First of all, most of the data was not supposed to come to me, because 90% of it was addressed elsewhere. Which gives me the immediate impression that the ISP lied to us when they said they had top equipment only, but this looks more like a hub then a switch (because of all the traffic). And some packets that I picked up that were destined to go elsewhere, actually made me feel nostalgic, and made me roll on the floor laughing like hell (which was easy since I am sitting on the floor in our hall as I am writing this, time is 12:15 AM now btw). And one of them was a netsend to a neighbour of mine:
hehe, anyone recognize it? I made an analyse about this a few years ago or so, it started when I first got the message when my computer was unprotected due to a firewall mistake, so I started digging around in it, but stoped after a while when I discovered that the IP's where spoofed, since the sender did not need an answer when the message had been sent.STOP! SYSTEM MAY REQUIRE IMMEDIATE ATTENTION
Your operating system registry might be corrupt
To optionally fix your system registry
1. Download Registry Update from: www.regrenew.com
2. Install Registry Update
3. Run Registry Update
4. Reboot your computer
FAILURE TO ACT MAY LEAD TO THE FOLLOWING:
1. The compromise of personal information stored on your computer
2. Slow speeds running programs or system failure
The other packet that I picked up A LOT, gives me the feeling that it's a cause of a lot of trouble, since it's literally being spammed to me, and everywhere else, if it's indeed a hub I am getting traffic from.
Now, as you can see from the packet, it's from a Windows NT server (5.1?), and over the passed 15 minutes I have received 10000+ packets from the same source, which for some reason is unreachable for me. And since the UDP protocol doesn't really have a way of knowing when to stop sending, this can cause a bottle neck (TCP knows when to stop, and when it gets to clogged, it "restarts" its sending from the bottom, and then works its way up again, to prevent bottle necks in the network).NOTIFY * HTTP/1.1
Host:[FF02::C]:1900
NTschemas-upnp-org:service:RenderingControl:1
NTS:ssdp:byebye
Location:http://[fe80::9806:4327:c629:3234]:2869/upnphost/udhisapi.dll?content=uuid:9781debd-64aa-46e6-b433-2d9dade6c14b
USN:uuid:9781debd-64aa-46e6-b433-2d9dade6c14b:schemas-upnp-org:service:RenderingControl:1
Cache-Control:max-age=1800
Server:Microsoft-Windows-NT/5.1 UPnP/1.0 UPnP-Device-Host/1.0
OPT:"http://schemas.upnp.org/upnp/1/0/"; ns=01
01-NLS:ec3c27a0588a1411c761f53e70697973
I have made a few scans and checks with the other comp connected regularly to the net, and the host us unreachable, can't even get anything from the port/server that was mentioned in the data part of the packet. So either it's well protected, and the data is invalid in the packet, or someone is trying something nasty, might be one of the worms though, didn't get time to analyse them properly before I reformated the computer, and as usual, forgot to backup something, which in this case was the worm samples from the virtual boxes.
Anyway, other packets that I sniffed was DNS queries and Gnutella traffic, yeah, someone is downloading around here now (surprise surprise!), and according to the user agent info in the packet, it's Limewire. And thanks to all the DNS queries I managed to find a whole bunch of boxes nearby, and most of them are poorly protected, dunno how they have survived this long, but that is for me to find out and for them to suffer greatly for.
Anyway, I picked up a whole bunch of crap so I could go on like this forever, but I will look into this more and see if I can get my ISP to fix this crap soon, because it's bugging the hell out of me.
If anyone has anything to add or maybe has an idea of what the odd spam UDP packet is all about, then please, don't keep it to yourself ^^
Anyway, that is all for now ... I'm going to have a closer look on this in the morning, and then I'll confront my ISP about it, but ofc, that is AFTER I have had all my fun and grown tired of it