• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 605
  • Last Modified:

does this sound like a DDOS attack?

Hi Experts,
I have an SHDSL service with a static IP address. There is a watchguard firebox appliance protecting the network. I don't host anything from this service, but I do point an MX record to the IP address. So port 25 is open, but most other ports are closed.

About 6 weeks ago, I started to notice about 60-70,000 hits a day, almost always to UDP ports with high numbers - 28502 for example - from many many different IP addresses.

The ports that are hit seem to go in waves - there'll be 36 hours of address 28502, then it will change to 6881, then 63535, 27392 etc. Each address will get a hammering, then they move on to the next address. Eventually, they return to the same addresses again.

My appliance is blocking all these requests, so nothing bad has happened. I'm just looking for some advice. What are they trying to acheive? Is it a port scan? if so, wouldn't they have given up by now?

I asked my ISP about it. He told me I must be running some P2P software internally. I'm not. He then told me not to worry about it. That many hits per day would not be affecting my service level.

I've been considering getting my IP address changed - bit of a hassle as the MX record points to it - but was just wondering - is this kind of thing normal on today's internet? Should I just expect to get 70,000 hits per day of people 'trying it on'?

Any opinions/advice would be most welcome.
Thanks folks.

Adam
0
adamianf
Asked:
adamianf
  • 2
2 Solutions
 
vyaradaikinCommented:
Hi! MX record is a point to start spam delivery. Also if your IP was formerly used to p2p applications it is possible some nodes trying your IP for peering. Also there is always scan attack through the whole Internet. Is it high traffic consumption cause of this?
0
 
adamianfAuthor Commented:
Hi There,
We have used it for a bit-torrent download on one occassion, would that explain it?
It doesn't seem to be affecting speed or consumption too much. I was just wondering how serious people think that amount of hits per day is.
0
 
vyaradaikinCommented:
For you safety I recommend you to check local net stations by antivirus program. Who knows, maybe it is a zombie manager inside:) I'm joking;)
0
 
TheBadKarmaCommented:
Adam

in my experience, P2P file sharing and torrent downloading at a business is always a concern. With that being said and considering the issues at hand, I would think a virus(s) is running around the network, triggering the spam attacks. I would start scanning for viruses on all the machines, starting with the computers with torrent client software. If this is a large network, you could use Wireshark to examine the packets and determine which computers are infected.  

If you need any help, just ask.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now