This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Possible attack?

0

Hey, i recently encountered internet errors that my provider couldnt fix for more than a month. Sympthoms are a whole lot of FEC and CRC errors, and after a while connection to my dns becomes impossible too. But around 11 pm all these issues suddenly stop, the line becomes crystal clear. It could still be a noisy line but all the cables were replaced already, nobody around me reports errors. My modem log displays this often, when the problems happen:

2017-02-20T23:03:27Z [Warning] IPV4 SIP UDP attack.

The line is adsl with voip. Could this be a false positive? Could someone please explain how i check this using wireshark? ( Or how can i save logs for someone expert to check) Please note that i am just an end-user, i have no knowledge about networking.

asked 21 Feb '17, 07:23

Casthaneda's gravatar image

Casthaneda
3114
accept rate: 0%

edited 21 Feb '17, 07:24


One Answer:

1

FEC and CRC errors are usually a Layer 1 or 2 error.

Possible faulty cabling or bad cable/switch connection. If you've already replaced the cabling, look at the wires on your switch/router which that network cable is plugged into. Perhaps you have one pin partially bent?

It might also be a faulty\buggy switch/router port driver bug which only occurs when {something or another} gets over a certain level.

Cheers,

answered 21 Mar '17, 00:31

wbenton's gravatar image

wbenton
29227
accept rate: 0%

Hey, thanks for the reply, the issue is gone but i actually had to change network provider. But the issue is still a mistery to everyone including the technicians from my old service provider.

To sum it up: the modem/router was 1 month old functioned perfectly outside of certain timeframes, same for the cables and wires, my old provider had everything replaced, and had me put on a different line even. The issue surely wasnt related to my own network traffic since that was usually higher outside of the problematic tiimeframes.

Another weird thing i noticed on wireshark is that according to it my pc initiated "open vpn" connection to an unidentified brittish ip, i never had any kind of vpn installed on my current system, should i be worried by that or open vpn is something other applications might use?

(22 Mar '17, 07:51) Casthaneda

Your answer has been converted to a comment as that's how this site works. Please read the FAQ for more information.

(22 Mar '17, 08:16) Jaap ♦