?
Solved

does this sound like a DDOS attack?

Posted on 2013-12-18
4
Medium Priority
?
599 Views
Last Modified: 2013-12-19
Hi Experts,
I have an SHDSL service with a static IP address. There is a watchguard firebox appliance protecting the network. I don't host anything from this service, but I do point an MX record to the IP address. So port 25 is open, but most other ports are closed.

About 6 weeks ago, I started to notice about 60-70,000 hits a day, almost always to UDP ports with high numbers - 28502 for example - from many many different IP addresses.

The ports that are hit seem to go in waves - there'll be 36 hours of address 28502, then it will change to 6881, then 63535, 27392 etc. Each address will get a hammering, then they move on to the next address. Eventually, they return to the same addresses again.

My appliance is blocking all these requests, so nothing bad has happened. I'm just looking for some advice. What are they trying to acheive? Is it a port scan? if so, wouldn't they have given up by now?

I asked my ISP about it. He told me I must be running some P2P software internally. I'm not. He then told me not to worry about it. That many hits per day would not be affecting my service level.

I've been considering getting my IP address changed - bit of a hassle as the MX record points to it - but was just wondering - is this kind of thing normal on today's internet? Should I just expect to get 70,000 hits per day of people 'trying it on'?

Any opinions/advice would be most welcome.
Thanks folks.

Adam
0
Comment
Question by:adamianf
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728472
Hi! MX record is a point to start spam delivery. Also if your IP was formerly used to p2p applications it is possible some nodes trying your IP for peering. Also there is always scan attack through the whole Internet. Is it high traffic consumption cause of this?
0
 

Author Comment

by:adamianf
ID: 39728530
Hi There,
We have used it for a bit-torrent download on one occassion, would that explain it?
It doesn't seem to be affecting speed or consumption too much. I was just wondering how serious people think that amount of hits per day is.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 1000 total points
ID: 39729716
For you safety I recommend you to check local net stations by antivirus program. Who knows, maybe it is a zombie manager inside:) I'm joking;)
0
 
LVL 2

Accepted Solution

by:
TheBadKarma earned 1000 total points
ID: 39730957
Adam

in my experience, P2P file sharing and torrent downloading at a business is always a concern. With that being said and considering the issues at hand, I would think a virus(s) is running around the network, triggering the spam attacks. I would start scanning for viruses on all the machines, starting with the computers with torrent client software. If this is a large network, you could use Wireshark to examine the packets and determine which computers are infected.  

If you need any help, just ask.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Article by: Justin
In light of the WannaCry ransomware attack that affected millions of Windows machines, you might wonder if your Mac needs protecting. Yes, it does and here is how to do it.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question