My Router is being UDP flood attacked?!?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Zebila

Thread Starter
Joined
Oct 3, 2009
Messages
10
Ok so i've been playing xbox recently and been getting disconnected from Xbox live around every 10min while nothing else has been getting disconnected...I decided to check my router security log and found loads of UDP flood attacks on my router??

Firstly why is this happening? was it my fault?

Secondly how do i stop this? :(



Thanks in advance,
Luke.
 
Joined
Sep 21, 2007
Messages
12,562
From the screenshot, most of it is outbound from your internal 192.168.2.4. Is this the ip of your XBOX ?

Only 3 of them are inbound, from 213.105.48.12. That ip has the domain name: cpc2-grim14-2-0-cust11.12-3.cable.virginmedia.com. Which sounds like a cable subscriber to me. Maybe he is one of your gaming buddies.

For a game, I would expect constant communication between all parties, so the UDP flood warning may not indicate an attack. According to speedguide.net, these games are known to use port 3075:

Lost Planet - Extreme Condition, Call of Duty - World at War, Blazing Angels Online

Maybe your router is being smart about the supposed attack and throttlling traffic. And thats why you are getting disconnected from XBOX Live. What is the make and model of your router?
 

Zebila

Thread Starter
Joined
Oct 3, 2009
Messages
10
From the screenshot, most of it is outbound from your internal 192.168.2.4. Is this the ip of your XBOX ?

Only 3 of them are inbound, from 213.105.48.12. That ip has the domain name: cpc2-grim14-2-0-cust11.12-3.cable.virginmedia.com. Which sounds like a cable subscriber to me. Maybe he is one of your gaming buddies.

For a game, I would expect constant communication between all parties, so the UDP flood warning may not indicate an attack. According to speedguide.net, these games are known to use port 3075:

Lost Planet - Extreme Condition, Call of Duty - World at War, Blazing Angels Online

Maybe your router is being smart about the supposed attack and throttlling traffic. And thats why you are getting disconnected from XBOX Live. What is the make and model of your router?
Hiya, thanks for the reply.

I don't know if that is the IP of my xbox as i have dynamic IPs anyway and the attacks are happening when my xbox is switched off anyway. I don't play any of the games you have listed there either.

The make and model of my router is: Belkin N Wireless Modem Router F5D8636uk4A

I'm still being attacked between every 10min-30min during the day and can't play my xbox during this time but it seems to stop late at night.

Another log:


Thanks again,
Luke.

 

Zebila

Thread Starter
Joined
Oct 3, 2009
Messages
10
This is still happening...not so frequently but enough so that it is starting to piss me off...really would like to know how to stop it, i've changed I.P address, my network is secure, virus scanned everything and don't know what else to do...please help...
 
Joined
Sep 21, 2007
Messages
12,562
If your modem has grabbed a new ip address, ( after switching it off ) then somewhere somehow your new ip address is being seen. Does the 360 Live web pages show what ip you are on? If so, then there is no stopping anyone from flooding your ip.
 

Zebila

Thread Starter
Joined
Oct 3, 2009
Messages
10
Hello, I'm back with some progress. I think I have found the source of the problem and that is the Steam game "Garry's Mod" that my younger brother is playing. I have been checking the times of the attacks and when he goes on the game and they seem to go together.

I guess this is from when he connects to a Server and the server sends information that overwhelms my router?

Anyway, now that I think I have found the cause of the problem, do you know of any way to solve it?

Thanks,
Luke.
 
Joined
Sep 21, 2007
Messages
12,562
But the last image you posted shows that the UDP floods are going to both 192.168.3.3 and 192.168.3.5.

Which one of them is your pc and which one is your brother's ?
 

Zebila

Thread Starter
Joined
Oct 3, 2009
Messages
10
In my DHCP Client List my brother's computer has two I.P address... The attack also just happened when he played Call of Duty: Black Ops on his PC. I have read about it and found some threads of other people complaining about Floods coming when they load the server lists, thus disconnecting others.

Also I just tried playing Garry's Mod on my computer and when i went to load servers it triggered a UDP Flood.

Is there anyway in the settings to allow my router to accept more packets without causing a disconnection? Or do I have to disabled the Firewall? Which I don't really want to do.
 
Joined
Sep 21, 2007
Messages
12,562
The only thing I can think of is to Forward the ports needed to your brother's PC. That might allow the traffic to flow without triggering the firewall.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top