Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Being botnetted, need to renew IP quick!


You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Security & Virus Discussion
Reload this Page Being botnetted, need to renew IP quick!
Register FAQ Members List Calendar Mark Forums Read

Being botnetted, need to renew IP quick!
Reply
 
Thread Tools
Old 26-04-2006, 22:42   #1
cf.member
 
Join Date: Apr 2006
Posts: 2
168pin is an unknown quantity at this point
Being botnetted, need to renew IP quick!
Hey all, looks like I'm being botnetted...

Pages and pages of firewall logs similar to this:

12 April 2006 21:34:58 Unrecognized attempt blocked from 85.187.131.203:31040 to 82.38.168.xx UDP:44043
12 April 2006 21:34:59 Unrecognized attempt blocked from 172.144.228.93:8881 to 82.38.168.xx UDP:44043
12 April 2006 21:35:01 Unrecognized attempt blocked from 85.130.80.9:8453 to 82.38.168.xx UDP:44043
12 April 2006 21:35:02 Unrecognized attempt blocked from 80.175.197.185:6881 to 82.38.168.xx UDP:44043
12 April 2006 21:35:03 Unrecognized attempt blocked from 69.196.192.106:33590 to 82.38.168.xx TCP:44043
12 April 2006 21:35:03 Unrecognized attempt blocked from 202.156.9.71:15626 to 82.38.168.xx UDP:44043

Loads and loads of different IPs, all UDP port 44043..

Router is starting to lose it, keeps throwing me off, and in a window with ping -t www.google.co.uk I keep getting timeouts every 20-30 secs.

Basically, I need a new IP..and quickly...any ideas?
168pin is offline   Reply With Quote
Old 26-04-2006, 23:00   #2
cf.mega poster
 
Join Date: Nov 2003
Location: Reading
Age: 24
Services: Virgin Media Broadband Size M
Posts: 6,849
Chris W has a nice shiny star
Chris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny starChris W has a nice shiny star
Send a message via MSN to Chris W
Re: Being botnetted, need to renew IP quick!


http://www.cableforum.co.uk/forum/article.php?a=90

hth
__________________
Chinese Proverb: Man who walks round with hand in pocket feels cocky all day.
Chris W is offline   Reply With Quote
Old 26-04-2006, 23:11   #3
cf.procrastinator
 
bmxbandit's Avatar
 
Join Date: Oct 2004
Location: Nottingham
Posts: 1,318
bmxbandit has reached the bronze age
bmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze age
Re: Being botnetted, need to renew IP quick!
the fact that one of the ports is 6881 and one is 8881 makes it look lke it could be something to do with bittorrent... perhaps a tracker somewhere is erroneously pointing at your ip (for whatever reason...)
__________________
I brake for cake!
bmxbandit is offline   Reply With Quote
Old 27-04-2006, 10:37   #4
cf.geek
 
grubbymitts's Avatar
 
Join Date: Mar 2005
Posts: 515
grubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond repute
Re: Being botnetted, need to renew IP quick!
oh dear, who have you upset on IRC

---------- Post added at 10:37 ---------- Previous post was at 10:36 ----------

Quote:
Originally Posted by bmxbandit
the fact that one of the ports is 6881 and one is 8881 makes it look lke it could be something to do with bittorrent... perhaps a tracker somewhere is erroneously pointing at your ip (for whatever reason...)
eh? He says it's on UDP port 44043
grubbymitts is offline   Reply With Quote
Old 27-04-2006, 10:44   #5
cf.procrastinator
 
bmxbandit's Avatar
 
Join Date: Oct 2004
Location: Nottingham
Posts: 1,318
bmxbandit has reached the bronze age
bmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze agebmxbandit has reached the bronze age
Re: Being botnetted, need to renew IP quick!
it's trying to receive data on port 44043, yes... but the computers it's coming from are using various ports, one of which is the standard bittorrent port, and one of whch is suspiciously similar.

might be something completely different, hard to say
__________________
I brake for cake!
bmxbandit is offline   Reply With Quote
Old 27-04-2006, 13:05   #6
cf.member
 
Join Date: Apr 2006
Posts: 2
168pin is an unknown quantity at this point
Re: Being botnetted, need to renew IP quick!
Quote:
Originally Posted by grubbymitts
oh dear, who have you upset on IRC
Actually, I don't think I upset anyone...although I do know some people who supposedly own botnets...

Quote:
Originally Posted by grubbymitts
eh? He says it's on UDP port 44043
Yeah, I understand the source port is BitTorrent...but I thought BT traffic was TCP rather than UDP?
168pin is offline   Reply With Quote
Old 01-05-2006, 17:32   #7
Permanently Banned
 
James Henry's Avatar
 
Join Date: Apr 2006
Posts: 562
James Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these partsJames Henry is just so famous around these parts
Re: Being botnetted, need to renew IP quick!
Haha.

If you were getting DDoS'd by someone who had a substantial Botnet you think for a second you'd be able to post here?

1 hit on firewall per second certainly isn't an attack, you'd be getting hit with thousands of these a second

Been running any P2P recently? Bittorrent, Limewire, Shareaza, Bearshare, Gnutella, Gnutella 2, etc.
James Henry is offline   Reply With Quote
Old 01-05-2006, 20:43   #8
cf.geek
 
grubbymitts's Avatar
 
Join Date: Mar 2005
Posts: 515
grubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond reputegrubbymitts has a reputation beyond repute
Re: Being botnetted, need to renew IP quick!
It could also be a worm attack searching through an IP range for open ports with compromised/old versions of programs listening behind it. These wouldn't be as ferocious as a DDOS attack and may be spreading via other people with open P2P ports.

Just an idea.
grubbymitts is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 15:48.


Links
Google
 
Web www.cableforum.co.uk

Contact Us - Service Status - Virgin.Net Status - Cable Forum - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0
Copyright © 2003 - 2008, Cable Forum.
(s204569790.onlinehome.info)
Copyright © 2008 Cable Forum | Hosted By 1&1 | Privacy Policy | Terms of Use Message Boards and Forums Directory