Just curious
RWB
Icrontian
I am able to see the traffic sent on our networks, basically what IP's and Ports guests at our hotels are trying to connect to. Occasionally we get guests that are blasting traffic seemingly random through a ton of IP's and all kinds of ports, all just random. This causes issues on the server when the log fills up, and pings get high and occasionally the server stops responding to even a ping and we have to have the hotel unplug the subscriber port.
I am curious if anyone knows if this is a specific virus or what? I just spoke with a guest and he's barely passing traffic but these requests are slowing the server down so I had to ban him. He had Trend Micro AV and Spysweeper, neither seemed to pick anything, they were both updated.
Naturally I am not at the guests computer and I am no longer on the phone with him so troubleshooting further won't do. I am just kinda curious if anyone has any ideas? One thing I didn't think of is bit torrent or something like that... but then wouldn't bit torrent be going out of the same port? And more traffic...
This isn't much, but he had like 36 processes and CPU utilization was normal.
I am curious if anyone knows if this is a specific virus or what? I just spoke with a guest and he's barely passing traffic but these requests are slowing the server down so I had to ban him. He had Trend Micro AV and Spysweeper, neither seemed to pick anything, they were both updated.
Naturally I am not at the guests computer and I am no longer on the phone with him so troubleshooting further won't do. I am just kinda curious if anyone has any ideas? One thing I didn't think of is bit torrent or something like that... but then wouldn't bit torrent be going out of the same port? And more traffic...
This isn't much, but he had like 36 processes and CPU utilization was normal.
0
Comments
I got in today and checked the server, I removed the guest from our filter. It would seem he figured it out because all is good now. Though as soon as that was resolved, another guest started cuasing issues. But this time I could see it was all going to a specific address over port 5190, which is a known port for a virus that does a DDOS attack on a list of servers. Banned him, gtg. haha. I haven't ever had to ban people this often before, especially for one friggin site. We have like 70-80 hotels. Before this I think I banned someone like 4 months ago.
I don't see a reason for this thread to be closed, unless RWB wants it to be.