Bill, Yes, we got a notice also. I contacted the customer and blocked incoming packets on port 1900 upd. I did the block on 9/24 and have blocked over 7.5 million packets so far. Haven't heard anything from customers, so I don't think anyone on my system has a legit use of having that port open.
-- Best regards, Mark mailto:[email protected] Myakka Technologies, Inc. www.MyakkaTech.com Proud Sponsor of the Myakka City Relay For Life http://www.RelayForLife.org/MyakkaCityFL Please Donate at http://main.acsevents.org/site/TR/RelayForLife/RFLFY12FL?team_id=1030009&pg=team&fr_id=37555 ------ Friday, September 26, 2014, 1:41:03 PM, you wrote: BPvA> Got a report from someone that had traced a DDoS attack coming from one BPvA> of our subscribers. It claimed the IP was going out on port 1900 to BPvA> various and sundry IPs as part of a distributed attack. BPvA> I ran a torch on the IP, and sure enough, a bunch of connections were BPvA> going out on port 1900. BPvA> Talked to the customer, and eliminated all their PCs/phones/etc. one by BPvA> one, at which point it was only their Dlink router connected to the net. BPvA> Turning it off stopped the outbound traffic. Just to be sure, we BPvA> re-connected the customer's wired PC, and no traffic. BPvA> So at this point, it appears that there was some sort of malware loaded BPvA> on their Dlink. It's a DIR-655. BPvA> Anyone else seeing this? Seen it? Other comments? --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com
