gfxgfx
 
Please login or register.

Login with username, password and session length
 
gfx gfx
gfx
76793 Posts in 13502 Topics by 1651 Members - Latest Member: Arnold99 November 24, 2024, 08:48:34 am
*
gfx*gfx
gfx
WinMX World :: Forum  |  WinMX Help  |  WinMX Connection Issues  |  Traffic Flow or Unusual Activity?
gfx
gfxgfx
 

Author Topic: Traffic Flow or Unusual Activity?  (Read 4351 times)

0 Members and 2 Guests are viewing this topic.

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Traffic Flow or Unusual Activity?
« on: June 07, 2010, 02:38:02 pm »
I just happened to glance in my logs the other day,
in the usual allowed traffic i see 1 IP that seemed to be trying to connect to the only open ports i have, the two rooms i hold,
this single Ip was hitting the same port for my room, over and over, every 5 seconds, filling my log, this happened for 2 days non stop, yet the user never entered the room,

I know we have normal traffic, but as i rarely use winmx, i mostly host/temp host rooms, i thought it was unusual,
then after 2 days, the Ip changed and a new ip from the same range hit the same port every frew seconds, for another 2 days non stop,
now it seems the IP changes every day, still hitting my same port over and over, but is joined by a second ip, sometimes a third joins in,
this fills my logs even larger with them showing up every 5 to 10 seconds, lasting for hours,
i did notice just 1 IP took 20 seconds exactly like a set program looping,

Is any of this normal? or am i being paranoid? your thoughts or ideas are appreciated to resolve or set my mind at rest.
thanks.



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline Blitzen

  • Forum Member
Re: Traffic Flow or Unusual Activity?
« Reply #1 on: June 07, 2010, 03:45:12 pm »

Sounds like a DOS attack have you traced the ips and got some results, routers usually block such attacks nowadays with spi and nat firewalls enabled.

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Traffic Flow or Unusual Activity?
« Reply #2 on: June 07, 2010, 04:08:00 pm »
well i did look them up, 100% of them are from Japan,
i use a cable modem, not a router, so i rely on a software firewall and PG2,
and no i dont use sabre's or bluetac blocklists, its a custom list i created.



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline Blitzen

  • Forum Member
Re: Traffic Flow or Unusual Activity?
« Reply #3 on: June 07, 2010, 04:18:05 pm »

Are the ips in the wmw blocklist max ? if not iam sure one of the team would look into it i wonder if it is limited to the server you use or effects all, and if it is only you it is effecting or others too

Offline Blitzen

  • Forum Member
Re: Traffic Flow or Unusual Activity?
« Reply #4 on: June 07, 2010, 04:34:00 pm »


Is it in the 202.226.*.*    range max ? as i see some activity within this range on winmx myself but i do not run a room so cannot comment on that area

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Traffic Flow or Unusual Activity?
« Reply #5 on: June 07, 2010, 04:47:25 pm »
nope its not that range... yet,
mostly 219.*.*.* & 220.*.*.* ranges



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline Blitzen

  • Forum Member
Re: Traffic Flow or Unusual Activity?
« Reply #6 on: June 07, 2010, 05:00:46 pm »

Ah ok Max i can only really comment on what i can see during searches on winmx and i dont see any ips within those ranges yet, i hope someone from the blocklist team will be able to assist you.

I know theres a Japanese military range in the 219.166.*.* range maybe big brother is has his eye on you ;-)

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Traffic Flow or Unusual Activity?
« Reply #7 on: June 08, 2010, 11:39:06 pm »
I think you are right,
i opened my window on PG2 to show 30 'hits' and it took 3 IP's, the same 3 Ip's hitting me over and over just 2 and a half minutes to fill the screen with 30+ hits,
based on 30, thats equal to 1 hit every 5 seconds, to me that's not usual,
later on in the day, 2 of the Ip's had changed to 2 different IP's within the same range,
they did the same as previous and are still bashing me as im posting this.



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Traffic Flow or Unusual Activity?
« Reply #8 on: June 09, 2010, 08:12:19 am »
Could you pm me a log of the activity please Max. The fact that an IP may be flagging up in PG is not in itself suspicious but like yourself I would like to get to the bottom of what your seeing.

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Traffic Flow or Unusual Activity?
« Reply #9 on: June 09, 2010, 10:49:45 am »
mostly 219.*.*.* & 220.*.*.* ranges
well looks like the 220. range was a 1-off as it only happened for a few hours, not since,
its just the 219. range now that is relentless,
GS, PM'd as requested, thanks



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline Bluey_412

  • Forum Member
  • I'm Watching...
Re: Traffic Flow or Unusual Activity?
« Reply #10 on: June 09, 2010, 12:08:35 pm »
Japan Internet Initiative?

ghost777?

38.107.164.*  ?
What you think is important is rarely urgent
But what you think is Urgent is rarely important

Just remember that...

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Traffic Flow or Unusual Activity?
« Reply #11 on: June 09, 2010, 01:36:28 pm »
Hi Bluey,
the ones that seem to be hounding me are
Japan Network Information Center
they include the 219 range, such as:
219.36.*.*
219.38.*.*
219.126.*.*
219.128.*.*



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

Offline GhostShip

  • Ret. WinMX Special Forces
  • WMW Team
  • *****
Re: Traffic Flow or Unusual Activity?
« Reply #12 on: June 09, 2010, 06:31:43 pm »
After looking at the data you have provided and checking the IP's shown in the PG screenshots you sent me it seems that these are just plain ordinary Japanese consumer IP's, one it registered to  SOFTBANK BB CORP and the other to  T-COM.NE.JP. For your future reference the "Japanese Information Centre" is simply the name of the domain names authority for that region of the globe not an ISP company itself, its job is to keep track of all IPs allocated in its region same as ARIN does for the US region.  

http://www.nic.ad.jp/en/

https://www.arin.net/

What else is shown is that they are not trying to connect to you but you to them, I would suggest that these are primary clients and for some reason you are blocking them with a PG blocklist that is obviously open to question, blocking of dynamically allocated consumer IP ranges is why we told folks not to use PG in the first place as innocent folks get allocated such a "blocked"  IP and find themselves in trouble because someone else did something from that IP once in history.

My advice is to remove these consumer ranges  manually from your blocklist and they will never trouble you again.

Offline Max™

  • MX Hosts
  • *****
  • If Im Not Back later... Wait Longer
    • Maxtech
Re: Traffic Flow or Unusual Activity?
« Reply #13 on: June 09, 2010, 07:01:24 pm »
Ahh,
so its normal then, thanks, just concerned that they appeared so often when other ip's only appear 3 or 4 times in an hour these was like every few seconds and lasted for hours.



Try Connecting, the attacks may let you  https://patch.winmxconex.com/

WinMX World :: Forum  |  WinMX Help  |  WinMX Connection Issues  |  Traffic Flow or Unusual Activity?
 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 120 days.
Unless you're sure you want to reply, please consider starting a new topic.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
What program is this site about?:
What year is it next year?:
What's the name of the site this forum belongs to?:

gfxgfx
gfx
©2005-2024 WinMXWorld.com. All Rights Reserved.
SMF 2.0.19 | SMF © 2021, Simple Machines | Terms and Policies
Page created in 0.009 seconds with 23 queries.
Helios Multi © Bloc
gfx
Powered by MySQL Powered by PHP Valid XHTML 1.0! Valid CSS!