Hey anjanesh i have been following your posts in many of the forums other than this......actually my network is also facing the same problem past 2 weeks........firstly let me tell you few details ........i stay at Andheri, Mumbai.........and im a part of a local area network hosted by a local cable operator........and we have many ISPs on our network like vibes online, sify , interface ,etc........now the whole issue started around 2nd Jan,2008 with vibes users complaining about several disconnections of their internet connection whenever they start surfing any site..........earlier the cable guy found out that sum1 was clogging the local gateway ip of that ip range.......10.68.21.xxx and 10.58.21.xxx with gateway 10.68.21.1 and 10.58.21.1 resp.......now he introduced cisco switches inside our network thus virtually dividing our whole LAN into several sublans.........but the issue didnt get solved........then he transferred the affected vibes customer to interface ip range and gave them the interface ISP..........which i use..........the day these ppl got transferred to my ip range 172.25.3.xxx with gateway 172.25.0.1........... all the users in this ip range with interface ISP are now facing the same problem........our net disconnects randomly and my norton shows me this alert.......
HTTP ANI File Anih Hdr Size BO.
k.222360.com(222.216.28.25)(http(80))
And the funny part is vibes customers are having absolutely no problem from the day these ppl got shifted to my ip range.....
ME and our cable operator had no clue that its such a big problem only after reading your blogs.......we thght that sum1 frm our network is tryin to clog the gateway and thus causing problems to other users..........now frm your investigation we have come to knw abt the real problem..........but sum strange things i have observed during these dayz......
1. The net never disconnects at nite... arnd after 10pm till early in the morning arnd 8 or 9am when usually offices start...i got many office networks inside my local area network.
2. Whenever net disconnects i ping to my gateway 172.25.0.1 and i get request timed out but thn at the same time if i ping to sum1 else on my network eg : 172.25.3.120 or 172.25.3.39 (rather they r dead or alive)
my ping to gateway 172.25.0.1 immediately starts responding and the net starts working as normal........again if it gets disconnected i do the same procedure.......
3. I have observed tht whenever my net gets connected the first site i get redirected to is
http://g.asdafdgfgf.com/ads.js which u all r talking abt....
So keeping in mind all the above observation i think this problem is caused by
1. Intrusion frm an external body like the internet thru ISP ofcourse
2. Intrusion frm local network ... that is frm the PCs in my network which dont have proper antivirus and in which tht javascript is residing and continuously addressing the gateway 172.25.0.1 which we all share in our ip range......so the point is due such few infected PCs which i found are OFF during night time( when net works perfectly fine).......our gateway is getting clogged and thus ppl like me (thou with norton and nod32) are facing this problem even after blocking the intrusion attempt..........
i have discussed this issue with the cable guy and he has asked the interface ISP ppl to block this ip 222.216.28.25
on their DNS server firewall......
one more thing all the attacks mentioned by you and faced by my network are originating from this ip 222.216.28.25
which is changing names to k.222360.com or v.222360.com or
http://g.asdafdgfgf.com/ads.js
all are showing the same ip addr
so lets c if the ip is blocked at the DNS itself the external attack will b stopped...........
but wat remains is the internal attack which still is cloggin the gateway .........to solve this we have asked all the users in my ip range to install Nod32 or Norton to secure there PCs so tht it doesnt allow such scripts to run on their PCs and congest the gateway...........
Im awaiting the reply of the Interface ISP tech dept and also the installation of the anti virus on all the network PCs......this work should be done by 19th Jan.........after tht lets c if we face the same problem or not......
till then i have found out an effective way of using net by pinging to any random ip on my network as soon as i get request timed out on my gateway ip.......and trust me its working perfectly fine but only till next attack occurs ~!
U have mentioned tht u r also frm mumbai........so let me knw ur contact no. or email me at
chillpill_rohit@yahoo.co.in
together we can n we will find out a way to tackle this nuisance.........awaiting ur reply asap
Regards.
Rohit Jain
(affected user)