1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

UDP Flood? Is someone spamming our network?

Discussion in 'Networking' started by emoric, Jan 1, 2010.

Thread Status:
Not open for further replies.
Advertisement
  1. emoric

    emoric Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    353
    Hi, I've recently have noticed sluggish internet speeds. I decided to take a look at our router's activity and here is what I've found.

    Is someone outside the network trying to flood and knock out our network? Or could it be coming from inside the network?

    Belkin Wireless Router (G)

    Devices Connected to Network:
    WinVista Machine (Wired)
    WinVista Machine (Wireless)
    Ubuntu 9.10 Machine (Wireless)
    Netendo Wii

    From looking at the logs, what do you guys think?





    01/01/2010 19:14:37 **UDP Flood Stop** (from PPPoE1 Inbound)
    01/01/2010 19:14:37 **UDP flood** 111.255.128.179, 24086->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:36 **UDP flood** 119.247.47.56, 16776->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:36 **UDP flood** 41.78.17.132, 33837->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:35 **UDP flood** 68.74.114.75, 37193->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:35 **UDP flood** 85.93.202.69, 59963->> 70.227.26.248, 57890 (from PPPoE1 Inbound)
    01/01/2010 19:14:34 **UDP flood** 210.24.242.95, 13181->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:33 **UDP flood** 219.79.209.182, 24528->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:33 **UDP flood** 60.26.145.174, 19327->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:33 **UDP flood** 95.78.194.159, 58339->> 70.227.26.248, 57908 (from PPPoE1 Inbound)
    01/01/2010 19:14:32 **UDP flood** 77.79.252.205, 23684->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:32 **UDP flood** 123.194.220.217, 11005->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:31 **UDP flood** 112.203.63.246, 26548->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:30 **UDP flood** 88.182.135.197, 8440->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:29 **UDP flood** 222.131.22.17, 63414->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:28 **UDP flood** 123.27.107.175, 22000->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:14:27 **UDP flood** 192.168.2.2, 46349->> 83.248.163.73, 17523 (from PPPoE1 Outbound)
    01/01/2010 19:14:08 **UDP flood** 123.117.42.15, 16001->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:13:49 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:13:43 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:13:42 **UDP flood** 121.56.67.165, 16001->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:13:40 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:13:36 **UDP flood** 192.168.2.2, 46349->> 66.31.106.164, 58859 (from PPPoE1 Outbound)
    01/01/2010 19:13:35 **UDP flood** 192.168.2.2, 46349->> 117.81.165.231, 1205 (from PPPoE1 Outbound)
    01/01/2010 19:13:31 **UDP flood** 61.238.164.182, 6888->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:13:22 **UDP flood** 99.229.103.193, 60278->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:15 **UDP Flood Stop** (from PPPoE1 Outbound)
    01/01/2010 19:05:14 **UDP flood** 82.228.202.159, 21461->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:10 **UDP flood** 41.234.190.27, 19201->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:10 **UDP flood** 187.5.181.94, 51245->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:09 **UDP flood** 70.52.110.50, 30460->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:09 **UDP flood** 77.47.25.25, 63389->> 70.227.26.248, 46399 (from PPPoE1 Inbound)
    01/01/2010 19:05:09 **UDP flood** 124.42.76.2, 52436->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:09 **UDP flood** 192.168.2.5, 57818->> 91.58.91.26, 18804 (from PPPoE1 Outbound)
    01/01/2010 19:05:09 **UDP flood** 84.228.231.174, 35691->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:09 **UDP flood** 88.114.57.222, 15456->> 70.227.26.248, 46464 (from PPPoE1 Inbound)
