Blocked by Protocol Analysis (Malformed IP Header) - Being Flooded...

Zenstalker · September 24, 2006, 6:26pm

I’m being flooded with the “Blocked by Protocol Analysis (Malformed IP Header)” message. Anyone can tell me what it is and how to stop it? Cause it’s really slowing my connection, altough at some points it will stop for like 10 minutes and then keep flooding me.

Comodo Firewall Logs
Date Created: 20:12:11 24-09-2006

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 172 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 94 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 92 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 181 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 175 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 1514 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 91 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 122 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 212 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 259 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 95 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 109 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 74 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 136 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 81 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 76 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 97 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 142 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 183 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 202 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 127 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 87 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 106 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 118 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 113 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 131 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 102 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 107 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 291 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 63 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 111 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 110 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 157 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 85 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 101 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 135 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 125 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 79 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 104 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 119 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 68 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 88 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 100 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 93 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 62 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 69 bytes)

Date/Time :2006-09-24 20:12:10
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 60 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 98 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 112 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 113 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 117 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 68 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 83 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 92 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 380 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 165 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 121 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 109 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 81 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 181 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 139 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 74 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 96 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 186 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 144 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 89 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 105 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 134 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 80 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 84 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 188 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 69 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 86 bytes)

Date/Time :2006-09-24 20:12:05
Severity :High
Reporter :Network Monitor
Description: Blocked by Protocol Analysis (Malformed IP Header)
Direction: IP Incoming
Reason: Invalid IP Header Size(expected = 20 bytes, received = 63 bytes)

Paris · September 25, 2006, 2:16am

Hi Zenstalker,

Are you using a torrent client when this is happening?

Zenstalker · September 25, 2006, 11:36am

No, my only Torrent application is Shareaza and I never have it on when I am on the computer. It’s only on when I’m gone to school so stuff can download every now and then.

kail · September 25, 2006, 1:03pm

Hi Zenstalker

Is your IP address static (ie. do you always have the same IP address) or had you terminated Shareaza prior to the CPF log entries without changing your IP?

Despite not actually running Shareaza at that time, other Shareaza users might have still had your IP address and were, in effect, banging their digital heads against CPF.

Zenstalker · September 25, 2006, 1:26pm

I have a Static IP… which I trully hate…

kail · September 25, 2006, 1:38pm

OK. So, digtal head banging by Shareaza users might have been the cause. But, I don’t think we can rule out an attack of some kind at this point.

But, I’ve not personally seen that CPF message before (Malformed IP Header) & I noticed that there was no mention of IP addresses. Did the CPF message not display any IP addresses or did you edit them out? I’m mainly intrested in any Source IP address.

In addition, did the Malformed IP Header’s stop or is it still continuing?

Zenstalker · September 25, 2006, 2:38pm

No IP Adress is shown in CPF and it has been going on for a LOOOONNGGGGG time now and is still going.

The latest log:
http://sunzerox.su.funpic.org/IP%20Incoming.html

panic · September 25, 2006, 2:45pm

G’day,

I’d recommend that you go to http://support.comodo.com, register and lodge a support ticket on this. As Kail said, this may be related to Shareaza users banging their heads against CPF, but it could also be an attack of some sort. Better to let the experts at it.

Hope this helps,
Ewen

Zenstalker · September 25, 2006, 3:12pm

Thanks for all the help ^^

I’ve send a ticket at the link you provided me.

Zenstalker · September 26, 2006, 2:07pm

Sorry to bump like this but I got some more stuff that concern me.

First thing is that that I have 2 computers connected to the internet, but only this one is getting these attacks, the other is getting almost nothing. (It’s getting different types of attacks).

Also that sometimes the attacks can continue but my connection stays the same. When I have both computers on at the same time I see that the connection speed drops ALOT

Also I’ve changed the DHCP approved IP from 192.168.2.2 to 192.168.2.21 but that didnt help either.

EDIT:
Why does svchost.exe have so much traffic btw?

Picture
http://img145.imageshack.us/img145/1147/scvhostjx2.png