Thats a weird one. I'm not sure how netgear alerts work, but that message seems fairly straightforward.

It is saying there are too many tcp packets being sent from 192.168.0.2 on the LAN (I would guess your PC), to 216.115.85.95 on the WAN (ie. a machine on the Internet).

How it works out what a 'flood' is I don't know. It might just be wrong, or spotting an unexpectedly large amount of data. Normally a flood would contain malformed packets to force a network device crash, but Netgear might be using the term more generally.

There will probably be a web admin tool for the Netgear router, you might be able to configure the alerts from there. Another possibility is that the PCI card comes with some kind of software firewall; you should have an admin tool installed to manage it if so. Look at the mail headers to find out which device alerts are sent from.

The data is being sent to tcp port 80, which is normally used by web servers.

So... unless you are uploading large files using http (unusual), you may have a trojan installed doing something norty.

The server at 216.115.85.95 hosts some dodgy website called www .x-x-x-host.com ... you don't run a pr0n site do you?

Absolute ****e.
I have no idea if I got a trojan or not!

And have I shot myself in the foot here with your last quote?
No, I don't run a porn site! I just use my PC for everyday use like downloading stuff and the occasional you know what...

By the way, my router has some kind of hardware firewall already built in. I think it's this that is making me get all these messages somehow...

Nah, it should be alright. If you can somehow disable the messages you'll be fine. I'm on a wireless network, and for some reason the standard scanning etc. done on the network is interpreted by my firewall as being a 'hacker'. I know it's not a hacker, because the IP it's coming from happens to be that of the other PC or the router (occasionally I do actually get hacker attacks, believe it or not ).

So yes... though I'm probably wrong and I'm probably being watched this very minute... oh well .

Probably a good idea to find out... get a virus scanner on there, or get someone to have a look at the machine.

There is something strange going on; you wouldn't normally expect a alot of data to be going from your desktop PC to a web server.

That web server does pr0n hosting and allows file uploads over http. Thats the only thing that explains the Netgear alerts, unless you have a trojan installed thats stealing your bandwidth or attacking the site.

Sounds like thats where the alerts are coming from then. You could probably turn them off, but best to find out whats causing them first.

Actually... I've just had a thought. You have a wireless router, right? Its possible someone in the area with a wireless network card is on your network. Seems unlikely, but it is possible.

Check to see if the network address of your PC matches the LAN address in the alerts (but don't publish any more of your internal network details here!).

Start->Run 'cmd.exe', and run 'ipconfig /all' will give you your network details.

I think Wireless network adaptors, don't send signals that far, (not far enough for another house) (i dont think :P)

What it looks like is your computer is RECIEVING too many packets (which is considered flooding) from the IP 216.115.85.95.

Get in contact with the owner of that IP to sort it out (i can get contact details if you like)

From that message it looks like a PC on your network is trying to access an external IP.

If it was someone attempting to access you, surely it would say something like this:

[code:1:f4b6d872ec]Fri, 2004-01-02 20:26:45 - TCP Packet - Source:217.32.x.x,46716 Destination:81.x.x.x,8080 - [DDOS][/code:1:f4b6d872ec] (the 81.x.x.x is me)

I dont know what's causing the messages, but i would run a full virus and trojan sweep. To turn off the messages log into the router, go into the Email section and turn off the email options.

And wireless goes surprisingly far. I can pickup the SSID of two neighbours routers and i live in a detached house (they also have no access lists or WEP but that's another story ). The signal strength is still a healthy 50%, so enough to connect anyway.

You can check to see who's on your router by going into the router and looking in Attached Devices. Also if you haven't done so already go into Wireless Settings and turn on Access Lists and add the MAC of your wireless NIC (should have been picked up in the panel already)

OK can you help me?
Not sure what you can do like but I appreciate your help!

Right on my attached devices it's just my computer on 192.168.0.2.
I've also recently done a virus check and everything was OK.
Can you recommend any free software though for this trojan sweep?
I also can't see a section called 'turn on access lists' on my router but the mac of my wireless NIC is on though...

Dont know if this will be of any help to you but have you considered running spybot to see if you have any spyware?..


Also in the last few months my network card was sending around 793,098,894,948 bytes .!!!!!!


I tried forever to solve this problem, in the end updating my Interl Pro/100 ve driver fixed the problem.


Best of luck

Yep, I use Ad-Aware and Spybot almost everyday to get rid of the nasties.

Everyday! What do you get up too ;-)

I used it once and I had no spyware... I think the trick is to not download and install ****e*

Do people really care about cookies and data mining.