Computer is being hammered

[kuk]

Since last night, my computer has been suffering a constant 'attack'. I've installed Zone Alarm, which in the last 12 hours has blocked more than 7000 inbound connections. Most of these come from the 142.170.*, 64.*, 65.* and 66.* subnets, trying to connect through my computer's 2721, 60377 and 63727. Before installing ZA, this lead to the saturation of my 256/128 ADSL connection.

Does any one have any clue as to what is happening. I've contacted my ISP, and they say that they can't/won't do anything.

Thanks,
Kuk

 

[cleverhandle]

Those are definitely not standard ports, either for legitimate services or well-known trojans. I would guess that you were cracked and/or virus-infected, and that your machine has alerted others to its availability. I'd be interested to see what others have to say, though...

 

[skyking]

I'd try running adaware, and spybot with the latest definitions.
I would also look at the processes running on your computer, and become familiar with them. Once you research those processes, any trojan application that starts up is easily recognized.

 

[dmcowen674]

Originally posted by: skyking
I'd try running adaware, and spybot with the latest definitions.
I would also look at the processes running on your computer, and become familiar with them. Once you research those processes, any trojan application that starts up is easily recognized.

Good suggestion.

I am working on "repairing" a third computer in as many weeks suffering the very same fate.

Adaware has been fiding between 500-1000 Mal-ware .exe's that have infiltrated these PC's even with up to date Anti-Virus Software from both MCAffee and Symantec. These PC's were rendered useless for any operation on the Internet due to this "infection".

Keeping me busy but it still sucks.

 

[mboy]

AV will do nothing for Spyware/Malware (well someof the new ones try to). Adaware and spybot are THE BEST to cover those. Should be updated and run at least 2-3xs per week.

 

[kuk]

Ran AdAware .. removed some junk, which I think is non-related
Attacks persist (although less intense ... 1900 attempts in 6 hours). In the last day, there has been ~12000 a attempts.

This is REALLY irritating.

 

[groovin]

tell zone alarm to run silently so u dont get the alerts. if your computer is running fully stealth, its just a matter of time before they stop trying to connect to it. how much time? well... thats anyones guess. if this is for home and youre on a random ip, try nabbing a new ip.

 

[kuk]

That's what I have done ... else I would be crazy with the amount of alerts. What I'm now wondering is how this effects my connection speed. Downloads seem to top at 16.5kbps, really short of the typical 26.5kbps I was getting.

Now I see some UDP connection atempts by IP 67.153.172.83 through port 137. Weird.

 

[groovin]

>>Now I see some UDP connection atempts by IP 67.153.172.83 through port 137. Weird.

137 is netbios for windows file sharing... sounds like someone might be trying to do a classic windows netbios hack on you.