Solved

does this sound like a DDOS attack?

Posted on 2013-12-18
4
592 Views
Last Modified: 2013-12-19
Hi Experts,
I have an SHDSL service with a static IP address. There is a watchguard firebox appliance protecting the network. I don't host anything from this service, but I do point an MX record to the IP address. So port 25 is open, but most other ports are closed.

About 6 weeks ago, I started to notice about 60-70,000 hits a day, almost always to UDP ports with high numbers - 28502 for example - from many many different IP addresses.

The ports that are hit seem to go in waves - there'll be 36 hours of address 28502, then it will change to 6881, then 63535, 27392 etc. Each address will get a hammering, then they move on to the next address. Eventually, they return to the same addresses again.

My appliance is blocking all these requests, so nothing bad has happened. I'm just looking for some advice. What are they trying to acheive? Is it a port scan? if so, wouldn't they have given up by now?

I asked my ISP about it. He told me I must be running some P2P software internally. I'm not. He then told me not to worry about it. That many hits per day would not be affecting my service level.

I've been considering getting my IP address changed - bit of a hassle as the MX record points to it - but was just wondering - is this kind of thing normal on today's internet? Should I just expect to get 70,000 hits per day of people 'trying it on'?

Any opinions/advice would be most welcome.
Thanks folks.

Adam
0
Comment
Question by:adamianf
  • 2
4 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728472
Hi! MX record is a point to start spam delivery. Also if your IP was formerly used to p2p applications it is possible some nodes trying your IP for peering. Also there is always scan attack through the whole Internet. Is it high traffic consumption cause of this?
0
 

Author Comment

by:adamianf
ID: 39728530
Hi There,
We have used it for a bit-torrent download on one occassion, would that explain it?
It doesn't seem to be affecting speed or consumption too much. I was just wondering how serious people think that amount of hits per day is.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 250 total points
ID: 39729716
For you safety I recommend you to check local net stations by antivirus program. Who knows, maybe it is a zombie manager inside:) I'm joking;)
0
 
LVL 2

Accepted Solution

by:
TheBadKarma earned 250 total points
ID: 39730957
Adam

in my experience, P2P file sharing and torrent downloading at a business is always a concern. With that being said and considering the issues at hand, I would think a virus(s) is running around the network, triggering the spam attacks. I would start scanning for viruses on all the machines, starting with the computers with torrent client software. If this is a large network, you could use Wireshark to examine the packets and determine which computers are infected.  

If you need any help, just ask.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the biggest threats facing all high-value targets are APT's.  These threats include sophisticated tactics that "often starts with mapping human organization and collecting intelligence on employees, who are nowadays a weaker link than network…
In this increasingly digital world, security hacks are no longer just a threat, but a reality. As we've witnessed with Target's big identity hack 2013, Heartbleed in 2015, and now Cloudbleed, companies and their leaders need to prepare for the unthi…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question