1

A few moments ago I was trying to open Youtube when the browser (Chrome) notified me that I have no internet connection. All of my cable connections were OK. I disconnected the cable from my computer and reconnected it and the website opened. However, upon inspecting my router log I noticed that it alerted on and blocked a UDP flood from my own IP to an IP belonging to Google at the exact time when the website wouldn't open.

Can someone give more explanation to what actually happened?

I have Symantec EP installed on my computer. I also keep noticing that I have a fair amount of IGMP traffic in the Symantec logs.

Should I block IGMP traffic in my firewall settings?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Nakute Marato
  • 59
  • 1
  • 2
  • 4
  • 1
    I'm not sure I believe Symantec about IGMP. I'm not seeing a security question here (at least not yet). – schroeder May 03 '16 at 14:47
  • 1
    Do you mean your computer's private IP (192.168..., 172.16... or 10....) or your router's public IP? In either case I would suspect a bug in the router's software and it mistook DNS traffic for an attack (if your machine was compromised and used for DDos I really don't see why they would attack a Google IP). – André Borie May 03 '16 at 16:03
  • It was my router's IP 192.168.1.x assigned to my computer as well as it's MAC address. How would I know if my computer has been used for a DDoS attack? I did have an unknown MAC address in my DHCP client list a few days ago (check my other question). However it cleared once I reset my router and was not present in the list today when the flood happened. – Nakute Marato May 03 '16 at 19:26
  • How do you know it's not a false positive? – user253751 May 04 '16 at 05:08
  • .......I don't? – Nakute Marato May 04 '16 at 08:53

0 Answers0