    01/01/2010 19:05:08 **UDP flood** 192.168.2.5, 57818->> 71.176.213.117, 55249 (from PPPoE1 Outbound)
    01/01/2010 19:05:08 **UDP flood** 58.85.152.105, 11455->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:08 **UDP flood** 192.168.2.5, 57818->> 70.20.107.4, 29224 (from PPPoE1 Outbound)
    01/01/2010 19:05:08 **UDP flood** 192.168.2.5, 57818->> 99.36.92.196, 18318 (from PPPoE1 Outbound)
    01/01/2010 19:05:08 **UDP flood** 76.73.167.155, 44351->> 70.227.26.248, 46433 (from PPPoE1 Inbound)
    01/01/2010 19:05:08 **UDP flood** 91.211.19.30, 33676->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:05:07 **UDP flood** 122.174.81.145, 13409->> 70.227.26.248, 53083 (from PPPoE1 Inbound)
    01/01/2010 19:05:07 **UDP flood** 192.168.2.5, 57818->> 190.136.100.205, 33020 (from PPPoE1 Outbound)
    01/01/2010 19:05:07 **UDP flood** 79.100.4.217, 19258->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:06 **UDP flood** 74.213.79.166, 12568->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:05 **UDP flood** 85.242.21.199, 13230->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:05:04 **UDP flood** 87.65.88.168, 11609->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:04 **UDP flood** 192.168.2.5, 57818->> 77.165.205.50, 53694 (from PPPoE1 Outbound)
    01/01/2010 19:05:04 **UDP flood** 192.168.2.5, 57818->> 88.212.40.186, 24881 (from PPPoE1 Outbound)
    01/01/2010 19:05:04 **UDP flood** 82.245.153.54, 30015->> 70.227.26.248, 46465 (from PPPoE1 Inbound)
    01/01/2010 19:05:04 **UDP flood** 192.168.2.5, 57818->> 217.129.135.214, 19576 (from PPPoE1 Outbound)
    01/01/2010 19:05:04 **UDP flood** 192.168.2.5, 57818->> 72.65.147.76, 50349 (from PPPoE1 Outbound)
    01/01/2010 19:05:04 **UDP flood** 192.168.2.5, 57818->> 77.247.26.116, 48368 (from PPPoE1 Outbound)
    01/01/2010 19:05:04 **UDP flood** 192.168.2.5, 57818->> 87.126.113.242, 60138 (from PPPoE1 Outbound)
    01/01/2010 19:05:04 **UDP flood** 99.241.173.134, 62457->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:05:04 **UDP flood** 123.202.195.249, 41346->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:02 **UDP flood** 72.39.232.217, 61142->> 70.227.26.248, 46441 (from PPPoE1 Inbound)
    01/01/2010 19:05:02 **UDP flood** 82.245.153.54, 30015->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:02 **UDP flood** 218.102.210.101, 23306->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:05:01 **UDP flood** 192.168.2.5, 57818->> 83.14.237.138, 41624 (from PPPoE1 Outbound)
    01/01/2010 19:05:01 **UDP flood** 192.168.2.5, 57818->> 85.155.12.146, 63010 (from PPPoE1 Outbound)
    01/01/2010 19:05:00 **UDP flood** 192.168.2.5, 57818->> 79.117.226.174, 20432 (from PPPoE1 Outbound)
    01/01/2010 19:05:00 **UDP flood** 192.168.2.5, 57818->> 93.149.142.6, 64838 (from PPPoE1 Outbound)
    01/01/2010 19:05:00 **UDP flood** 86.110.186.118, 16183->> 70.227.26.248, 46454 (from PPPoE1 Inbound)
    01/01/2010 19:04:59 **UDP flood** 61.30.114.105, 9112->> 70.227.26.248, 46464 (from PPPoE1 Inbound)
    01/01/2010 19:04:59 **UDP flood** 192.168.2.5, 57818->> 82.160.78.149, 50100 (from PPPoE1 Outbound)
    01/01/2010 19:04:58 **UDP flood** 192.168.2.5, 57818->> 78.69.136.182, 33345 (from PPPoE1 Outbound)
    01/01/2010 19:04:58 **UDP flood** 192.168.2.5, 57818->> 59.92.103.106, 18123 (from PPPoE1 Outbound)
    01/01/2010 19:04:58 **UDP flood** 118.1.239.109, 13799->> 70.227.26.248, 46456 (from PPPoE1 Inbound)
    01/01/2010 19:04:58 **UDP flood** 121.223.181.86, 42568->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:58 **UDP flood** 95.158.0.249, 60120->> 70.227.26.248, 46433 (from PPPoE1 Inbound)
    01/01/2010 19:04:58 **UDP flood** 192.168.2.5, 57818->> 116.14.71.239, 16001 (from PPPoE1 Outbound)
    01/01/2010 19:04:58 **UDP flood** 192.168.2.5, 57818->> 82.137.41.52, 56682 (from PPPoE1 Outbound)
    01/01/2010 19:04:58 **UDP flood** 192.168.2.5, 57818->> 99.11.177.245, 50031 (from PPPoE1 Outbound)
    01/01/2010 19:04:57 **UDP flood** 192.168.2.5, 57818->> 75.72.36.41, 15013 (from PPPoE1 Outbound)
