I just thought I'd put this up for anyone who has a similar problem with their ISP. I got a notice from my ISP saying that:
Quote:
We have reason to believe that a computer connected through your Rogers Cable Modem has been infected by virus or has an application that is misconfigured.
Typically, these types of viruses do not affect the performance of your computer and instead carry out attacks and malicious activities behind the scenes, without your knowledge. This type of network activity has the potential to negatively impact the overall service. For your reference, we have included a technical summary of the activity for your reference at the bottom of this e-mail message.
To protect your computer and to safeguard other customers on the Rogers Yahoo! Hi-Speed Internet network, we urge you to remove the virus as quickly as possible. This can usually be done by using an updated Anti-Virus program to scan all the computers connected to your cable modem and choosing to remove the viruses.
If you are unable to remove the virus within 48 hours, we will have to take additional steps to protect other customers and the Rogers Yahoo! Hi-Speed Internet network including temporary service deactivation. Should this occur, we can reactivate your connection once the virus has been removed by calling into our call center.
If the network activity below is not the result of a Virus, we ask that you reconfigure any programs or hardware which is generating the network activity detailed below to reduce the amount of traffic or redirect it to another DNS Server.
High volumes of requests causing Error or Canned (127.0.0.1) responses usually indicate a Worm, Virus, or Bot infection. These viruses will usually attempt to connect to a controlling server or attempt to perform a Denial of Service attack on a specific server on the Internet. Once the desintation is identified, the owner of the server may remove or change the DNS entry causing future Virus infected computers to fail resolving the name. this causes an error to be generated.
Sincerely,
EUA Management Team
Rogers Yahoo Hi-Speed Internet
http://na.edit.client.yahoo.com/roge...ic?.form=terms
00285053
IP Add, Errors, Queries
xx.xx.xx.xx, 356, 1033
|
I managed to find the two culprits.
1. Bittorrent seems to try to do host lookups on all machines it touches. I was downloading a few linux iso's. It was causing over 400 failed attempts a minutes.
2. I have a script which scans through failed attempts reported by DenyHosts and uploads the data to my web server.
I happened to be doing the download and had all my four computers online last night. So they were all running at the same time. This triggered Rogers to think the traffic created by four computers doing backups, and downloading to report as a virus. So if your ISP is reporting heavy DNS traffic. You may want to look at the number of computers working at the same time.
