DoS attack = ISP saying its on my side. Help? [OTL + MBAM + MBR logs]

[polonus]

Hi OliPicard

But it will provide you with a wealth of information from Berkeley, just the data that you( we) were after in the first place,

pol

[OliPicard]

Have sent you and Essexboy a PM of the test. I wanted to also bring something else up when i went to the uninstall panel on the O/S around 90% of my applications claimed to have been installed today. Not sure why that is but thought i should mention it as it may be serious.

[Chris Thomas]

What is the name of your router and model?

Are you sharing your internet with someone else?

Try changing the Wifi password and enabling MAC filtering and disable Upnp and turn on Firewall and SP1 and change the DNS in the router itself to Google DNS or OpenDNS.

Set a VPN in your router. If you don't have that feature, try flashing DD-WRT firmware if your router is supported.

 http://www.dd-wrt.com/site/index

Edit :

Try using another router if you have a spare and observe if there is any DOS attack. I have heard that Dlink router firmwares all have a security vulnerability and they haven't fixed it yet.

Do you have anything in your pc that is sensitive information? Like government secrets or something like that? If you have then move it to an external hard disk and delete it from your pc.

If its a large Dos attack on your router then there is something they want from you. Or perhaps its a noob trying to get your Wifi password. Enabling MAC filtering might stop him.

[OliPicard]

Hi, We have wireless switched off, no one else is using the network. Shall change the DNS to Google after ISP transition

[OliPicard]

Have sent Polonus & Essexboy 2 screenshots showing whats showing up on the uninstaller, the dates displayed are incorrect

[Chris Thomas]

There is a feature called 'Do Protocol Analysis' Turn it on. Make sure NAT and Statefull Inspection on the router are turned on. If you don't have enough security features on your router, its time for an upgrade when you can.

I have also read that some routers make 'False Alarm'. I had a router that said there were "DoS attacks' but it wasn't.

[essexboy]

I will let Polonus go through the router data as he is more expert in that area than I

Just looking at the screenshots now

[OliPicard]

Have done what you have recommened chris, Thanks for the tips! In additon some people on my current ISP have asked simular questions about these types of issues and have been told its common.

[OliPicard]

I will let Polonus go through the router data as he is more expert in that area than I

Just looking at the screenshots now

Ah Ok Yeah its pretty stange seeing the install dates set as today. I guess it could be a bug with the new O/S update that happened today?

[polonus]

Hi OliPicard,

Just have sent you a PM with the Berkeley Netalyzr Results. Scans probing for open routers, allowed by your ISP
while your ISP has reported your IP to various blacklists for apparent bot activity
while you were being used as a man in the middle for RBN abuse activities.
This for instance  going on there from another domain/IP from that same ASN: http://urlquery.net/report.php?id=1109739
and these activities are  probably also at the root of your probing predicament
Seen all this it is about  high time to look around for another ISP,
because they apparently "turn a blind eye on serious abuse on their racks" or cannot guarantee your security fully...

polonus

[OliPicard]

Hey Polonus, Indeed when quizzed with whats going on they wasnt too happy to respond to my query. Its not long until i switch provider so fingers crossed the migration should help.

In addition i look forward to seeing Essexboy's explaination on the strange windows uninstaller dates activity. Im guessing its the latest patches but am not sure if this is true as of yet.

[OliPicard]

So to round up tonight

• We discovered the router is fine + migration to new ISP was needed Thanks Pondus!
• We removed the tools used to scan the system, Essexboy is currently investigating the strange uninstaller dates posted on the O/S uninstaller

Have a good night!
Oliver

[polonus]

Hi OloPicard,

If you want to keep a finger or two on the Network Analysis Pulse for some 20 days, this is a great tool to analyze: MaaTec Network Analyzer application.
You could use the trial version for a period  to get an insight as what is going over the wires...
Download from http://www.maatec.com/mtna/files/mtna_setup.exe

polonus

[OliPicard]

Hey Polonus, Many thanks for that yeah theres been a small delay in provisioning of the new net so ill keep monitoring to see if anything odd happens.

[essexboy]

Not yet found any references to the uninstaller problem .. But still looking