    01/01/2010 19:04:57 **UDP flood** 192.168.2.5, 57818->> 61.163.71.82, 20353 (from PPPoE1 Outbound)
    01/01/2010 19:04:57 **UDP flood** 82.245.153.54, 30015->> 70.227.26.248, 46392 (from PPPoE1 Inbound)
    01/01/2010 19:04:57 **UDP flood** 98.180.210.156, 54649->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:57 **UDP flood** 213.114.121.44, 15520->> 70.227.26.248, 46456 (from PPPoE1 Inbound)
    01/01/2010 19:04:57 **UDP flood** 192.168.2.5, 57818->> 68.196.227.168, 21321 (from PPPoE1 Outbound)
    01/01/2010 19:04:57 **UDP flood** 192.168.2.5, 57818->> 89.134.209.197, 28302 (from PPPoE1 Outbound)
    01/01/2010 19:04:56 **UDP flood** 192.168.2.5, 57818->> 94.213.65.227, 29546 (from PPPoE1 Outbound)
    01/01/2010 19:04:55 **UDP flood** 94.5.250.41, 29442->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:55 **UDP flood** 200.207.171.47, 25357->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:55 **UDP flood** 121.223.181.86, 42731->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:55 **UDP flood** 70.227.26.248, 36220->> 68.94.156.1, 53 (from PPPoE1 Outbound)
    01/01/2010 19:04:55 **UDP flood** 111.161.0.29, 60594->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:54 **UDP flood** 114.159.163.197, 9480->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:54 **UDP flood** 114.41.193.244, 15466->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:54 **UDP flood** 174.101.213.19, 2498->> 70.227.26.248, 53069 (from PPPoE1 Inbound)
    01/01/2010 19:04:53 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:53 **UDP flood** 69.249.39.183, 35287->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:53 **UDP flood** 94.190.193.10, 59037->> 70.227.26.248, 52351 (from PPPoE1 Inbound)
    01/01/2010 19:04:52 **UDP flood** 174.1.169.58, 16479->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:51 **UDP flood** 123.192.122.242, 21588->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:51 **UDP flood** 59.115.177.27, 27215->> 70.227.26.248, 57921 (from PPPoE1 Inbound)
    01/01/2010 19:04:51 **UDP flood** 95.79.205.29, 35691->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:50 **UDP flood** 192.168.2.5, 57818->> 74.59.80.192, 22922 (from PPPoE1 Outbound)
    01/01/2010 19:04:50 **UDP flood** 192.168.2.5, 57818->> 119.141.129.169, 13870 (from PPPoE1 Outbound)
    01/01/2010 19:04:50 **UDP flood** 99.191.72.156, 47430->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:49 **UDP flood** 192.168.2.5, 57818->> 71.176.213.117, 55291 (from PPPoE1 Outbound)
    01/01/2010 19:04:49 **UDP flood** 192.168.2.5, 57818->> 212.80.4.18, 62417 (from PPPoE1 Outbound)
    01/01/2010 19:04:49 **UDP flood** 192.168.2.5, 57818->> 90.215.242.182, 38283 (from PPPoE1 Outbound)
    01/01/2010 19:04:48 **UDP flood** 192.168.2.5, 57818->> 124.6.181.142, 55035 (from PPPoE1 Outbound)
    01/01/2010 19:04:48 **UDP flood** 113.53.132.241, 57006->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:47 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:47 **UDP flood** 192.168.2.5, 57818->> 200.148.209.150, 15231 (from PPPoE1 Outbound)
    01/01/2010 19:04:47 **UDP flood** 72.27.67.216, 14942->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:47 **UDP flood** 173.58.36.244, 60184->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:47 **UDP flood** 187.35.236.181, 47891->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:47 **UDP flood** 89.137.53.190, 15782->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:46 **UDP flood** 192.168.2.5, 57818->> 203.111.229.170, 12002 (from PPPoE1 Outbound)
    01/01/2010 19:04:46 **UDP flood** 192.168.2.5, 57818->> 74.126.137.67, 45632 (from PPPoE1 Outbound)
    01/01/2010 19:04:45 **UDP flood** 67.191.232.73, 43359->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:44 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:44 **UDP flood** 24.1.3.151, 14442->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:43 **UDP flood** 99.8.107.189, 40617->> 70.227.26.248, 46389 (from PPPoE1 Inbound)
