Overclock.net banner

1 - 16 of 16 Posts

·
Registered
Joined
·
706 Posts
Discussion Starter #1
Hello,

I'm not sure this is the correct place to ask, but asking it anyway.
I've been looking through my Internet settings for a solution for the fact that my internet connection keeps falling out, and I noticed this in the system log:

2010/03/12 21:25:50 : Blocked access attempt from 187.24.141.5
2010/03/12 21:25:49 : Blocked access attempt from 201.1.89.240
2010/03/12 21:25:48 : Blocked access attempt from 222.70.152.160
2010/03/12 21:25:48 : Blocked access attempt from 117.84.158.222
2010/03/12 21:25:48 : Blocked access attempt from 222.70.152.160
2010/03/12 21:25:47 : Blocked access attempt from 217.216.54.86
2010/03/12 21:25:47 : Blocked access attempt from 193.77.185.30
2010/03/12 21:25:46 : Blocked access attempt from 75.82.105.8
2010/03/12 21:25:44 : Blocked access attempt from 24.20.55.36
2010/03/12 21:25:43 : Blocked access attempt from 218.75.242.228
2010/03/12 21:25:43 : Blocked access attempt from 201.1.89.240
2010/03/12 21:25:43 : Blocked access attempt from 88.2.98.63
2010/03/12 21:25:42 : Blocked access attempt from 69.70.200.2
2010/03/12 21:25:42 : Blocked access attempt from 122.193.175.99
2010/03/12 21:25:41 : Blocked access attempt from 79.87.70.94
2010/03/12 21:25:41 : Blocked access attempt from 201.13.38.208

And it goed on, and on, and on... For every second of the day, every day of the week.

I traced a few of these IP's to places like Singapore, and I was quite curious why all these IP's are actually in there.

Any suggestions?

Kristian.
 

·
Premium Member
Joined
·
7,703 Posts
You're getting attacked by a botnet.
 

·
Registered
Joined
·
706 Posts
Discussion Starter #3
That doesn't sound pleasant. What do these botnets do, and how do I stop them doing this?
 

·
Premium Member
Joined
·
7,703 Posts
It was a half joke, but could be possible. Change your computer's IP and see if it keeps happening.

A botnet is a collection of unknowingly compromised computers which perform various deviant acts upon other computers. Could be denial of service attacks, brute force attacks (like maybe they are doing on your computer), spamming, etc...
 
  • Rep+
Reactions: Kristian

·
Registered
Joined
·
706 Posts
Discussion Starter #6
Thought about blocking them, but as I said, they do around 3 a second, and for as far as I can see, the IP's aren't recurring.

Changed the IP, now waiting for the log to update to show me if it continues.

+rep for both =)
 

·
Registered
Joined
·
671 Posts
is this your router's log? or your software's firewall log?

this happened to me awhile ago and my internet would sometimes disconnect. my router had simliar logs, its just yoour firewall/router doings its job. its most likely your ISP is being crappy.
 

·
Registered
Joined
·
706 Posts
Discussion Starter #9
Yes, it's the system log of my router from the internet settings. Well, it comforts me to see that I'm not the only one. I'll just leave it alone for now, might be something to investigate further the next time I call them up for tech support (sigh).

Thanks =)
 

·
Banned
Joined
·
10,292 Posts
yeah i installed malwarebytes full and had the same exact thing..i'd get popup baloons saying that it blocked this ip and it blocked that ip...its quite normal
 

·
Registered
Joined
·
671 Posts
Quote:

Originally Posted by srsparky32 View Post
yeah i installed malwarebytes full and had the same exact thing..i'd get popup baloons saying that it blocked this ip and it blocked that ip...its quite normal
uhhhhh i dont think mbam is a firewall lol, it just blocks known bad IP addresses to prevent malware from getting on your computer. mbam is not a firewall
 

·
Registered
Joined
·
2,104 Posts
Could be DoS attack, may explain the disconnection.

People gather a load of botnets to spam connect to a webserver until it crashes. The same could be happening here, a load of botnets crashing your internet connection till your router can't handle it.

Maybe or maybe not.
 

·
Registered
Joined
·
1,058 Posts
do you have a decent firewall and anti virus installed on your machines at home? if so i wouldn't worry to much about these attacks on your router, also make sure that the settings page has a password
 

·
Registered
Joined
·
1,657 Posts
From that log it looks like a Spoofed IP attack. You may want to install HoneyBOT (or any other honeypot) and monitor what services are being scanned/attacked. You can also install Wireshark and capture that traffic to determine what those packets are doing. Whether trying to bypass a packet filter, just a DOS, etc.

Just a thought.
 

·
Registered
Joined
·
90 Posts
Hostname:201-1-89-240.dsl.telesp.net.br
ISP:TELECOMUNICACOES DE SAO PAULO S.A. - TELESP
Organization:TELECOMUNICACOES DE SAO PAULO S.A. - TELESP
Proxy:None detected
Type:Broadband
Assignment:Dynamic IP
Blacklist:

Geo-Location Information

Country:Brazil
State/Region:Sao Paulo
City:São Paulo
Latitude:-23.5333
Longitude:-46.6167
Area Code:
 

·
Registered
Joined
·
887 Posts
Empty the logs and then disconnect your pc from the router. Then wait a few minutes and then connect your pc and check the logs. Check for logs of the time when your pc was disconnected. If you don't see those blocked IPs this time then it maybe something your pc initiating the connection.
 
1 - 16 of 16 Posts
Top