Results 1 to 10 of 10

Thread: I'm being DOS attacked!

  1. #1
    explorer.exe
    Join Date
    Sep 2004
    Location
    Crewe
    Posts
    360
    Thanks
    5
    Thanked
    0 times in 0 posts

    Exclamation I'm being DOS attacked!

    Help me please. I seem to be getting DOS attacked (according to my router). It only happens when one of the PCs connected is switched on (router logs give either this machines IP add, or the IP of the net connection itself). After switching off the PC, attacks continue until the router is reset.

    The PC is running Vista, and scans using AVG, Avast, Windows Defender and Adaware turn up nothing.

    Any ideas?

  2. #2
    Member
    Join Date
    Apr 2006
    Location
    North West, United Kingdom
    Posts
    131
    Thanks
    0
    Thanked
    3 times in 3 posts
    Quote Originally Posted by Silent Shark View Post
    It only happens when one of the PCs connected is switched on (router logs give either this machines IP add, or the IP of the net connection itself). After switching off the PC, attacks continue until the router is reset.
    Is that PC running any type of file-sharing software? If so, then it will "broadcast" its presence to other users which will then connect back - this can result in a large number of connections which your router may then misinterpret as an attack.

    If so, then you should disable the "attack detection" feature in the router - filesharing will (of necessity) involve hundreds or even thousands of connections.

    Another possibility is Skype - see Skype supernodes sap bandwidth for more details.

  3. #3
    explorer.exe
    Join Date
    Sep 2004
    Location
    Crewe
    Posts
    360
    Thanks
    5
    Thanked
    0 times in 0 posts
    I'm not running the file sharing software on the PC. I do sometimes, but with these problems, I'm not really running anything on it.

    The router seems to be able to tell the difference between bittorrent packets and DOS attacks, as it always seems to let the traffic through, but after a while, some packets get marked 'DOS', and then the whole internet connection grinds to a halt. I don't think the router is misinterpreting the packets as we've ran filesharing software for years and it's never done this before.

  4. #4
    Senior Member
    Join Date
    May 2006
    Location
    London
    Posts
    1,013
    Thanks
    2
    Thanked
    20 times in 18 posts
    • excalibur2's system
      • Motherboard:
      • Z77-d3h
      • CPU:
      • Intel 2500k @4.4ghz
      • Memory:
      • 2X4gb Corsair Vengeance
      • Storage:
      • WD 2tb
      • Graphics card(s):
      • R290
      • PSU:
      • Coolermaster 750
      • Case:
      • Haf-x tower
      • Monitor(s):
      • Dell u2410
      • Internet:
      • broadband with Plusnet
    Quote Originally Posted by Silent Shark View Post
    I'm not running the file sharing software on the PC. I do sometimes, but with these problems, I'm not really running anything on it.

    The router seems to be able to tell the difference between bittorrent packets and DOS attacks, as it always seems to let the traffic through, but after a while, some packets get marked 'DOS', and then the whole internet connection grinds to a halt. I don't think the router is misinterpreting the packets as we've ran filesharing software for years and it's never done this before.
    You could try protowall it's free:-

    http://www.bluetack.co.uk/forums/index.php

  5. #5
    Member
    Join Date
    Apr 2006
    Location
    North West, United Kingdom
    Posts
    131
    Thanks
    0
    Thanked
    3 times in 3 posts
    Quote Originally Posted by Silent Shark View Post
    ...after a while, some packets get marked 'DOS', and then the whole internet connection grinds to a halt. I don't think the router is misinterpreting the packets as we've ran filesharing software for years and it's never done this before.
    Was this PC recently upgraded to Vista and if so, did the problem coincide with the upgrade? In such a case, I'd suggest trying to run it with XP (if you have dual boot set up) to check whether Vista is the culprit.

    Another possibility is if you have any form of Internet Connection Sharing (ICS) enabled on the PC - if so, disable it since your router should be doing the sharing. Running ICS as well could certainly trigger problems with some routers.

  6. #6
    explorer.exe
    Join Date
    Sep 2004
    Location
    Crewe
    Posts
    360
    Thanks
    5
    Thanked
    0 times in 0 posts
    I've been running Vista since December (from MSDNAA), and it was a clean install with no upgrade.

    ICS is not enabled.

    I think I've traced the problem anyway, and it is file sharing related. Your suggestion earlier made me investigate further.

