what is xmas scan attack often from Akamai Technologies?

November 29, 2014 at 04:48:18
Specs: Windows 8.1
what is an xmas scan attack - often from AKAMAI Technologies - IP:23.212.109.40 - who refuse to explain their tactics or reasons for this abuse of my Router which constantly has to BLOCK these which consequently slows down my internet access

See More: what is xmas scan attack often from Akamai Technologies?

Report •


#1
November 29, 2014 at 08:34:58
I would be inclined to call your internet service provider about this to see if they can help.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#2
November 29, 2014 at 08:53:36
Derek - thanks for your interest in my problem - to give you an ides of the Scale of things just look at this constant attack apparently from GOOGLE:
The timings are in GMT London
Nov 29 13:00:40 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:38 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:30 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:28 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:20 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:18 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:10 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:08 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 13:00:00 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.
Nov 29 12:59:58 ,Xmas port scan attack from WAN (ip:74.125.230.237) detected.

My ISP refuses to acknowledge the problem and sent me a new Router with no technical information as to how to interrogate the thing! - Just instructions on "how to plug it up!"


Report •

#3
November 29, 2014 at 09:29:53
Normally blocking doesn't noticeably affect internet speed. You could turn the logging off in the router (it will still block) to see if that helps.

It is not possible for a router to be a magnet for attacks. See if you get a fully stealthed result when running the port test here:
https://www.grc.com/x/ne.dll?bh0bkyd2

Always pop back and let us know the outcome - thanks


Report •

Related Solutions

#4
November 29, 2014 at 09:34:44
First see #3.

You might also power off your router for about half a minute then power it on again. If you are on Dynamic addressing it will change your IP.

Google are snoopy - from what I've read this just happens sometimes.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •

#5
November 29, 2014 at 13:43:58
I suspect you have something installed, that is allowing this to happen.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using this, or upload to a site of your choosing. No account needed. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#6
December 6, 2014 at 09:33:38
Non of these Helpfull people have explained to me what an "Xmas Port Scan Attack" actually is and "What do the OFFENDERS hope to ACHIEVE?" especially when they don't seem to understand that their efforts are being Blocked by my Router's FIREWALL? - Talk Talk ignore my Questioning their Activities, as do GOOGLE, FACEBOOK, AKAMAI, OPAL TELECOM, and all the rest of 'em...
This is FAR TOO ANNOYING just to IGNORE as Harmless surely?

message edited by Mitcheltroy


Report •

#7
December 6, 2014 at 11:06:47
Re #6

I doubt they are choosing you in particular. Hackers around the world scan networks to try and find any that will let them in to do their dirty deeds. Your router obviously stops them but someone else's system might not. They just keep scanning and hoping - it cost them little compared to possible rewards.

I don't know for certain why "Xmas" but most likely it is because it's peak purchasing time so there's more chance to get transaction information. I guess somebody decided to give it that name.

I suspect Akamai is something different, don't know but it's nothing new, see here:
http://ask-leo.com/whats_akamai_and...

It is still worth checking (#5) just to make sure you have nothing lurking.

Always pop back and let us know the outcome - thanks

message edited by Derek


Report •


Ask Question