I had no open apps and noticed my cable light blinkin rapidly so I did a netstat and this is what it showed. What da heck is this? I don't play any games and don't even have any game software installed.

C:\WINDOWS>netstat -a

Active Connections

Proto Local Address Foreign Address State
TCP xxxxxx:2564 0.0.0.0:0 LISTENING
TCP xxxxxx:2750 0.0.0.0:0 LISTENING
TCP xxxxxx:2750 ak47.gamesquad.net:80 CLOSE_WAIT
UDP xxxxxx:2564 *:*

Echo Replies 0 744
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0


C:\WINDOWS>netstat -s

TCP Statistics

Active Opens = 2352
Passive Opens = 80
Failed Connection Attempts = 1
Reset Connections = 867
Current Connections = 1
Segments Received = 39101
Segments Sent = 32487
Segments Retransmitted = 84

UDP Statistics

Datagrams Received = 12894
No Ports = 298
Receive Errors = 0
Datagrams Sent = 12951

yeah, I realized it's the same server as our site, but I fear that there is a subdomain being used to do some dirty work! Look at that name......ak47.gamesquad.net.........ak47 is a machine gun!

I am able to netstat this info immediately after my firewall gives me a "duplicate IP" detection warning message. I fear that someone may have got access to our server logs and is trying to spoof IP's because our logs will show valid IP's.

hehe......I am waiting patiently using an app to monitor the port in question, the one that shows a being in use...2564.....so the next time it happens I'll get the IP# for ak47.gamesquad.net and then I'll send that IP about 20,000 oversized UDP packets and keep it busy for a few minutes or at least he will get the message to F-off!

ps - I was browsing about a half hour prior to receiving that flood of packets from ak47.gamesquad.net. Closed all web apps and was working on other stuff.

anything on port 80 is a http: connection.