Internet access here at the haus was amazingly slow for the last couple of days, even after some warm reboots of the firewall/router, changing DNS entries, etc. I didn't spot anything on cox.net's network status about an outage, and was getting normal network speeds on the internal network. Traceroutes to multiple external sites weren't consistent as to where there might be an issue. I took my time troubleshooting because I didn't have a good reason to need full Internet speed and figured that cox.net would find the problem in a couple days if it was in their network.

I finally looked at my firewall/router logs when the problem didn't resolve by day three and found a bunch of malformed ICMP packets hitting my external IP address from multiple external sources. It looked like my router was under a light DDOS attack. Why? Hell if I know, I don't have anything running back here that might be of interest other than my file server, which stays powered off when no one's using a system on the network, like all the client systems. The router was saying that the packets might have been a JOLT attack. Reading further, I discovered that JOLT attacks target Windows boxes trying to lock 'em up, so someone may have thought I had a Windows box available at this IP address that they wanted to lock up for some reason. More likely it was some automated script kiddie activity. Again, wtf? Stupid script kiddies fishing for whatever joy they can, I guess. Maybe since my firewall/router didn't go down, their automated setup just kept at it, trying to knock it down before moving on. Would have been fun to tie up their resources further, but my wife and I gotta have our IntarWeb when we want it.

Simply turning off the target system usually resolves a JOLT attack according to the above site, so I cold restarted the firewall/router, effectively dropping the target completely off the Web for a couple minutes, and when the thing came back online, poof, Internet connectivity returned to normal speed. I'm not seeing malformed ICMP packets coming in like they were before, either.

My unknown assailant probably has chalked up another Windows box or router locked up and moved on. Whatever. Hope their system(s) overheat.