1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

My Router is being UDP flood attacked?!?

Discussion in 'General Security' started by Zebila, Jan 14, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. Zebila

    Zebila Thread Starter

    Joined:
    Oct 3, 2009
    Messages:
    10
    Ok so i've been playing xbox recently and been getting disconnected from Xbox live around every 10min while nothing else has been getting disconnected...I decided to check my router security log and found loads of UDP flood attacks on my router??

    Firstly why is this happening? was it my fault?

    Secondly how do i stop this? :(

    [​IMG]

    Thanks in advance,
    Luke.
     
  2. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,578
    From the screenshot, most of it is outbound from your internal 192.168.2.4. Is this the ip of your XBOX ?

    Only 3 of them are inbound, from 213.105.48.12. That ip has the domain name: cpc2-grim14-2-0-cust11.12-3.cable.virginmedia.com. Which sounds like a cable subscriber to me. Maybe he is one of your gaming buddies.

    For a game, I would expect constant communication between all parties, so the UDP flood warning may not indicate an attack. According to speedguide.net, these games are known to use port 3075:

    Lost Planet - Extreme Condition, Call of Duty - World at War, Blazing Angels Online

    Maybe your router is being smart about the supposed attack and throttlling traffic. And thats why you are getting disconnected from XBOX Live. What is the make and model of your router?
     
  3. Zebila

    Zebila Thread Starter

    Joined:
    Oct 3, 2009
    Messages:
    10
    Hiya, thanks for the reply.

    I don't know if that is the IP of my xbox as i have dynamic IPs anyway and the attacks are happening when my xbox is switched off anyway. I don't play any of the games you have listed there either.

    The make and model of my router is: Belkin N Wireless Modem Router F5D8636uk4A

    I'm still being attacked between every 10min-30min during the day and can't play my xbox during this time but it seems to stop late at night.

    Another log:
    [​IMG]

    Thanks again,
    Luke.

     
  4. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,578
  5. Zebila

    Zebila Thread Starter

    Joined:
    Oct 3, 2009
    Messages:
    10
    This is still happening...not so frequently but enough so that it is starting to piss me off...really would like to know how to stop it, i've changed I.P address, my network is secure, virus scanned everything and don't know what else to do...please help...
     
  6. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,578
    If your modem has grabbed a new ip address, ( after switching it off ) then somewhere somehow your new ip address is being seen. Does the 360 Live web pages show what ip you are on? If so, then there is no stopping anyone from flooding your ip.
     
  7. Zebila

    Zebila Thread Starter

    Joined:
    Oct 3, 2009
    Messages:
    10
    Hello, I'm back with some progress. I think I have found the source of the problem and that is the Steam game "Garry's Mod" that my younger brother is playing. I have been checking the times of the attacks and when he goes on the game and they seem to go together.

    I guess this is from when he connects to a Server and the server sends information that overwhelms my router?

    Anyway, now that I think I have found the cause of the problem, do you know of any way to solve it?

    Thanks,
    Luke.
     
  8. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,578
    But the last image you posted shows that the UDP floods are going to both 192.168.3.3 and 192.168.3.5.

    Which one of them is your pc and which one is your brother's ?
     
  9. Zebila

    Zebila Thread Starter

    Joined:
    Oct 3, 2009
    Messages:
    10
    In my DHCP Client List my brother's computer has two I.P address... The attack also just happened when he played Call of Duty: Black Ops on his PC. I have read about it and found some threads of other people complaining about Floods coming when they load the server lists, thus disconnecting others.

    Also I just tried playing Garry's Mod on my computer and when i went to load servers it triggered a UDP Flood.

    Is there anyway in the settings to allow my router to accept more packets without causing a disconnection? Or do I have to disabled the Firewall? Which I don't really want to do.
     
  10. lunarlander

    lunarlander

    Joined:
    Sep 21, 2007
    Messages:
    11,578
    The only thing I can think of is to Forward the ports needed to your brother's PC. That might allow the traffic to flow without triggering the firewall.
     
  11. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/974669

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice