Breee Posted December 30, 2014 Share Posted December 30, 2014 Hey, my internet has been recently running VERY slow, I tried restarting the router and everything it doesn't help. I'm on WiFi. Every time I check the status of my wireless it shows me millions-billions of bytes received within in minutes of connecting. I don't have a virus because I haven't downloaded anything, I have scanned my laptop several times using several software, and also have wiped my laptop as well. Here is a picture of how many bytes were sent/received within 3 hours of connecting. Is this a DDOS attack? If it is/isn't what can I do to help me fix this issue? Thanks in advance I have uploaded the picture so please check it out in attachments. Update: I checked again at the status its now at 2 billion + bytes received at 3:55 hours of being connected it keeps increasing like 1 million bytes per 1-2 seconds. Quote Link to comment Share on other sites More sharing options...
WPA3 Posted December 30, 2014 Share Posted December 30, 2014 Restart your router hopefully that will change your IP if not contact your service provider and explain your situation and they will change your IP for you. Hey, my internet has been recently running VERY slow, I tried restarting the router and everything it doesn't help. I'm on WiFi. Every time I check the status of my wireless it shows me millions-billions of bytes received within in minutes of connecting. I don't have a virus because I haven't downloaded anything, I have scanned my laptop several times using several software, and also have wiped my laptop as well. Here is a picture of how many bytes were sent/received within 3 hours of connecting. Is this a DDOS attack? If it is/isn't what can I do to help me fix this issue? Thanks in advance I have uploaded the picture so please check it out in attachments. Untitled.png Update: I checked again at the status its now at 2 billion + bytes received at 3:55 hours of being connected it keeps increasing like 1 million bytes per 1-2 seconds. Quote Link to comment Share on other sites More sharing options...
cooper Posted December 30, 2014 Share Posted December 30, 2014 What puzzles me in that pic is that you're not showing what your router has received, but what you received. You. The client to the AP which is inside your router. Meaning that your router is sending data on to your machine which in turn means that either you're running some sort of downloading client (bittorrent or whatever) or you ARE being DOSed, but on a port for which you've added a port-forwarding rule to your router to ensure traffic destined for that port reaches your machine. See if the router has some sort of information page about the amount of traffic flowing into it using a second machine like (second PC, tablet, mobile, machine of someone else on the same router). If it does, turn off your machine and see if the traffic flow stops. If it stops, it's your computer downloading shit. If it continues, you're being DOSsed. Main difference between a DOS and 'normal' traffic is that a DOS doesn't bother to look if the recipient actually processes the packets so this should be a proper test to distinguish between the two. Quote Link to comment Share on other sites More sharing options...
digip Posted December 30, 2014 Share Posted December 30, 2014 (edited) You could inspect this a few ways. 1, command line netstat, 2, wireshark and look through whats happening(may be a bit much if you don't know what to look for) and 3, http://technet.microsoft.com/en-us/sysinternals/bb897437 which you can screen print and show us open/listening ports on your machine(if you want - censor what you don't want shown obviously) but they should show you ports receiving data and listening for open connections. netstat in windows (cmd.exe, run as administrator) command: "netstat -anbt 3" That will update every 3 seconds. TCPview is much easier on the eyes and lets you filter/resolve names on and off, and also copy and paste easily a line/address/connection. If you want to look up foreign/external hosts and see where they are if you're looking for more info, you can copy the connected IP to infosniper: http://www.infosniper.net/locate-ip-on-map.php?lang=1 Also, if this is a multi-node home with other users on the same network, check your arp table for local IP's connected to you. Someone at home, whether intentional or not, may be snooping/MITM'ing your traffic. If you see more associations than your router, broadcast and milticast addresses, then I'd inspect the other machines on the home network. command: "arp -a" Interestingly, also just found this (but as cooper said, looks like your node is being sent the data, although could be from the router if flawed and attacked externally) - http://www.healthcareinfosecurity.com/report-flaw-affects-12-million-routers-a-7738 Edited December 31, 2014 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.