UDP flood Help

[maxcolmer25]

Hi

I have noticed that my internet connection is sometimes slow recently and when i checked firewall logs its reporting up to 100 UDP floods per day. I am using a BT Intelligent Gateway 1800 and this is a hardware all in one (router/ modem/ firewall/ Wireless AP).I have maximum security enabled on router but i was wondering if there is anyway to stop these UDP floods? I also have a server on network that was web hosting and also a SMTP server but i have since shut this down. Could this have been related. Below is a copy of the last 5 attacks.

Total Number of Attacks

IP Address Attacker Domain High Risk Med Risk Low Risk

67.177.44.163 c-67-177-44-163.client.comcast.net 2 0 0 View attack details

24.247.105.253 24.247.105.253.gha.mi.chartermi.net 2 0 0 View attack details

85.72.13.79 H0d4f.h.pppool.de 2 0 0 View attack details

222.145.195.4 p2004-ipbf406sasajima.aichi.ocn.ne.jp 2 0 0 View attack details

207.112.43.70 dsl-207-112-43-70.tor.primus.ca 2 0 0



2004/12/13 20:49:31 GMT high UDP Flood Detected (occurrence: 180)

2004/12/13 20:49:37 GMT high UDP Flood Detected (occurrence: 181)

2004/12/13 20:49:43 GMT high UDP Flood Detected (occurrence: 182)

2004/12/13 20:49:49 GMT high UDP Flood Detected (occurrence: 183)

2004/12/13 20:49:55 GMT high UDP Flood Detected (occurrence: 184)

Please let me know if anyone requires any further info.

Thanks In advance

Max

 

[MichealC4]

You don't by any chance have packet traces, do you? If not, you can use Snort (

http://www.snort.org)

Ethereal (

http://www.ethereal.com/)

and a variety of other tools. You'll need winpcap for most of the tools (if not all). (

http://winpcap.polito.it)

Don't get the beta. Get the 3.0 stable. If you are using Linux, you'll need pcap (which you should be able to get through your Distros update system).

----------------------------
"Security is like an onion" - Unknown