Sign in to follow this  
Followers 0
Broke

Is this a DDoS?

8 posts in this topic

I was playing Xbox Live last night, then got kick off " XboxLIVE". So try to get on the internet with my laptop (linux) and it's slow as hell. I was thinking maybe just the connection. Then I restarted modem and router, same thing. I check my logs of router and this what got (now this is with xbox turn off) every time i refreshed

My xbox is static 192.168.1.3, but off

00:03:35 UDP from 86.13.13.92:4117 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33362 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50512 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:32900 to 192.168.1.3:3074

00:03:35 UDP from 86.13.13.92:4133 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64883 to 192.168.1.3:3074

00:03:35 UDP from 206.255.24.24:1518 to 192.168.1.3:3074

00:03:35 UDP from 76.119.218.17:4622 to 192.168.1.3:3074

00:03:35 UDP from 89.240.119.128:52597 to 192.168.1.3:3074

00:03:35 UDP from 74.235.233.60:4640 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33291 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60016 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33525 to 192.168.1.3:3074

00:03:35 UDP from 76.119.218.17:4627 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64747 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60018 to 192.168.1.3:3074

00:03:35 UDP from 209.33.116.20:2548 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50513 to 192.168.1.3:3074

00:03:35 UDP from 86.13.13.92:4124 to 192.168.1.3:3074

00:03:35 UDP from 74.210.210.212:3916 to 192.168.1.3:3074

00:03:35 UDP from 74.235.233.60:4655 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50511 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60024 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50490 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64645 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33337 to 192.168.1.3:3074

00:03:35 UDP from 72.191.142.242:4676 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60035 to 192.168.1.3:3074

00:03:35 UDP from 206.255.24.24:1507 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50487 to 192.168.1.3:3074

00:03:35 UDP from 74.235.233.60:4656 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33493 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60015 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33668 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50485 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33330 to 192.168.1.3:3074

00:03:35 UDP from 86.13.13.92:4109 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64843 to 192.168.1.3:3074

00:03:35 UDP from 76.119.218.17:4584 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61516 to 192.168.1.3:3074

00:03:35 UDP from 89.240.119.128:52583 to 192.168.1.3:3074

00:03:35 UDP from 209.33.116.20:2559 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61464 to 192.168.1.3:3074

00:03:35 UDP from 72.191.142.242:4715 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:32953 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60036 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33044 to 192.168.1.3:3074

00:03:35 UDP from 74.235.233.60:4654 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61514 to 192.168.1.3:3074

00:03:35 UDP from 86.13.13.92:4129 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60007 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61436 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33156 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64769 to 192.168.1.3:3074

00:03:35 UDP from 74.235.233.60:4637 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50489 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33597 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60022 to 192.168.1.3:3074

00:03:35 UDP from 76.119.218.17:4610 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60050 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33362 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60019 to 192.168.1.3:3074

00:03:35 UDP from 89.240.119.128:52596 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33441 to 192.168.1.3:3074

00:03:35 UDP from 74.210.210.212:3917 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61516 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:32805 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50493 to 192.168.1.3:3074

00:03:35 UDP from 76.119.218.17:4629 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33579 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60036 to 192.168.1.3:3074

00:03:35 UDP from 190.159.80.57:3601 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60005 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33741 to 192.168.1.3:3074

00:03:35 UDP from 209.33.116.20:2544 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33597 to 192.168.1.3:3074

00:03:35 UDP from 89.240.119.128:52613 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61493 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64829 to 192.168.1.3:3074

00:03:35 UDP from 89.240.119.128:52605 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50498 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:32900 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50499 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60038 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33424 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60040 to 192.168.1.3:3074

00:03:35 UDP from 76.119.218.17:4614 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50513 to 192.168.1.3:3074

00:03:35 UDP from 74.235.233.60:4643 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33758 to 192.168.1.3:3074

00:03:35 UDP from 206.255.24.24:1509 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61476 to 192.168.1.3:3074

00:03:35 UDP from 74.210.210.212:3936 to 192.168.1.3:3074

00:03:35 UDP from 67.140.135.149:61517 to 192.168.1.3:3074

00:03:35 UDP from 82.37.226.182:64689 to 192.168.1.3:3074

00:03:35 UDP from 75.158.138.1:60019 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:33441 to 192.168.1.3:307I

00:03:35 UDP from 86.13.13.92:4111 to 192.168.1.3:3074

00:03:35 UDP from 66.42.151.94:32900 to 192.168.1.3:3074

00:03:35 UDP from 71.253.196.28:50507 to 192.168.1.3:3074

sorry for the long log, but every time I freshed this popped up.

Now here is the weird part, I tried getting online with windows, that's on my desktop, and it would lock up.

