and post in a new topic.
Let me know if all went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users