TCP Packet - Source:184.108.40.206,39341 Destination:192.168.1.1,25 - [DOS] TCP Packet - Source:220.127.116.11,3473 Destination:18.104.22.168,135 - [DOS] Thu, 2006-10-19 16:30:03 – UDP Packet - Source:192.168.1.111,1443 Destination:22.214.171.124,53 - [Any(ALL) match]
What is this?
If you want to get more information, I recommend that you configure a sniffer, such as the easy-to-use Wireshark tool. You can then sniff traffic on the internal interface of your router, and look for additional packets coming from 126.96.36.199 and 188.8.131.52. As another option, if you can get access to any of the 192.168 machines here (or any others for that matter), and they are Windows machines, you can run this command to get more details about what is going on:
C:> netstat –nao 1 | find "[IP_addr_of_other_side" | find "[port]"
The netstat command shows TCP and UDP ports that are in use. The –n means that we want numbers (not names) of ports and machines. The –a indicates our preference for all traffic. The –o means that we want the Process ID (PID) of the program using that port. The 1 will make this command run every second, again and again.
Then, the output is scraped for any indication of the IP address of the other side. Look for packets going to or from the ports in question, namely 25, 135, and 53. Let the command run for a little while, and see if and when one of the machines sends such a packet. When it does, look at the PID, and find it in Task Manager. If using Windows XP, 2003 or Vista, you can also use this command:
C:> wmic process list brief
Then, you'll know the process sending it, so you can check whether it is valid, and you can look over its configuration.
Dig deeper on Network Firewalls, Routers and Switches
Related Q&A from Ed Skoudis, Contributor
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ...continue reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ...continue reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.