Solve : ADP port sending out rapid Who Has , Tell ?

1.	Solve : ADP port sending out rapid Who Has , Tell ?
Answer» Ok. So let's say you are in a computer lab and it's all on one big network with one priter. When someone goes to print something, their computers askes everything on the network "Who has this ip?" (the printer IP) Everyone elses computer ignores this except for the printer who says "I have that ip". then the computer asks "do you have this MAC address?" and when the printer responds with "yes", the print begins. Now for SOME reason my computer is just rapidly sending out WHO HAS , TELL and I don't know why... That little example above is I think what I read off of a website or somthing about ADP ports and how they work. Anyway, my ADP port keeps sending out these requests very rapidly, which is killing my bandwidth and is setting off some "safety" thing or something with my cable modem, causing it to reset itself. When I look on my firewall, it's usually Svchost that's at 80-100% of traffic, so I'm assuming that's the case. Internet:Comcast High Speed Cable Modem: RCA IP: Dynamic Picture of my ethereal log (for those who don't have it):http://img160.imageshack.us/img160/2060/ethereallog3yy.png Attached: A small ethereal log that shows the problem. Believe me, my computer sends out MANY more than that. PS. The source IP when those requests are being sent out is my...default gateway...what the censored?I believe this to be an ARP (address resolution protocol) spam attack from outside your network; does your router have a built in firewall? (If not, why not?)I don't use a router, but I do use this Nyko wireless thing here, because my computer is in a room far away from the modem. Since this isn't real "wireless", I don't think there is any way for someone to do anything with it. Also, I'm the only one USING my internet, so there's no one else on the network. I have a firewall, and I'm using it to block a few IPs already, but it's not doing much good... Quote I'm the only one using my internet, so there's no one else on the network. Ah, now that's where you'd be wrong. If you are connected to the internet, you're on the same network as millions of other people. The attack is coming from the internet side of your modem. The modem (since it doesn't know any better) is broadcasting the attack to your LAN. So LETS get this right: you have a PC to which you have attached a modem and the wireless extender? If so, that's the PC that needs to have some decent firewall software running, which MUST be configured properly. Software firewalls aren't great as a first line of defence, but if that's all you've got, you could do with locking it down tightly. Quote Quote I'm the only one using my internet, so there's no one else on the network. Ah, now that's where you'd be wrong. If you are connected to the internet, you're on the same network as millions of other people. Ok, you got me on a technicality. =/ But what I was saying is that I'm the only one in my house that USES the internet at one time. Anyway, I use Comodo Personal Firewall. Any help on setting that up correctly? I used to have it set up to block a few IPs, but I'm not SURE if I got it all covered.. Firewall security needs to be looked at the other way around. Rather than blocking known nasties, you start by blocking everything. Then you unblock things you know you need. I can't specifically help you with that firewall product, since I don't know it, but most of these personal firewalls have a "learning mode", whereby they'll lock everything down, and then check with you each time something requires access that isn't currently permitted. In your case, it might be best to start from scratch, by removing Comodo and installing (e.g.) ZoneAlarm. Oh - the reason I made the point about networks is that this is easy to overlook. The internet is just one network. As soon as you plug in by dial up, ADSL or whatever, you are part of that network. At worst, every single node (computer) on that network can communicate with/attack every other node. This is what makes firewalls so crucial.I'm keeping Comodo, personally because I like it, and second because it has a learning mode. Actually, it had a few of them. Plus, I don't really like zone ALARM that much..Fine. Make sure you set it up right.

Answer»

Ok. So let's say you are in a computer lab and it's all on one big network with one priter. When someone goes to print something, their computers askes everything on the network "Who has this ip?" (the printer IP) Everyone elses computer ignores this except for the printer who says "I have that ip". then the computer asks "do you have this MAC address?" and when the printer responds with "yes", the print begins. Now for SOME reason my computer is just rapidly sending out WHO HAS , TELL and I don't know why...

That little example above is I think what I read off of a website or somthing about ADP ports and how they work. Anyway, my ADP port keeps sending out these requests very rapidly, which is killing my bandwidth and is setting off some "safety" thing or something with my cable modem, causing it to reset itself. When I look on my firewall, it's usually Svchost that's at 80-100% of traffic, so I'm assuming that's the case.

Internet:Comcast High Speed
Cable Modem: RCA
IP: Dynamic

Picture of my ethereal log (for those who don't have it):http://img160.imageshack.us/img160/2060/ethereallog3yy.png
Attached: A small ethereal log that shows the problem. Believe me, my computer sends out MANY more than that.

PS. The source IP when those requests are being sent out is my...default gateway...what the *censored*?I believe this to be an ARP (address resolution protocol) spam attack from outside your network; does your router have a built in firewall? (If not, why not?)I don't use a router, but I do use this Nyko wireless thing here, because my computer is in a room far away from the modem. Since this isn't real "wireless", I don't think there is any way for someone to do anything with it. Also, I'm the only one USING my internet, so there's no one else on the network. I have a firewall, and I'm using it to block a few IPs already, but it's not doing much good... Quote

I'm the only one using my internet, so there's no one else on the network.

Ah, now that's where you'd be wrong. If you are connected to the internet, you're on the same network as millions of other people. The attack is coming from the internet side of your modem. The modem (since it doesn't know any better) is broadcasting the attack to your LAN.

So LETS get this right: you have a PC to which you have attached a modem and the wireless extender? If so, that's the PC that needs to have some decent firewall software running, which MUST be configured properly. Software firewalls aren't great as a first line of defence, but if that's all you've got, you could do with locking it down tightly. Quote

Quote
I'm the only one using my internet, so there's no one else on the network.
Ah, now that's where you'd be wrong. If you are connected to the internet, you're on the same network as millions of other people.

Ok, you got me on a technicality. =/ But what I was saying is that I'm the only one in my house that USES the internet at one time. Anyway, I use Comodo Personal Firewall. Any help on setting that up correctly? I used to have it set up to block a few IPs, but I'm not SURE if I got it all covered..
Firewall security needs to be looked at the other way around. Rather than blocking known nasties, you start by blocking everything. Then you unblock things you know you need. I can't specifically help you with that firewall product, since I don't know it, but most of these personal firewalls have a "learning mode", whereby they'll lock everything down, and then check with you each time something requires access that isn't currently permitted.

In your case, it might be best to start from scratch, by removing Comodo and installing (e.g.) ZoneAlarm.

Oh - the reason I made the point about networks is that this is easy to overlook. The internet is just one network. As soon as you plug in by dial up, ADSL or whatever, you are part of that network. At worst, every single node (computer) on that network can communicate with/attack every other node. This is what makes firewalls so crucial.I'm keeping Comodo, personally because I like it, and second because it has a learning mode. Actually, it had a few of them. Plus, I don't really like zone ALARM that much..Fine. Make sure you set it up right.

Solve : ADP port sending out rapid Who Has , Tell ?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment