Jump to content


Guest aerodude

Recommended Posts

I recognized this last night. Figured out the problem. I use McAfee firewall and when watching inbound events, there were many attempts at port 1030 udp from a347dnsxx.direcpc.com. Where xx = numerals. No doubt this is the cause of the problem for me. I have been noticing events for a long time on port 1026 w/udp for a347dnsxx.direcpc.com. The ip's of these machiness are and up, there are about 8 of them that keep trying to send udp packets. Notice these machines have the name dns in them and they are also on the same subnet as the dns server configured on the dway modem.

DNS uses port 53 for communication and the dns server at dway should also use that port when replying back. Also, from what I glean off the internet, a dns server should not solicit any client, it should only respond to a client request. So from that description, I decided they were not legit accesses and never have allowed them.

You can consider this a denial of service attack of sorts.

So when I saw this happening last night, I changed the dns server on the dway modem to After doing that, I had no more problems with attempts at port 1030/udp. I then started getting attempts at port 1026/udp for ns0x.direcpc.com and there were many different machines trying to communicate with my system.

I called dway support today about this. I didn't dial the regular number, I called information and got the number for hughes network in Germantown, MD and was transferred to "Executive Customer Service" whippee. I was then told they would transfer me to a technical person, I said thanks but I did not want to talk to anyone in India because they couldn't help me. They put me thru to someone in Florida.

I had a conversation with this network tech there about this issue with attempts at my firewall.. I explained that I would think that dway would want to do something about this because it was causing their servers unnecessary work and taking up bandwidth. This tech told me that dway often communicates with the modem to ensure the signal is at it's best and this is what was happening. I explained that it was certain that the dos on port 1030/udp was keeping me from loading web pages. It took several submits in a row before a page would come up. He tried telling me that I should allow direcpc.com but I know better then that because every dway customer out there is in the direcpc.com domain and no way I'm opening my machine up to that. He also told me that I don't even need a firewall because they have 3 layers of nat and encryption of the satellite stream. That comment went in one ear and out the other also. Anyhow, the conversation ended with this person not admitting to anything and I have considered trusting a couple of the a347 ip addresses.

I also let this tech know that they ought to snoop the traffic on their servers to see if there is anything going out to dway customers that is not legit.

So here is the really interesting thing. Since I had the conversation with this person, I have not seen one single attempt at my computer by a347...direcpc.com or ns0x.direcpc.com. hmmm, I'm thinking they must have done something because I have rebooted and typically several minutes after the modem is rx and tx, I start seeing the a347 attempts. So far so good, I hope they did do something. I'll keep watching and if others can feed back what they see on their firewalls, that would be good too.

Hope this helps!!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...