I've been attacked

Hello, I was playing a game and at that time my internet conexion become very lagy .

I’ve saw this IP for 500+Times in my INTRUSION alert

This was a flood attack or ?

looks like it


yes but I’m from Romania.

And that GUY who flooded me, flooded two friends of mine in the past, but today he flooded me… First I didn’t belive them, but now I do… that guy is from romania, he is using proxy so he can change IP .

and yesterday I’ve suspended him on a forum !

That’s no proxy… it’s much worse than that (only kidding), it’s a University (University of Patra). What’s the nature & type of the inbound traffic?

now it appears 0 inbound connection (my net is OK now)

but at that time was 1 inbound connection .

If you have comodo setup tight there should not be any problems, once it detects an attack it should lock down your computer.

I’ve installed it after I was attacked :frowning: .

So my question is THIS WAS a flood or not ?

did it target a single port or was it trying to access all of them looking for an open one?

EDIT: also there are different type of flood attacks

A smurf attack is one particular variant of a flooding DoS attack on the public Internet. It relies on misconfigured network devices that allow packets to be sent to all computer hosts on a particular network via the broadcast address of the network, rather than a specific machine. The network then serves as a smurf amplifier. In such an attack, the perpetrators will send large numbers of IP packets with the source address faked to appear to be the address of the victim. The network's bandwidth is quickly used up, preventing legitimate packets from getting through to their destination.[3] To combat Denial of Service attacks on the Internet, services like the Smurf Amplifier Registry have given network service providers the ability to identify misconfigured networks and to take appropriate action such as filtering.

Ping flood is based on sending the victim an overwhelming number of ping packets, usually using the “ping” command from unix like hosts (the -t flag on Windows systems has a far less malignant function). It is very simple to launch, the primary requirement being access to greater bandwidth than the victim.

SYN flood sends a flood of TCP/SYN packets, often with a forged sender address. Each of these packets is handled like a connection request, causing the server to spawn a half-open connection, by sending back a TCP/SYN-ACK packet, and waiting for a packet in response from the sender address. However, because the sender address is forged, the response never comes. These half-open connections saturate the number of available connections the server is able to make, keeping it from responding to legitimate requests until after the attack ends.

only one port 37530

again …same IP :expressionless:

so this is a flood , no ?

but this time for a short period of time.