Today I can get online, but I have these still hitting my connect on 192.168.1.3 (with xbox turn off)

00:43:34 UDP from 24.64.246.125:4219 to 192.168.1.3:1027

00:43:34 UDP from 24.64.246.125:4219 to 192.168.1.3:1026

00:43:34 UDP from 24.64.246.125:4219 to 192.168.1.3:1028

00:43:34 UDP from 74.210.210.212:3969 to 192.168.1.3:3074

00:46:41 TCP from 121.14.142.60:6000 to 192.168.1.3:2967

00:46:41 UDP from 74.210.210.212:3997 to 192.168.1.3:3074

00:55:12 UDP from 24.64.213.189:7725 to 192.168.1.3:1026

00:55:12 UDP from 24.64.213.189:7725 to 192.168.1.3:1028

00:55:12 UDP from 24.64.213.189:7725 to 192.168.1.3:1027

00:55:12 UDP from 74.210.210.212:3969 to 192.168.1.3:3074

01:01:23 UDP from 24.64.60.155:8691 to 192.168.1.3:1028

01:01:23 UDP from 24.64.60.155:8691 to 192.168.1.3:1027

01:01:23 UDP from 24.64.60.155:8691 to 192.168.1.3:1026

01:01:23 UDP from 74.210.210.212:3969 to 192.168.1.3:3074

I guess I need a firewall/router that blocks IP or am i just a paranoid noob.

Any help or info

0

Share this post


Link to post
Share on other sites

Looks like a lot, but it's only 14 hosts.

$ awk 'BEGIN{ FS = " |:" } { print $6 }' hosts.txt | sort | uniq | wc -l
14

They're also all cable modems.

$ awk 'BEGIN{ FS = " |:" } { print $6 }' hosts.txt | sort | uniq | xargs -n 1 host														   12:36PM
57.80.159.190.in-addr.arpa domain name pointer Dynamic-IP-1901598057.cable.net.co.
24.24.255.206.in-addr.arpa domain name pointer h24.24.255.206.cable.lngv.cablelynx.com.
20.116.33.209.in-addr.arpa domain name pointer doc-209-33-116-20.nixa.mo.cebridge.net.
94.151.42.66.in-addr.arpa domain name pointer nr24-66-42-151-94.fuse.net.
149.135.140.67.in-addr.arpa domain name pointer h149.135.140.67.dynamic.ip.windstream.net.
28.196.253.71.in-addr.arpa domain name pointer pool-71-253-196-28.nrflva.east.verizon.net.
242.142.191.72.in-addr.arpa domain name pointer cpe-72-191-142-242.stx.res.rr.com.
212.210.210.74.in-addr.arpa domain name pointer 74-210-210-212.hy.cgocable.ca.
60.233.235.74.in-addr.arpa domain name pointer adsl-235-233-60.mco.bellsouth.net.
1.138.158.75.in-addr.arpa domain name pointer d75-158-138-1.abhsia.telus.net.
17.218.119.76.in-addr.arpa domain name pointer c-76-119-218-17.hsd1.ma.comcast.net.
182.226.37.82.in-addr.arpa domain name pointer 82-37-226-182.cable.ubr04.telf.blueyonder.co.uk.
92.13.13.86.in-addr.arpa domain name pointer cpc1-stok5-0-0-cust347.bagu.cable.ntl.com.
Host 128.119.240.89.in-addr.arpa. not found: 3(NXDOMAIN)

Also, port 3074 has something to do with XBox live. My first thought was that this has something to do with the game. Though, if they're still hitting you the next day then it's most likely a ddos. Report it to Microsoft. They want to know about things like this. Someone's online experience is greatly impacted by something like this, if they let it run rampant then it'll hurt their profitability. So tell them... somehow. Maybe call support?

0

Share this post


Link to post
Share on other sites

What game were you playing on Xbox Live. It is possible if you were playing a game like Halo 3 those connections would be normal. Are the timestamps on those connections from after you turned the Xbox off?

0

Share this post


Link to post
Share on other sites
So tell them... somehow. Maybe call support?

Just a little piece of advice regarding the support, XBOXlive support is easily the worst I have ever experienced, it's an absolute disgrace. It's poorly structured and full of staff who just don't care. I was recently on the phone (19 calls to the same number because they kept re-directing me to lines that were dead).

The reason I'm telling you this is so that you are prepared for a long wait and patience is certainly needed. When you eventually get through to the right department, DEMAND to speak to a manager. The managers seem to be the only ones who have any clue what to do and how to help. If you tell them your problem, Ohm was right, they'll be worried about their profitability and should at least point you in the direction of an answer.

Good luck buddy,

SShBlack.

0

Share this post


Link to post
Share on other sites

Is it affecting the performance of your network connection?

0

Share this post


Link to post
Share on other sites

This is after I restarted my modem and router, and also cleared and refreshed router log file.(Which I did more than once.) Xbox OFF

I would call xbox live, but I have little faith in them to do anything. Like with the modding thing in halo2, they just left it to bungie.

Or with standby they ban your account and not your xbox. It's all about money. I get what Ohm said, but how many normal xboxlive users would even look at their router's log file. They would just think it was their internet connect or xboxlive. I asked some players if they knew anyone else this happen too, they didn't even know what a DDoS was. I guess i have to get a better firewall to block ips. My connect is fine now.

Any info on good firewalls(hardware) that are pretty good at blocking wanted connects.

0

Share this post


Link to post
Share on other sites

The bad news is it's very difficult to block a ddos. Since it looks like xbox live uses UDP, you just can't filter bogus UDP packets on that port since UDP is stateless. The router would have no way of telling which is legit and which is malicious. Also, if the ddos just exhausts your bandwidth, there's just nothing you can do.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0