Getting Flooded with UDP Packets from unknown IP

Hi,

Since my ISP (Unwired Australia) kept suspending my service on account of some "virus" they detected (not through an online scanner, but because they say an unusual amount of packets are coming out from port 25), I had been running a few programs to see incoming and outgoing traffic. I ran a port blocker and then sniffed some common ports and found port 25 is already in use. Further more, if I telnet into port 25 using the loop-back interface, this message appears "220 ESMTP service ready".

I ran ethereal after that, and found some odd IP address (169.254.254.1) continuously sending UDP packets to a broadcast address (255.255.255.255). I then set up a firewall, and all these packets got filtered, however I didnt really pick up any outgoing packets from port 25.

I'm wondering if there is anyway from removing my pc as a target of these incoming packets altogether.

I have followed through the malware guide and am waiting on getting help there, however I was hoping the networking experts could shed some light on this.

Screen shot of firewall blocking incoming packets:
http://forums.majorgeeks.com/attachment.php?attachmentid=62986&d=1180891776


Thanks

AJ

 

Hmm.. packets coming from the Internet to your computer is not your responsibility. Actually if your ISP can not deal with the source they should suspend their tech people.

Large outgoing traffic on port 25 make one become a suspect of been a spammer. So make sure that you really do not have large outgoing on 25.

 

Thanks for your help. Is there any other way to check for traffic going out from port 25? Not sure if ethereal properly picks those packets up.

 

Do you have IIS installed?

Because if not, I'd guess that you have a hidden SMTP server on your machine. Spammers love these, because they can use your machine to do their dirty work.

 

hmm.. sounds true enough. No, I dont have IIS.

I had telnetted into port 25 through the loop back interface, and found - "220 ESMTP service ready"

Could this be an indication of a server? I only have a windows QSMTP server application installed, however I havent used it for a few years already.

 

Use this Free utility it shows the traffic by port, what's generate it on your computer, and the remote address.

http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx

.

 

Looks similar to netstat, but more detail. Thanks, I'll give it a shot!