    01/01/2010 19:04:43 **UDP flood** 207.161.162.33, 58369->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:41 **UDP flood** 79.111.29.190, 10470->> 70.227.26.248, 46382 (from PPPoE1 Inbound)
    01/01/2010 19:04:41 **UDP flood** 95.61.100.196, 9885->> 70.227.26.248, 46456 (from PPPoE1 Inbound)
    01/01/2010 19:04:39 **UDP flood** 192.168.2.5, 57818->> 88.212.40.186, 26966 (from PPPoE1 Outbound)
    01/01/2010 19:04:39 **UDP flood** 192.168.2.5, 57818->> 66.25.5.136, 40337 (from PPPoE1 Outbound)
    01/01/2010 19:04:39 **UDP flood** 192.168.2.5, 57818->> 76.199.175.84, 23974 (from PPPoE1 Outbound)
    01/01/2010 19:04:39 **UDP flood** 192.168.2.5, 57818->> 123.122.225.226, 8147 (from PPPoE1 Outbound)
    01/01/2010 19:04:39 **UDP flood** 220.138.18.4, 24153->> 70.227.26.248, 46454 (from PPPoE1 Inbound)
    01/01/2010 19:04:39 **UDP flood** 84.231.83.195, 47384->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:38 **UDP flood** 192.168.2.5, 57818->> 222.134.154.98, 11524 (from PPPoE1 Outbound)
    01/01/2010 19:04:38 **UDP flood** 192.168.2.5, 57818->> 217.129.135.214, 19648 (from PPPoE1 Outbound)
    01/01/2010 19:04:38 **UDP flood** 192.168.2.5, 57818->> 38.114.82.70, 21732 (from PPPoE1 Outbound)
    01/01/2010 19:04:38 **UDP flood** 192.168.2.5, 57818->> 78.85.254.24, 15152 (from PPPoE1 Outbound)
    01/01/2010 19:04:37 **UDP flood** 24.1.158.24, 63364->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:37 **UDP flood** 192.168.2.5, 57818->> 82.160.78.149, 1024 (from PPPoE1 Outbound)
    01/01/2010 19:04:37 **UDP flood** 192.168.2.5, 57818->> 69.122.237.176, 1259 (from PPPoE1 Outbound)
    01/01/2010 19:04:37 **UDP flood** 192.168.2.5, 57818->> 99.175.228.111, 27254 (from PPPoE1 Outbound)
    01/01/2010 19:04:37 **UDP flood** 189.174.214.107, 51885->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:36 **UDP flood** 192.168.2.5, 57818->> 82.23.145.107, 34601 (from PPPoE1 Outbound)
    01/01/2010 19:04:36 **UDP flood** 114.181.122.130, 11127->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:35 **UDP flood** 95.107.104.228, 10252->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:34 **UDP flood** 189.101.111.21, 16042->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:33 **UDP flood** 125.27.140.227, 24530->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:28 **UDP flood** 192.168.2.5, 57818->> 83.231.92.198, 20280 (from PPPoE1 Outbound)
    01/01/2010 19:04:27 **UDP flood** 192.168.2.5, 57818->> 93.150.62.8, 62010 (from PPPoE1 Outbound)
    01/01/2010 19:04:27 **UDP flood** 192.168.2.5, 57818->> 200.146.80.141, 43536 (from PPPoE1 Outbound)
    01/01/2010 19:04:26 **UDP flood** 192.168.2.5, 57818->> 71.180.32.156, 54009 (from PPPoE1 Outbound)
    01/01/2010 19:04:26 **UDP flood** 118.172.84.146, 20038->> 70.227.26.248, 46456 (from PPPoE1 Inbound)
    01/01/2010 19:04:26 **UDP flood** 86.219.123.52, 42000->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:24 192.168.2.5 login success
    01/01/2010 19:04:24 **UDP flood** 72.177.159.167, 17131->> 70.227.26.248, 53085 (from PPPoE1 Inbound)
    01/01/2010 19:04:24 **UDP flood** 58.183.131.137, 17709->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:24 **UDP flood** 220.167.43.144, 64503->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:23 **UDP flood** 91.143.83.140, 6881->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:23 **UDP flood** 188.192.238.56, 16623->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:23 **UDP flood** 192.168.2.5, 57818->> 78.86.216.185, 53234 (from PPPoE1 Outbound)
    01/01/2010 19:04:23 **UDP flood** 72.91.152.134, 27695->> 192.168.2.5, 57818 (from PPPoE1 Inbound)
    01/01/2010 19:04:16 192.168.2.5 login success
    01/01/2010 19:04:13 **UDP flood** 192.168.2.5, 57818->> 95.221.215.26, 57976 (from PPPoE1 Outbound)
    01/01/2010 19:04:13 **UDP flood** 70.77.236.49, 60037->> 192.168.2.2, 46349 (from PPPoE1 Inbound)
    01/01/2010 19:04:13 **UDP flood** 192.168.2.5, 57818->> 188.2.189.81, 36391 (from PPPoE1 Outbound)
    01/01/2010 19:04:13 **UDP flood** 94.109.9.162, 18627->> 70.227.26.248, 46459 (from PPPoE1 Inbound)
     
