Member Avatar for Octet

Hello Daniweb,

I have the following setup:

  • The router (Netgear DG834Gv5) is upstairs and connects to the ADSL, connected to it is a Cat5 going to a PDSL
  • Downstairs, the PDSL joins and goes to a second router (D-Link G624T) which I've turned into a Wireless bridge (disabling DHCP etc.)
  • The downstairs router 'bridges' the wireless signal so that I have coverage around the entire house

I recently noticed that the LAN port on the lower floor router is going crazy, which suggests that there is heavy activity going through, when checking the upstairs the internet light is flashing.

After doing some investigation, it only happens when my brothers laptop is connected which to me is suggesting he is either downloading torrents which are hammering the router and he isn't telling me, or his computer is infected and it is hammering the router. I locked down the router and only allowed a handful of ports through (HTTP, HTTPS etc.) and told it to log anything else which tried to access it. Apart from a large number of attempted connections to Steam and Valve servers by his computer, there also seemed to be a couple of random connections including several to Korea (14.0.35.98) on port 27031... which kind of got the alarm bells ringing.

Is it me being paranoid to think that his computer is infected/recruited and how should I pursue the matter?

Thank you

  • 2 Contributors
  • 4 Replies
  • 196 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by Octet

Recommended Answers

All 4 Replies

Member Avatar for JorgeM

So, i always look at these types of scenarios with a cost/benefit analysis. You have to consider the amount of time and energy with what you are trying to protect. What is the benefit of increasing security, monitoring, etc, and what does it cost you to implement such measures. Based on that info, implement an appropriate solution.

Member Avatar for Octet

Thanks JorgeM,

Would I be correct in thinking it could be malicious software/recruitment into a botnet?

Member Avatar for JorgeM

Its definately possible. These random connections can also be a result of visiting a web site. As you may be aware, there are many scripts, ads, links on a typical site that require your browser to download data from all parts of the globe.

however, there are definately concerns with connecting into certain countries that are known for malware.

You may want to take a look at Trend Micro's RUbotted product. They claim that this agent monitors known bot traffic.

http://free.antivirus.com/us/rubotted/index.html

In the scenario you described, i would take the extra steps to ensure that malware scans occur regularly on your network. Its a low cost, low energy solution with a high benefit.

commented: Nice heads-up +1
Member Avatar for Octet

Thanks JorgeM,

I shall begin looking at implementing it now.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.