    There are no problems if it isn't used at all. It seems that after FS software is used and then deactivated, people continue to send packets regardless. You can physically unplug the receiving machine from the network, but packets continue to arrive at the router. After some time, this seems to cause a collapse of the internet connection. The router sees this as a DOS attack because of the rate of incoming packets (2-3 every second). The problem is cured by resetting the router so we get a new IP address. The whole situation wasn't helped by the router also labelling everything that XFire was doing on another PC as DOS attacks.

    This is really weird behavoir, and I'm not sure what's going on. I'll post more if I figure something out.

    Even more weird is that through use of packet sniffing tools I was able to see that my wireless bridge is repeatedly asking for details for specifc IP address' over and over again, which turn out to be owned by the US Navy...! (using reverse IP lookup)

    Bizzare, and slightly unsettling :s .

  7. #7
    WEEEEEEEEEEEEE! MadduckUK's Avatar
    Join Date
    May 2006
    Location
    Lytham St. Annes
    Posts
    17,293
    Thanks
    649
    Thanked
    1,580 times in 1,006 posts
    • MadduckUK's system
      • Motherboard:
      • Asus A88XM-PLUS
      • CPU:
      • AMD 860K @4.45
      • Memory:
      • 16GB (4x4GB) PC3-12800
      • Storage:
      • 1x240GB Sandisk Extreme / 3x500GB RAID0 / 3GB Backup
      • Graphics card(s):
      • Radeon 7870XT
      • PSU:
      • Corsair TX750w
      • Case:
      • Cooler Master Galdiator 600
      • Operating System:
      • Windows 10 x64
      • Monitor(s):
      • DELL S2409W
      • Internet:
      • 3 One Plan
    id get some fresh pants on, the black helecopters will be there soon
    Quote Originally Posted by Ephesians
    Do not be drunk with wine, which will ruin you, but be filled with the Spirit
    Vodka

  8. #8
    Vive le pants! directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • MSI X99A Gaming 7
      • CPU:
      • Intel Core i7 5280k
      • Memory:
      • 32GiB ADATA DDR4
      • Storage:
      • Corsair Neutron XT 960GB
      • Graphics card(s):
      • MSI GTX 980 Gaming 4G Twin Frozr 5
      • PSU:
      • Corsair AX860i
      • Case:
      • NZXT H440
      • Operating System:
      • Ubuntu 17.10, Windows 10
      • Monitor(s):
      • Dell U2713HM
      • Internet:
      • FIOS
    virusage.

  9. #9
    explorer.exe
    Join Date
    Sep 2004
    Location
    Crewe
    Posts
    360
    Thanks
    5
    Thanked
    0 times in 0 posts
    Quote Originally Posted by directhex View Post
    virusage.
    Do you know of a virus that could be the cause, or are you just speculating?

    As I said, AVG and avast both failed to find anything with the deepest scans available.

  10. #10
    Member
    Join Date
    Apr 2006
    Location
    North West, United Kingdom
    Posts
    131
    Thanks
    0
    Thanked
    3 times in 3 posts
    Quote Originally Posted by Silent Shark View Post
    There are no problems if it isn't used at all. It seems that after FS software is used and then deactivated, people continue to send packets regardless.
    This is normal - just because you have disconnected from a file-sharing network doesn't mean that other nodes know about it, so they will keep trying to connect.
    Quote Originally Posted by Silent Shark View Post
    Even more weird is that through use of packet sniffing tools I was able to see that my wireless bridge is repeatedly asking for details for specifc IP address' over and over again, which turn out to be owned by the US Navy...! (using reverse IP lookup)
    I'd guess here that you have a D-Link which is committing NTP vandalism (in this case, querying a US Navy time server). You can "fix" this by specifying a local NTP server for it to use instead (your ISP may be running one).

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. best disk cloning software?
    By DsW in forum Software
    Replies: 30
    Last Post: 02-07-2008, 09:01 PM
  2. genuine dos 6.2X boot disk required
    By ikonia in forum Software
    Replies: 3
    Last Post: 11-09-2006, 07:56 PM
  3. Help XP wont boot past dos screen
    By vader in forum Help! Quick Relief From Tech Headaches
    Replies: 6
    Last Post: 30-04-2005, 03:06 AM
  4. Help - How do I install a driver in dos to format?
    By Universal in forum PC Hardware and Components
    Replies: 7
    Last Post: 21-11-2003, 07:08 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •