Urgent: Someone is knocking off my buddys connection.

it's not a trojan i think he's sending packets to his IP and knocking it off. he said he cant really do antyhing, he gets disconnected every 5 mins.  what exactly is this method called, and can anything be done?
andyakiraAsked:
Who is Participating?
 
Tim HolmanConnect With a Mentor Commented:
Capture some evidence...

1)  Go to http://www.ethereal.com/download.html
2)  Under Windows 98/ME/2000/XP/2003 Installers, select a site near you
3)  Download WinPcap_3_0.exe and ethereal-setup-0.10.4.exe
4)  Install WinPcap_3_0 - double click on the WinPcap_3_0.exe file, just
click OK / Yes throughout
5)  Install ethereal-setup-0.10.4 - double click on the file, accept all the
defaults (OK / Yes throughout)
6)  Start the Ethereal application
7)  Go to Capture > Start
8)  Under Interface, select your Internet facing interface.  If you're
unsure, then select one, and continue.  If it displays results, then you've
got the right interface, if your capture is empty, then select another
interface and carry on...
9)  Under Capture Files, put \capture.cap
10)  Click OK
11)  Capturing will commence....
12)  Capture what you need to
13) Go back to Ethereal, click Stop
14)  Analyse the c:\capture.cap file, or send it to me - tim_holman@hotmail.com
0
 
jvuzCommented:
First check for virus:

http://vil.nai.com/vil/stinger/
0
 
magus123Commented:
what kind of internet connection is he using ,
also does he have software firewall and a hardware firewall
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 
ravisimpiCommented:
Someone is sending you a remote modem commant to hang up.. That command is ATH0

     There are programs which send this command provided they know the IP address of your buddy.

  Have a look at this article which will explain you in detail about the hang up ping.

http://www.attrition.org/security/denial/w/mod-ath.dos.html
0
 
ravisimpiCommented:
Solution  Start>Settings>contrl panel>

Double click on modems, select your modem in the list,  then click properties, and then in the connection tab click on advanced button
, in extra settings box  enter the value 's2=255' without quites


         s2=255

You can also make search in google as 's2=255 fix'
0
 
MinusDriverCommented:
I've had this same problem before.

ravisimpi hit it right on the nail!!

Solution  Start>Settings>contrl panel>

Double click on modems, select your modem in the list,  then click properties, and then in the connection tab click on advanced button
, in extra settings box  enter the value 's2=255' without quites

         s2=255

This was actually what I had to do.

Good Luck!
0
 
andyakiraAuthor Commented:
does the s2=255 fix work for cable modem?

tim_holman, i cant send u log because the guy that was atatcked hasnt been online ever since. i think he was nuked hard. ill have to wait till he gets on.
0
 
ravisimpiCommented:
will you please tell me what actually made your buddy's connection to knock out?


 I thought that Just ATH0 was the culprit
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.