[SOLVED] Help, maybe ddos attack?

[Cantucantu]

Hey, I have xfinity and had a outage a few days ago. Ever since my wifi has basically been unusable. Ran a Nestat and have no idea what I'm looking at, should I be worried?

Proto Local Address Foreign Address State
TCP 10.0.0.163:49414 52.226.139.121:https ESTABLISHED
TCP 10.0.0.163:49687 52.226.139.180:https ESTABLISHED
TCP 10.0.0.163:51038 yv-in-f188:5228 ESTABLISHED
TCP 10.0.0.163:54754 a104-84-231-232:http TIME_WAIT
TCP 10.0.0.163:54755 ec2-44-195-64-169:https ESTABLISHED
TCP 10.0.0.163:54756 Livingroom:42676 TIME_WAIT
TCP 10.0.0.163:54757 52.96.222.162:https ESTABLISHED
TCP 10.0.0.163:54758 204.79.197.222:https ESTABLISHED
TCP 10.0.0.163:54759 72.21.91.29:http ESTABLISHED
TCP 10.0.0.163:54760 52.96.222.162:https ESTABLISHED
TCP 10.0.0.163:54761 52.113.196.254:https ESTABLISHED
TCP 10.0.0.163:54762 52.113.196.254:https ESTABLISHED
TCP 10.0.0.163:54763 72.21.81.200:https ESTABLISHED
TCP 10.0.0.163:54764 52.113.196.254:https ESTABLISHED
TCP 10.0.0.163:54765 52.113.196.254:https ESTABLISHED
TCP 10.0.0.163:54771 204.79.197.222:https ESTABLISHED
TCP 10.0.0.163:54773 52.113.196.254:https ESTABLISHED
TCP 10.0.0.163:54774 a-0001:https ESTABLISHED
TCP 10.0.0.163:54775 a-0001:https ESTABLISHED
TCP 10.0.0.163:54776 a-0001:https SYN_SENT
TCP 10.0.0.163:54777 a-0001:https ESTABLISHED
TCP 10.0.0.163:54778 a-0001:https ESTABLISHED
TCP 10.0.0.163:54779 52.96.222.162:https ESTABLISHED
TCP 10.0.0.163:54780 a-0001:https ESTABLISHED
TCP 10.0.0.163:54781 52.96.222.162:https ESTABLISHED
TCP 10.0.0.163:54783 52.96.222.162:https ESTABLISHED
TCP 10.0.0.163:54784 40.126.29.7:https ESTABLISHED
TCP 10.0.0.163:54785 40.126.29.7:https ESTABLISHED
TCP 10.0.0.163:54786 40.126.29.7:https ESTABLISHED
TCP 10.0.0.163:57660 75.75.77.3:https ESTABLISHED
TCP 10.0.0.163:59465 47:https ESTABLISHED
TCP 10.0.0.163:60603 h:https ESTABLISHED
TCP 10.0.0.163:62307 199.232.121.140:https ESTABLISHED
TCP 10.0.0.163:62327 ec2-107-23-124-38:https ESTABLISHED
TCP 10.0.0.163:65062 215:4070 ESTABLISHED
TCP 10.0.0.163:65065 199.232.69.140:https ESTABLISHED
TCP 10.0.0.163:65067 199.232.121.140:https ESTABLISHED
TCP 10.0.0.163:65070 75.75.77.3:https ESTABLISHED
TCP 10.0.0.163:65085 20.62.59.40:https ESTABLISHED
TCP 10.0.0.163:65091 52.111.230.4:https ESTABLISHED
TCP 127.0.0.1:52359 ASUS-VivoBook-S15:56857 ESTABLISHED
TCP 127.0.0.1:56857 ASUS-VivoBook-S15:52359 ESTABLISHED
TCP 127.0.0.1:56857 ASUS-VivoBook-S15:61026 ESTABLISHED
TCP 127.0.0.1:61026 ASUS-VivoBook-S15:56857 ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:49886 [2600:1901:1:c36::]:https ESTABLISHED
TCP [2601💯1817f:6e80:48aa:97a4:d339:960e]:50249 g2600-1402-0019-02aa-0000-0000-0000-0057:https CLOSE_WAIT
TCP [26011💯817f:6e80:48aa:97a4:d339:960e]:50635 [2001:558:feed:443::3]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:50758 [2001:558:feed:443::3]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:53430 [2600:1901:1:c36::]:https TIME_WAIT
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:54063 [2600:1901:1:ca7::]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:54749 [2a04:4e42:7b::760]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:55497 [2a04:4e42:7b::760]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:57006 [2600:1901:0:524d::]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:57668 [2001:558:feed:443::3]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:57686 [2001:558:feed:443::3]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:60593 yb-in-f139:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:60609 [2001:558:feed:443::3]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:61096 [2a04:4e42:7b::760]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:61950 [2600:1901:1:e71::]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:62308 g2600-1402-0019-0000-0000-0000-1736-a863:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:62311 [2a04:4e42:77::396]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:62318 [2a04:4e42:77::396]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:63619 [2600:1901:1:c36::]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:65061 [2600:1901:0:524d::]:https TIME_WAIT
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:65078 [2a04:4e42:7b::396]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:65079 [2a04:4e42:7b::396]:https ESTABLISHED
TCP [2601💯817f:6e80:48aa:97a4:d339:960e]:65080 [2a04:4e42:7b::396]:https ESTABLISHED

 

[Saga Lout]

Switch that phone off then step on it.

 

[bill001g]

This is where only reading news headlines and not understanding makes things much worse.

A actual DDOS attack generally can't be seen on a pc behind a router. You generally can't see it with a simple netstat command and what you do see looks nothing like you show. A actual DDOS would affect both the wired and the wifi since it is a attack against the router.

This is just a fairly standard netstat. It is your fairly typical open session list from a web page. Many web pages open a huge number of ip addresses because of all the tracking and advertising that is opened. It is also made more confusing because it is using a mix of ipv4 and ipv6.

You are now going to have to test to find the problem rather than just jump to conclusions. Run a ping command to your router IP to test the wifi and then run a ping to say 8.8.8.8 to test the network. You are looking mostly for packet loss but lots of extremely high ping times also indicates a issue.

 

[kanewolf]

You might also want to disable IPv6 on that device, just to simplify things.