• Network Attack? Was this a DDOS attempt or what? Really confused
    9 replies, posted
Okay, so. I use Kaspersky Pure v9.1.0.124 as my Antivirus Suite, and this has never happened before. But this morning I woke up to 6 and a half pages of this. [img]http://i.cubeupload.com/MqXLE8.png[/img] This is the very first page. It continued on steadily like this in the same manner until 9:04am. As far as I can tell no two IP addresses were the same, and none got through since KIS blocked them all. They were all the same port, TCP 11114. And I'm sure this is important, that's the same port that uTorrent uses. I keep it open overnight sometimes when I'm downloading linux distros. (Look mods I know warez is against the rules but I'm not actually saying anything about it and it's an important detail about this. Please let it go this once?) Can anyone tell me what the hell happened? Did Kaspersky suddenly flip out when people tried to get packets of data from my seeds, or is this a legitimate concern?
[QUOTE=Ven Kaeo;32212586]Did Kaspersky suddenly flip out when people tried to get packets of data from my seeds, or is this a legitimate concern?[/QUOTE] It's the former, the SYN packet is the first step in a TCP handshake (sent to indicate that the connection is about to be established)
What caused Kaspersky to suddenly flip out, then? It's never done this before and I've been using uTorrent for ages. [editline]10th September 2011[/editline] And it can't be that the Network Attack Blocker suddenly turned on either, because it had been on 4ish hours prior to this and it's usually on anyway.
Was your torrent application off? I've had it sometimes when I didn't properly shut down utorrent or just out of random the tracker will still show my system as an active peer, which leads to a ton of machines trying to connect. They fail though and kapersky is probably blocking these attempts because utorrent wasn't running at the time to receive them. Also nobody that would care about a single person would have a bot network so large that it only needs to attack once per ip.
Another thing to put down on the "Why Kaspersky sucks" list.
[QUOTE=sim642;32215101]Another thing to put down on the "Why Kaspersky sucks" list.[/QUOTE] It thwarts potential attacks? Antiviruses aren't supposed to do that.
If uTorrent uses the same port, what happens when you kill it?
[QUOTE=Bonzai11;32214555]Was your torrent application off? I've had it sometimes when I didn't properly shut down utorrent or just out of random the tracker will still show my system as an active peer, which leads to a ton of machines trying to connect. They fail though and kapersky is probably blocking these attempts because utorrent wasn't running at the time to receive them. Also nobody that would care about a single person would have a bot network so large that it only needs to attack once per ip.[/QUOTE] No, it was on. I leave it on every night when I'm downloading stuff. [editline]10th September 2011[/editline] [QUOTE=sim642;32215101]Another thing to put down on the "Why Kaspersky sucks" list.[/QUOTE] Kaspersky Labs consistently gets very high marks in antivirus suite tech ratings. It was voted #2 several years running out of all antivirus suites and hasn't dropped below top 5 in years. [editline]10th September 2011[/editline] [QUOTE=B!N4RY;32219000]If uTorrent uses the same port, what happens when you kill it?[/QUOTE] You mean kill the port? I don't know. To be honest I don't ever recall opening 11114. At least, not under what it shows up as in my port forwarding screen. I think uTorrent opened it itself.
I believe uTorrent opens a random port if one isnt manually selected.
[QUOTE=sim642;32215101]Another thing to put down on the "Why Kaspersky sucks" list.[/QUOTE] Kaspersky is a very good anti-virus. I've used it for 3 years (boxes please) and it's been good to me, even though it's not top rated on the charts, it's my number one choice.
Sorry, you need to Log In to post a reply to this thread.