Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

does this sound like a DDOS attack?

Posted on 2013-12-18
4
Medium Priority
?
602 Views
Last Modified: 2013-12-19
Hi Experts,
I have an SHDSL service with a static IP address. There is a watchguard firebox appliance protecting the network. I don't host anything from this service, but I do point an MX record to the IP address. So port 25 is open, but most other ports are closed.

About 6 weeks ago, I started to notice about 60-70,000 hits a day, almost always to UDP ports with high numbers - 28502 for example - from many many different IP addresses.

The ports that are hit seem to go in waves - there'll be 36 hours of address 28502, then it will change to 6881, then 63535, 27392 etc. Each address will get a hammering, then they move on to the next address. Eventually, they return to the same addresses again.

My appliance is blocking all these requests, so nothing bad has happened. I'm just looking for some advice. What are they trying to acheive? Is it a port scan? if so, wouldn't they have given up by now?

I asked my ISP about it. He told me I must be running some P2P software internally. I'm not. He then told me not to worry about it. That many hits per day would not be affecting my service level.

I've been considering getting my IP address changed - bit of a hassle as the MX record points to it - but was just wondering - is this kind of thing normal on today's internet? Should I just expect to get 70,000 hits per day of people 'trying it on'?

Any opinions/advice would be most welcome.
Thanks folks.

Adam
0
Comment
Question by:adamianf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728472
Hi! MX record is a point to start spam delivery. Also if your IP was formerly used to p2p applications it is possible some nodes trying your IP for peering. Also there is always scan attack through the whole Internet. Is it high traffic consumption cause of this?
0
 

Author Comment

by:adamianf
ID: 39728530
Hi There,
We have used it for a bit-torrent download on one occassion, would that explain it?
It doesn't seem to be affecting speed or consumption too much. I was just wondering how serious people think that amount of hits per day is.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 1000 total points
ID: 39729716
For you safety I recommend you to check local net stations by antivirus program. Who knows, maybe it is a zombie manager inside:) I'm joking;)
0
 
LVL 2

Accepted Solution

by:
TheBadKarma earned 1000 total points
ID: 39730957
Adam

in my experience, P2P file sharing and torrent downloading at a business is always a concern. With that being said and considering the issues at hand, I would think a virus(s) is running around the network, triggering the spam attacks. I would start scanning for viruses on all the machines, starting with the computers with torrent client software. If this is a large network, you could use Wireshark to examine the packets and determine which computers are infected.  

If you need any help, just ask.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question