  2. Frank4d

    Frank4d Retired Trusted Advisor

    Joined:
    Sep 10, 2006
    Messages:
    9,126
    It looks like you have P2P running on two computers with IP addresses 192.168.2.2 and 192.168.2.5
     
  3. emoric

    emoric Thread Starter

    Joined:
    Jul 28, 2006
    Messages:
    353
    Thats it? Thank you.


    Also, may I ask why would you think it would be logged as flood attack?
     
  4. Elvandil

    Elvandil

    Joined:
    Aug 1, 2003
    Messages:
    51,988
    The firewall sees all these connections and makes an incorrect assumption. It is not really unusual. UDP is a "broadcast" protocol, so you will likely always see a lot of them if you are monitoring for them.
     
  5. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    5,952
    Happened to me at my previous job. Except the amount of UDP traffic generated by one PC on the corporate network was enough to cause a DOS attack on the corporate firewall. The amount of UDP traffic this one box generated in under 2 minutes was enough to blow up the size of our daily logs. I tracked down the offending computer from the log information. Unfortunately, I wasn't on site to confront the employee but someone at the office did. I was told he didn't know what was causing it and ran the latest anti-virus software on it. Again unfortunately, no one from management wanted to pursue it further. I wanted to have his laptop confiscated to do some analysis on. After the outing the offender, it was a funny coincidence all the UDP DOS stopped.

    This is the classic reason why I don't run any P2P software and if the company has a clue they would make it against policy to run any P2P software too. When I did some checks on the IP that laptop was hitting, it wasn't a good thing.

    emoric, I suggest you also do a whois on those IPs in your log. I did just the first two and you should be pretty concerned about where your PCs are going.
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/890279

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice