03-17-2017 09:10 AM
My internet connection has slowed to a snails pace, this is like using dialup@2400 baud. I checked my security logs to find outside IP addresses launching Syncflood attacks.
IN=vlan2 OUT=NONE src=126.96.36.199 DST=188.8.131.52 SPORT=35611 DPORT=1099 PROTO=TCP
IN=vlan2 OUT=NONE src=184.108.40.206 DST=220.127.116.11 SPORT=26983 DPORT=23 PROTO=TCP
IN=vlan2 OUT=NONE src=18.104.22.168 DST=22.214.171.124 SPORT=37454 DPORT=7547 PROTO=TCP
IN=vlan2 OUT=NONE src=126.96.36.199 DST=188.8.131.52 SPORT=57607 DPORT=7186 PROTO=TCP
IN=vlan2 OUT=NONE src=184.108.40.206 DST=220.127.116.11 SPORT=44824 DPORT=3393 PROTO=TCP
IN=vlan2 OUT=NONE src=18.104.22.168 DST=22.214.171.124 SPORT=9475 DPORT=5358 PROTO=TCP
IN=vlan2 OUT=NONE src=126.96.36.199 DST=188.8.131.52 SPORT=80 DPORT=59561 PROTO=TCP
IN=vlan2 OUT=NONE src=184.108.40.206 DST=220.127.116.11 SPORT=80 DPORT=59564 PROTO=TCP
IN=vlan2 OUT=NONE src=18.104.22.168 DST=22.214.171.124 SPORT=80 DPORT=59563 PROTO=TCP
IN=vlan2 OUT=NONE src=126.96.36.199 DST=188.8.131.52 SPORT=19707 DPORT=22 PROTO=TCP
IN=vlan2 OUT=NONE src=184.108.40.206 DST=220.127.116.11 SPORT=38378 DPORT=23 PROTO=TCP
IN=vlan2 OUT=NONE src=18.104.22.168 DST=22.214.171.124 SPORT=363 DPORT=7547 PROTO=TCP
IN=vlan2 OUT=NONE src=126.96.36.199 DST=188.8.131.52 SPORT=57607 DPORT=3474 PROTO=TCP
IN=vlan2 OUT=NONE src=184.108.40.206 DST=220.127.116.11 SPORT=57607 DPORT=3494 PROTO=TCP
Found Syncflood attack from 18.104.22.168 in port 1099 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 22.214.171.124 in port 23 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 126.96.36.199 in port 7547 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 188.8.131.52 in port 7186 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 184.108.40.206 in port 3393 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 220.127.116.11 in port 5358 => Fri Mar 17 12:10:18 2017
Found PortScanner attack from 18.104.22.168 in port 59561 => Fri Mar 17 12:10:18 2017
Found PortScanner attack from 22.214.171.124 in port 59564 => Fri Mar 17 12:10:18 2017
Found PortScanner attack from 126.96.36.199 in port 59563 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 188.8.131.52 in port 22 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 184.108.40.206 in port 23 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 220.127.116.11 in port 7547 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 18.104.22.168 in port 3474 => Fri Mar 17 12:10:18 2017
Found Syncflood attack from 22.214.171.124 in port 3494 => Fri Mar 17 12:10:18 2017
03-17-2017 09:54 AM
HOW do I get this to stop and restore my internet speed?
Unplug all your devices / disconnect then from your LAN.
Connect them back, one at a time, to see which one brings down the house. When you find the guilty part (and it might be more than one device), you will need to take it off-line and sanitize it.
03-17-2017 01:36 PM - edited 03-17-2017 01:43 PM
First, you know your modem and probably your router are working correctly. That's the part this particular peer-to-peer forum is here to support.
Next, follow the advice you were given: Run your computer's virus protection software and tell it to quarantine all suspicious files. If you don't already use some sort of VPS, you were asking for trouble and it has found you. I suggest you also run the free version of adwcleaner that is now part of MalwareBytes. Again, tell it to quarantine everything it finds, then permanently delete those files. Do the same with your USB drive to ensure you are not reinfecting from that source. When you have finally eradicated the viruses, install a good antivirus package on each of your internet devices and use it regularly, if not continuously.
You can use "whois" to figure out who is attacking you on each hostile IP address and from what part of the world, if you are interested. Chances are that each is another infected computer whose owner is unaware of what's going on in the background.
You can ask additional anti-virus questions and get more of the same advice from staff in the Antivirus & Internet Security forum.
03-17-2017 01:44 PM
inetnum: 126.96.36.199 - 188.8.131.52 netname: BB-Multiplay descr: Broadband Multiplay Project, O/o DGM BB, NOC BSNL Bangalore country: IN admin-c: BH155-AP tech-c: DB374-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-IN-DOT mnt-irt: IRT-BSNL-IN changed: firstname.lastname@example.org 20141128 source: APNIC irt: IRT-BSNL-IN address: Internet Cell address: Bharat Sanchar Nigam Limited address: 8th Floor,148-B Statesman House address: Barakhamba Road, New Delhi - 110 001 e-mail: email@example.com abuse-mailbox: firstname.lastname@example.org admin-c: NC83-AP tech-c: CGMD1-AP auth: # Filtered mnt-by: MAINT-IN-DOT changed: email@example.com 20101111 changed: firstname.lastname@example.org 20101112 source: APNIC person: BSNL Hostmaster nic-hdl: BH155-AP e-mail: email@example.com address: Broadband Networks address: Bharat Sanchar Nigam Limited address: 2nd Floor, Telephone Exchange, Sector 62 address: Noida phone: +91-120-2404243 fax-no: +91-120-2404241 country: IN changed: firstname.lastname@example.org 20021108 mnt-by: MAINT-IN-PER-DOT source: APNIC person: DGM Broadband address: BSNL NOC Bangalore country: IN phone: +91-080-25805800 fax-no: +91-080-25800022 e-mail: email@example.com nic-hdl: DB374-AP mnt-by: MAINT-IN-PER-DOT changed: firstname.lastname@example.org 20110218 source: APNIC route: 184.108.40.206/20 descr: BSNL Internet country: IN origin: AS9829 mnt-lower: MAINT-IN-DOT mnt-routes: MAINT-IN-DOT mnt-by: MAINT-IN-AS9829 changed: email@example.com 20070914 source: APNIC
NetRange: 220.127.116.11 - 18.104.22.168 CIDR: 22.214.171.124/20 NetName: EDGECAST-NETBLK-01 NetHandle: NET-72-21-80-0-1 Parent: NET72 (NET-72-0-0-0-0) NetType: Direct Allocation OriginAS: AS15133 Organization: MCI Communications Services, Inc. d/b/a Verizon Business (MCICS) RegDate: 2007-04-23 Updated: 2016-07-28 Ref: https://whois.arin.net/rest/net/NET-72-21-80-0-1 OrgName: MCI Communications Services, Inc. d/b/a Verizon Business OrgId: MCICS Address: 22001 Loudoun County Pkwy City: Ashburn StateProv: VA PostalCode: 20147 Country: US RegDate: 2006-05-30 Updated: 2017-01-28 Ref: https://whois.arin.net/rest/org/MCICS OrgAbuseHandle: ABUSE3-ARIN OrgAbuseName: abuse OrgAbusePhone: +1-800-900-0241 OrgAbuseEmail: firstname.lastname@example.org OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE3-ARIN OrgTechHandle: SWIPP9-ARIN OrgTechName: SWIPPER OrgTechPhone: +1-800-900-0241 OrgTechEmail: email@example.com OrgTechRef: https://whois.arin.net/rest/poc/SWIPP9-ARIN OrgTechHandle: SWIPP-ARIN OrgTechName: swipper OrgTechPhone: +1-800-900-0241 OrgTechEmail: firstname.lastname@example.org OrgTechRef: https://whois.arin.net/rest/poc/SWIPP-ARIN OrgNOCHandle: OA12-ARIN OrgNOCName: UUnet Technologies, Inc., Technologies OrgNOCPhone: +1-800-900-0241 OrgNOCEmail: email@example.com OrgNOCRef: https://whois.arin.net/rest/poc/OA12-ARIN
|ISP:||Uab Duomenu Centras|
inetnum: 126.96.36.199 - 188.8.131.52 netname: BALTICSERVERS-LT-DEDICATED descr: Dedicated servers country: LT admin-c: MS33333-RIPE tech-c: MS33333-RIPE status: ASSIGNED PA mnt-by: DUOMENUCENTRAS-MNT created: 2014-03-27T12:23:39Z last-modified: 2014-03-27T12:23:39Z source: RIPE