# Astronomical package losses, UDP-flood, SYN-flood, IP fragmented packets



## PCuser# (Feb 5, 2010)

Hi.

I am unsure if this would be best to go in the networking forums or here. But I opted for this one, due to my worst suspicions.

I have been experiencing a couple of reoccuring networking issues for quite some time, do not remember precisely when they begun, approximately some month ago. They occur sporadically (when they do they usually last for some hours), result in high response times and very slow transfer speeds.

Every day of using the Internet my modem's/router's event log gets filled with UDP floods, SYN floods, port scans, IP fragmented packets etc. Using the trial version of PingPlotter Pro when experiencing these issues, I have confirmed the enormous package loss percentages. When I do not experience these issues (which at the moment of writing this I am not), there are for all practical purposes no package losses.

The most numerously logged events are LAN side SYN floods, most recently ive noticed they go from my computer and are targeted towards one of two DNS servers which my ISP uses. But that may just be the current one. Since I accidentally deleted the event log I guess Il need to wait some hours for it to be filled again if I am to post more info.

I have scanned the computer with Avast Antivirus just the other day, and it found nothing.

Il try to provide more information as soon as possible. If someone has any ideas or experience with this Id appreciate input. I feel concerns both due to potential security related sources but also due to the slow connection which pops up out of nowhere and at any time.

P.S. I have some new logs now. It seems to be SYN-flooding the adresses I am visiting. For example, it has been targetting techsupportforums IP adress now...

Description	Count	Last Occurence	Target	Source

LAN-side SYN Flood 82 Fri Feb 05 23:21:33 2010 

72.52.248.159:80 192.168.0.10:51503 

:4-dontkno


----------



## PCuser# (Feb 5, 2010)

Cannot seem to edit the opening post, after searching around it seems to be a variation of a DOS attack. What can I do against SYN flood DOS attacks?


----------



## johnwill (Sep 26, 2002)

Probably contact your ISP and ask them for their help. They have far better facilities to help eliminate the source of this issue.


----------



## whiterabbit7500 (Aug 3, 2009)

^agreed. If this is a zombie-type DOS coming from your system to your ISP's DNS server, letting them know should be enough to get their help in eliminating the problem. 

You should run a program such as Malwarebytes or Spybot S&D to help remove any malware that may be causing the flood.


----------

