Help...wierd interference/attack on net connection.

Status
Not open for further replies.
T

techie_007

Galvanizer
Hi,

Need some troubleshooting help/advice.

I have a reliance broadband 300kbps unlimited connection. Having this issue since around yesterday i guess.

My internet monitor is showing data download speeds of 170-200kbps even when nothin is being downloaded. Tried NetMeter + my std rokario bandwidth meter. The problem is that this incoming packets/whatever seem to be choking my net connection :@ :@ :@ I only get around 10-15 KB/sec instead of the usual 30-35 :(

Thought it could be some spyware or something. But anti-vir/spybot/adaware all report negative. Even then, cleaned up the whole partition and restored from fresh installation image i had made. Still same issue.

The worst part is that this is killing my download speeds/ even net browsing is noticably slower.

Someone help...anything i can do to diagnose/find the issue?
 
but i did that too!!!!!!!!!!! see, the problem started coming from yesterday.....

so i restored an old backup i had taken 3 weeks ago....so assume a new OS install too :( still no good...
 
Sniff the network and see where the data packets are coming from and then check on google for the IP. This may give you an indication of what's happening
 
good suggestion: now..how to do that..me not that good in network troubleshooting..wat to use to 'sniff' packets etc etc.....
 
had netlimiter installed. no use. problem is that it shows info for programs using the connection. But in this case, i suspect its some sort of attack from outside....
 
ok, some progress: used wireshark (the new name for ethreal)

Sniffed the network. In seconds, got thousands of the following packets:

Source: 192.168.0.1

Destination: 255.255.255.255

Protocol: BOOTP

Info: Boot Reply

It seems to me its definitely these packets which seem to be flooding the network/only my connection/dunno.

can anyone with some knowledge of networks shed some light on this?
 
See theres a lot of guess work in wat im gonna say, still try it,,,

first of all do not switch on your reliance connection while starting ur comp,
switch on the modem/router after u've booted properly n comp running...

den connect and see,

if it does not work den try a clean install and see.. save ur modem settings and den reset it to default settings...

The ip u've mentioned must be of ur reliance server...
this bootp thing is used in dcph,,try putting the settings manually...
huff....
 
Source: 192.168.0.1 is this the ip of your server.

Can you change your ip and subnet

The destination is 255.255.255.255 (broadcast) so its flooding the whole subnet and not just your pc.
 
The good news is that when i returned from office today the problem seems to have been resolved automatically/by reliance ppl...everything fine now. My bet is a fault in some router etc forwarding packets in a loop or a Pc gone bonkers for some reason ;)

@partymonger: Nope. thats not the reliance server ip. Thats in fact the default ip windows uses when you seup network sharing. so i m pretty sure someones pc somewhere has gone bonkers ;)/spyware/virus.

@hacker. Nope, not mine. mine is a whole different subnet and ip assigned by dhcp. cannot be changed. so probably the whole n/w was affected
 
No u prob didn get it..the same way u think dat guy guys has internal network while comparing it to reliance, same way reliance is an internal network compared to the internet...

Its the ip address of the reliance server in the ReLiAce network...Outside ip might be diff...

N dat error is of a dcph protocol,,,where it trys to fetch the network config...so ur pc/router was try to use this protocol...maybe a server error...
 
Status
Not open for further replies.
Top Bottom