# UDP Flood Help



## Neablis

I moved into a new house recently that had Internet already set up. And right away i noticed something wierd, it didnt run slow, but every 15 min on the dime it would slow to a stop for about 2 min, then start up again. I was confused at first, but then i checked the routers securtiy logs and i see this, 



> 06/28/2009  14:45:39 **UDP Flood Stop**  (from WAN Outbound)
> 06/28/2009  14:45:39 **UDP flood** 85.66.111.58, 21385->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:38 **UDP flood** 77.231.243.54, 48084->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:38 **UDP flood** 75.137.70.165, 22807->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:37 **UDP flood** 83.54.253.141, 21752->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:37 **UDP flood** 85.127.196.208, 21600->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:36 **UDP flood** 89.44.26.152, 7946->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:36 **UDP flood** 84.71.4.133, 13358->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:35 **UDP flood** 94.71.170.88, 13171->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:34 **UDP flood** 84.77.59.155, 7490->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:34 **UDP flood** 219.84.124.55, 21127->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:34 **UDP flood** 151.61.9.187, 17129->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:34 **UDP flood** 76.31.80.238, 20719->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:34 **UDP flood** 98.245.157.134, 56006->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:33 **UDP flood** 218.63.40.242, 22735->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:32 **UDP flood** 218.168.201.114, 20072->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:32 **UDP flood** 84.64.59.214, 24371->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:32 **UDP flood** 78.84.5.66, 12824->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:32 **UDP flood** 217.26.6.4, 30398->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:31 **UDP flood** 192.168.2.4, 55370->> 24.207.15.37, 63469 (from WAN Outbound)
> 06/28/2009  14:45:31 **UDP flood** 60.48.207.52, 7237->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:31 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
> 06/28/2009  14:45:31 **UDP flood** 24.83.111.120, 7903->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:31 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
> 06/28/2009  14:45:31 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:45:31 **UDP flood** 72.208.166.228, 60079->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:30 **UDP flood** 192.168.2.4, 55370->> 206.248.174.37, 52415 (from WAN Outbound)
> 06/28/2009  14:45:30 **UDP flood** 114.44.181.18, 21869->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:29 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
> 06/28/2009  14:45:29 **UDP flood** 203.212.198.246, 17298->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:29 **UDP flood** 90.31.113.12, 14451->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:28 **UDP flood** 118.168.191.104, 16283->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:27 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
> 06/28/2009  14:45:27 **UDP flood** 62.117.51.195, 44129->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:26 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
> 06/28/2009  14:45:21 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
> 06/28/2009  14:45:20 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:45:19 **UDP flood** 192.168.2.4, 64513->> 41.212.135.85, 2578 (from WAN Outbound)
> 06/28/2009  14:45:18 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
> 06/28/2009  14:45:15 **UDP flood** 60.53.10.139, 16001->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:45:12 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
> 06/28/2009  14:45:12 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:45:06 **UDP flood** 192.168.2.4, 55560->> 188.132.54.235, 55600 (from WAN Outbound)
> 06/28/2009  14:45:06 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:45:05 **UDP flood** 192.168.2.4, 55370->> 81.234.247.46, 56669 (from WAN Outbound)
> 06/28/2009  14:45:04 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
> 06/28/2009  14:45:04 **UDP flood** 192.168.2.4, 55370->> 206.248.174.37, 52415 (from WAN Outbound)
> 06/28/2009  14:44:59 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
> 06/28/2009  14:44:59 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:44:49 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:44:47 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:44:45 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:44:43 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
> 06/28/2009  14:44:43 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:44:36 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
> 06/28/2009  14:44:35 **UDP flood** 75.166.243.44, 25523->> 192.168.2.4, 37611 (from WAN Inbound)
> 06/28/2009  14:44:29 **UDP flood** 192.168.2.4, 55370->> 206.248.174.37, 52415 (from WAN Outbound)
> 06/28/2009  14:44:27 **UDP flood** 192.168.2.4, 55560->> 188.132.54.235, 55600 (from WAN Outbound)
> 06/28/2009  14:44:25 **UDP flood** 192.168.2.4, 55370->> 213.199.162.214, 3544 (from WAN Outbound)
> 06/28/2009  14:44:25 **UDP flood** 192.168.2.4, 55370->> 79.223.107.221, 50888 (from WAN Outbound)
> 06/28/2009  14:44:24 **UDP flood** 192.168.2.4, 55370->> 207.46.48.150, 3544 (from WAN Outbound)
> 06/28/2009  14:44:19 **UDP flood** 94.139.72.198, 14814->> 192.168.2.4, 37611 (from WAN Inbound)




It obviously looks like something malicious, because it happens consistently every 15 min. So what am i spose to do to stop something like this?


----------



## Respital

Hello, please download and post a log with *HiJackThis* and Malwarebytes', i have included the instructions below.

*Click here* to download *HJTsetup.exe*
Save HJTsetup.exe to your desktop.
Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click *Next* in the setup dialogue boxes until you get to the *Select Additional Tasks* dialogue.
Put a check by *Create a desktop icon* then click *Next* again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click *Finish* and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click *Save* to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


*How to run a scan with Malwarebytes' Anti-Malware*

Download Malwarebytes' Anti-Malware from *Here* , *Here* or Here

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Full Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
_If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately._


----------



## Bodaggit23

Neablis said:


> I moved into a new house recently that had Internet already set up.



Free internet eh? You mean you moved in with roomates that have internet?


----------



## Neablis

Bodaggit23 said:


> Free internet eh? You mean you moved in with roomates that have internet?




lol, yes we pay for the internet every month. We are not stealing wifi if that's what your insinuating. And about the hijack this log, My computer is clean, its not a local spyware on my machine. And about here machines i cant really go around and install it on theirs, but i kinda doubt its spyware unless someone is secretly a zombie computer.


----------



## Bodaggit23

Neablis said:


> lol, yes we pay for the internet every month. We are not stealing wifi if that's what your insinuating.



I had to ask, as it was worded. 

Have you reset the modem or router to change the IP?


----------



## Neablis

Bodaggit23 said:


> Neablis said:
> 
> 
> 
> lol, yes we pay for the internet every month. We are not stealing wifi if that's what your insinuating./QUOTE]
> 
> I had to ask, as it was worded.
> 
> Have you reset the modem or router to change the IP?
> 
> 
> 
> 
> Actually no i havnt, do you think changing the IP will be enough? Ill try that tonight and hopefully it will work.
Click to expand...


----------



## Bodaggit23

Neablis said:


> Actually no i havnt, do you think changing the IP will be enough? Ill try that tonight and hopefully it will work.



It's worth a shot.


----------

