G
gargoyle60
I monitor my home network using Wireshark and some bespoke programs, which have indicated some
potential intrusion attacks (I have used ? to hide sensitive details)...
Frame 1756: 159 bytes on wire Apr 19, 2014 15:06:07 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:04:05 Apr 19 15:04:05 homepc.router: DoS
udp_flood Block(10s) 134.170.97.39,2006 -> ???.???.??.??,7190 PR udp len 20 87
Frame 3370: 160 bytes on wire Apr 19, 2014 15:06:23 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:04:21 Apr 19 15:04:21 homepc.router: DoS
udp_flood Block(10s) 134.170.97.39,2006 -> ???.???.??.??,7190 PR udp len 20 146
Frame 5106: 159 bytes on wire Apr 19, 2014 15:08:01 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:05:58 Apr 19 15:05:58 homepc.router: DoS
udp_flood Block(10s) 65.54.247.101,2005 -> ???.???.??.??,7190 PR udp len 20 54
Frame 6482: 160 bytes on wire Apr 19, 2014 15:08:27 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:06:25 Apr 19 15:06:25 homepc.router: DoS
udp_flood Block(10s) 65.54.247.101,2005 -> ???.???.??.??,7190 PR udp len 20 122
According to xxxxxxxx
134.170.97.39 shows as Microsoft Corporation, USA
65.54.247.101 shows as Microsoft Corporation, USA
so why is Microsoft Corporation sending DoS udp_flood on port 7190 all of a sudden?
I haven't seen these attacks from Microsoft before.
potential intrusion attacks (I have used ? to hide sensitive details)...
Frame 1756: 159 bytes on wire Apr 19, 2014 15:06:07 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:04:05 Apr 19 15:04:05 homepc.router: DoS
udp_flood Block(10s) 134.170.97.39,2006 -> ???.???.??.??,7190 PR udp len 20 87
Frame 3370: 160 bytes on wire Apr 19, 2014 15:06:23 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:04:21 Apr 19 15:04:21 homepc.router: DoS
udp_flood Block(10s) 134.170.97.39,2006 -> ???.???.??.??,7190 PR udp len 20 146
Frame 5106: 159 bytes on wire Apr 19, 2014 15:08:01 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:05:58 Apr 19 15:05:58 homepc.router: DoS
udp_flood Block(10s) 65.54.247.101,2005 -> ???.???.??.??,7190 PR udp len 20 54
Frame 6482: 160 bytes on wire Apr 19, 2014 15:08:27 Src: 192.168.1.??? (192.168.1.???), Dst:
192.168.1.62 (192.168.1.62) LOCAL0.INFO: Apr 19 15:06:25 Apr 19 15:06:25 homepc.router: DoS
udp_flood Block(10s) 65.54.247.101,2005 -> ???.???.??.??,7190 PR udp len 20 122
According to xxxxxxxx
134.170.97.39 shows as Microsoft Corporation, USA
65.54.247.101 shows as Microsoft Corporation, USA
so why is Microsoft Corporation sending DoS udp_flood on port 7190 all of a sudden?
I haven't seen these attacks from Microsoft before.