Jump to content

HELP AM I GETTING DDoS'd?


Breee
 Share

Recommended Posts

Hey, my internet has been recently running VERY slow, I tried restarting the router and everything it doesn't help. I'm on WiFi. Every time I check the status of my wireless it shows me millions-billions of bytes received within in minutes of connecting. I don't have a virus because I haven't downloaded anything, I have scanned my laptop several times using several software, and also have wiped my laptop as well. Here is a picture of how many bytes were sent/received within 3 hours of connecting.

Is this a DDOS attack? If it is/isn't what can I do to help me fix this issue? Thanks in advance

I have uploaded the picture so please check it out in attachments.

post-49428-0-65175000-1419932451_thumb.p

Update: I checked again at the status its now at 2 billion + bytes received at 3:55 hours of being connected it keeps increasing like 1 million bytes per 1-2 seconds.

Link to comment
Share on other sites

Restart your router hopefully that will change your IP if not contact your service provider and explain your situation and they will change your IP for you.

Hey, my internet has been recently running VERY slow, I tried restarting the router and everything it doesn't help. I'm on WiFi. Every time I check the status of my wireless it shows me millions-billions of bytes received within in minutes of connecting. I don't have a virus because I haven't downloaded anything, I have scanned my laptop several times using several software, and also have wiped my laptop as well. Here is a picture of how many bytes were sent/received within 3 hours of connecting.

Is this a DDOS attack? If it is/isn't what can I do to help me fix this issue? Thanks in advance

I have uploaded the picture so please check it out in attachments.

attachicon.gifUntitled.png

Update: I checked again at the status its now at 2 billion + bytes received at 3:55 hours of being connected it keeps increasing like 1 million bytes per 1-2 seconds.

Link to comment
Share on other sites

What puzzles me in that pic is that you're not showing what your router has received, but what you received. You. The client to the AP which is inside your router. Meaning that your router is sending data on to your machine which in turn means that either you're running some sort of downloading client (bittorrent or whatever) or you ARE being DOSed, but on a port for which you've added a port-forwarding rule to your router to ensure traffic destined for that port reaches your machine.

See if the router has some sort of information page about the amount of traffic flowing into it using a second machine like (second PC, tablet, mobile, machine of someone else on the same router). If it does, turn off your machine and see if the traffic flow stops. If it stops, it's your computer downloading shit. If it continues, you're being DOSsed.

Main difference between a DOS and 'normal' traffic is that a DOS doesn't bother to look if the recipient actually processes the packets so this should be a proper test to distinguish between the two.

Link to comment
Share on other sites

You could inspect this a few ways. 1, command line netstat, 2, wireshark and look through whats happening(may be a bit much if you don't know what to look for) and 3, http://technet.microsoft.com/en-us/sysinternals/bb897437 which you can screen print and show us open/listening ports on your machine(if you want - censor what you don't want shown obviously) but they should show you ports receiving data and listening for open connections.

netstat in windows (cmd.exe, run as administrator)

command: "netstat -anbt 3"

That will update every 3 seconds. TCPview is much easier on the eyes and lets you filter/resolve names on and off, and also copy and paste easily a line/address/connection. If you want to look up foreign/external hosts and see where they are if you're looking for more info, you can copy the connected IP to infosniper: http://www.infosniper.net/locate-ip-on-map.php?lang=1

Also, if this is a multi-node home with other users on the same network, check your arp table for local IP's connected to you. Someone at home, whether intentional or not, may be snooping/MITM'ing your traffic. If you see more associations than your router, broadcast and milticast addresses, then I'd inspect the other machines on the home network.

command: "arp -a"

Interestingly, also just found this (but as cooper said, looks like your node is being sent the data, although could be from the router if flawed and attacked externally) - http://www.healthcareinfosecurity.com/report-flaw-affects-12-million-routers-a-7738

Edited by digip
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...