What Is Flooding My Internet Connection?

[OlRedEyes]

I'm not clued up on viruses on the net, sad to say. I run McAffee AV and firewall. On a router to TT&T.

Since mid Dec. my connection is being flooded with what appears to be a trojan or 6 running around on the net. Thousands of unsolicited connection attempts from what appears to be fairly random addresses bounce of my firewall, slowing things down to the point where the net becomes nearly useless, then disappear. The av software picked up Msblaster in Dec. Removed that then another showed up PWA something, don't remember. Yesterday I found Fdos-killer and removed that.

At the moment McAffee AV, Adaware, Spybot picks up nothing. AV and firewall reinstalled. Both are up to date. But the requests are still flooding my router.

Anyone experience similar problems?

Edited January 16, 2007 by OlRedEyes

[OlRedEyes]

Reboot the router and the problem goes away. For a while. Then they find me again....

[Guest Reimar]

Download AVAST AV Home Edition, it will run after restarting of the system than update the iAVS by right clicking on the Avast incon and than Update and after istalling run a full scan again. It will take some time but do it.

I also recommend to download a tral version of BugDoctor to check your registry for suspicious entries, or download Spybot S&D and run it. Disable all ports in the Router which you don't need to have open.

From RAdmin.com download the free PortScan software and run it to find out which ports are open. From Whatsrunning.net you can download Whatsrunning which is an excelent Taskmanager. This program shows you all of the services etc. which is running or even accessed from time to time.

It may take some time to filter out whats going on on your system but maybe you find out what forced the "flooding"!

[OlRedEyes]

Download AVAST AV Home Edition, it will run after restarting of the system than update the iAVS by right clicking on the Avast incon and than Update and after istalling run a full scan again. It will take some time but do it.

I also recommend to download a tral version of BugDoctor to check your registry for suspicious entries, or download Spybot S&D and run it. Disable all ports in the Router which you don't need to have open.

From RAdmin.com download the free PortScan software and run it to find out which ports are open. From Whatsrunning.net you can download Whatsrunning which is an excelent Taskmanager. This program shows you all of the services etc. which is running or even accessed from time to time.

It may take some time to filter out whats going on on your system but maybe you find out what forced the "flooding"!

Have already done the Avast AV scan, clean. Same with Spybot S&D.

Portscan seems handy thanks. Although I don't know which ports should be open, other than 80.

It reports ports open on PC 192.168.1.1 as port 21 ftp, 23 telnet and 80

On the router 192.168.1.33 open ports are 80, 135 loc-srv, 139 netbios-ssn,1025 microsoft ADL

Of this I know very little.

Whatsrunning is a very nice manager. But again, I have to guess at the processes. Basically a nice tool for those that can see

I notice that my sent is not exceeding my received KB 18MB sent 100MB received. Normally with this problem it would be the other way round. So maybe my m/c is clean? Then there must be a lot of users out there noticing this? Haven't heard it mentioned on any of the boards.

Firewall is bouncing requests merrily. More than 5000 events in the past 2 hours.

Edited January 16, 2007 by OlRedEyes

[cdnvic]

DO NOT run Avast and McAfee at the same time!

Do you run any file sharing software? Sometimes P2P networks cahce the IP addresses of hosts for a long time after the file sharing program shuts down. The result is the person on that IP address is bombarded but unsolicited packets in the form of search requests. This can happen when you log on and get an IP that at one time belonged to a particularly busy P2P client.

Go into your router and release your current IP, wait 20min, then renew the IP. Hopefully it will be a new IP, and your ISP should have reassigned the troublesome one by then. This is best done during busy times when there are alot of requests for IP addresses.

[OlRedEyes]

I disabled Mcaffee before running avast.

Never been on a file-share network to my knowledge.

[Guest Reimar]

The "bombing" on the firewall is normal! There a lot of "random" tracings for open and accesible ports.

By one of my costumers with leased line the attacks are around 14,000 per hour. On my own system I get around 100 "auto-traces" and 5-10 direct traces a hour! But that did not slow down the system!

In Whatsrunning you will be easy find out what the different connection doing. If you right click the file name under Processes and than Get Info Online, you will get to know what this programfile is doing pp. There will be a lot info about the running programs! Check it out! May you find what's flooding your system!

[cdnvic]

Go to Shields Up! and run a scan on your firewall and see what ports it reports as being open. There's no reason for those ports to be open to the outside world.

[astral]

Since these attacks come from outside and are being bounced by your firewall it looks as though you system is quite safe.

I suggest you turn off the reporting of the firewall action and get on with having fun on the net.

[gharknes]

Reboot the router and the problem goes away. For a while. Then they find me again....

sounds to me something is requesting these intrusions from your system, have you stuff like google toolbar installed, I removed it because they made me update it without my consent.........I don't like that, your ISP will connect to you periodically

load a program called neotrace and it will identify the IP address of the intruder using the "whois" database

[nikster]

Since these attacks come from outside and are being bounced by your firewall it looks as though you system is quite safe.

I suggest you turn off the reporting of the firewall action and get on with having fun on the net.

I second that.

I much prefer AV software which doesn't constantly remind me of its presence.

To understand why there are so many connection attempts picture that there are hundreds of thousands or even millions of infected PCs out there, most of them part of one or the other botnet. Thats why a lot of things try to come through the firewall. Luckily, the firewall doesn't care one bit...