Link to home
Start Free TrialLog in
Avatar of soffcec
soffcecFlag for Iceland

asked on

Attack ?

I have Windows 2003 router

I am having lot of drop on NIC with IP 10.0.1.254

When I run Windump I get following pakcets (9000 + pr/sec)

07:24:00.320690 IP 192.168.1.1.445 > 10.0.1.210.63136: R 781344400:781344400(0) win 0
07:24:00.320792 IP 192.168.1.1.445 > 10.0.1.210.63136: R 781344400:781344400(0) win 0

No interface have the IP 192.168.x.x and I am not using it anywhere
The IP 10.0.1.210 have not been online for more than 2 days.

This starts every several hours and it runs for about 10-20 min each time.

ASKER CERTIFIED SOLUTION
Avatar of Arman Khodabande
Arman Khodabande
Flag of Iran, Islamic Republic of image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of soffcec
soffcec
Flag of Iceland image

ASKER

it is 192.168.1.1.445, but i cant find out how this address can do anything because the router is routing from 10.0.10.x to 10.0.1.x and 192.168.1.1 should not been seen there.
 I know computer 10.0.1.210 and it has not been online for more than 2 days, and there has been no traffic from 10.0.1.210, only to it.
SOLUTION
Avatar of Arman Khodabande
Arman Khodabande
Flag of Iran, Islamic Republic of image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of soffcec
soffcec
Flag of Iceland image

ASKER

no computer is answaring 10.0.1.210,  and windump cannot see anything coming from it. All gateways are ok. N
Avatar of soffcec
soffcec
Flag of Iceland image

ASKER

the fifth part of the ip number is the port number.
SOLUTION
Avatar of Arman Khodabande
Arman Khodabande
Flag of Iran, Islamic Republic of image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Sudeep Sharma
Sudeep Sharma
Flag of India image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of soffcec
soffcec
Flag of Iceland image

ASKER

It look like I have malfunction in one of my dslams, every time I cold restart the dslam, the attack stops.
SOLUTION
Avatar of Arman Khodabande
Arman Khodabande
Flag of Iran, Islamic Republic of image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Arman Khodabande
Arman Khodabande
Flag of Iran, Islamic Republic of image
Good luck