Solved

does this sound like a DDOS attack?

Posted on 2013-12-18
4
588 Views
Last Modified: 2013-12-19
Hi Experts,
I have an SHDSL service with a static IP address. There is a watchguard firebox appliance protecting the network. I don't host anything from this service, but I do point an MX record to the IP address. So port 25 is open, but most other ports are closed.

About 6 weeks ago, I started to notice about 60-70,000 hits a day, almost always to UDP ports with high numbers - 28502 for example - from many many different IP addresses.

The ports that are hit seem to go in waves - there'll be 36 hours of address 28502, then it will change to 6881, then 63535, 27392 etc. Each address will get a hammering, then they move on to the next address. Eventually, they return to the same addresses again.

My appliance is blocking all these requests, so nothing bad has happened. I'm just looking for some advice. What are they trying to acheive? Is it a port scan? if so, wouldn't they have given up by now?

I asked my ISP about it. He told me I must be running some P2P software internally. I'm not. He then told me not to worry about it. That many hits per day would not be affecting my service level.

I've been considering getting my IP address changed - bit of a hassle as the MX record points to it - but was just wondering - is this kind of thing normal on today's internet? Should I just expect to get 70,000 hits per day of people 'trying it on'?

Any opinions/advice would be most welcome.
Thanks folks.

Adam
0
Comment
Question by:adamianf
  • 2
4 Comments
 
LVL 3

Expert Comment

by:vyaradaikin
ID: 39728472
Hi! MX record is a point to start spam delivery. Also if your IP was formerly used to p2p applications it is possible some nodes trying your IP for peering. Also there is always scan attack through the whole Internet. Is it high traffic consumption cause of this?
0
 

Author Comment

by:adamianf
ID: 39728530
Hi There,
We have used it for a bit-torrent download on one occassion, would that explain it?
It doesn't seem to be affecting speed or consumption too much. I was just wondering how serious people think that amount of hits per day is.
0
 
LVL 3

Assisted Solution

by:vyaradaikin
vyaradaikin earned 250 total points
ID: 39729716
For you safety I recommend you to check local net stations by antivirus program. Who knows, maybe it is a zombie manager inside:) I'm joking;)
0
 
LVL 2

Accepted Solution

by:
TheBadKarma earned 250 total points
ID: 39730957
Adam

in my experience, P2P file sharing and torrent downloading at a business is always a concern. With that being said and considering the issues at hand, I would think a virus(s) is running around the network, triggering the spam attacks. I would start scanning for viruses on all the machines, starting with the computers with torrent client software. If this is a large network, you could use Wireshark to examine the packets and determine which computers are infected.  

If you need any help, just ask.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
This article explains in simple steps how to renew expiring Exchange Server Internal Transport Certificate.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now