[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
[这个贴子最后由okayfan在 2004/04/02 02:10pm 第 1 次编辑]04/02/200413:54:00 192.168.2.100 login success
04/02/200413:47:48 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200413:47:46 **SYN Flood** 192.168.2.101, 1986->> 202.43.216.7, 80 (from PPPoE Outbound)
04/02/200413:46:52 **SYN Flood** 192.168.2.100, 1215->> 192.168.69.195, 3127 (from PPPoE Outbound)
04/02/200413:46:32 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200413:43:28 **SYN Flood** 192.168.2.100, 1961->> 192.168.18.150, 3127 (from PPPoE Outbound)
04/02/200413:31:51 Duplicate user login from 192.168.2.100
04/02/200413:31:51 Duplicate user login from 192.168.2.100
04/02/200413:31:40 Duplicate user login from 192.168.2.100
04/02/200413:28:46 192.168.2.99 login success
04/02/200413:14:10 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200413:13:09 **SYN Flood** 192.168.2.100, 2414->> 192.172.153.236, 139 (from PPPoE Outbound)
04/02/200412:53:33 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200412:40:42 **SYN Flood** 192.168.2.100, 1578->> 192.168.196.185, 3127 (from PPPoE Outbound)
04/02/200412:14:48 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200411:55:13 NTP Date/Time updated
04/02/200411:52:13 **SYN Flood** 192.168.2.100, 2175->> 192.222.50.79, 135 (from PPPoE Outbound)
04/02/200410:30:56 PPPoE get IP:61.181.9.117
04/02/200410:30:56 PPPoE start PPP
04/02/200410:30:56 PPPoE receive PADS
04/02/200410:30:56 PPPoE send PADR
04/02/200410:30:56 PPPoE receive PADO
04/02/200410:30:56 PPPoE send PADI
04/02/200410:30:56 Dial On Demand(PPPoE)
04/02/200410:26:44 PPPoE receive PADT
04/02/200410:26:39 PPPoE stop
04/02/200410:26:39 PPPoE stop PPP
04/02/200410:11:02 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200410:08:47 **SYN Flood** 192.168.2.100, 2203->> 192.136.122.123, 445 (from PPPoE Outbound)
04/02/200410:08:02 **SYN Flood Stop**(from PPPoE Inbound)
04/02/200409:47:34 **SYN Flood** 192.168.2.100, 1968->> 192.102.45.147, 6129 (from PPPoE Outbound)
04/02/200409:14:59 **SYN Flood to Host** 218.68.245.231, 1203->> 218.68.245.152, 1025 (from PPPoE Inbound)
04/02/200409:14:23 **SYN Flood to Host** 218.68.245.173, 4385->> 218.68.245.152, 1025 (from PPPoE Inbound)
04/02/200408:56:35 **SYN Flood to Host** 218.68.245.74, 4386->> 218.68.245.152, 445 (from PPPoE Inbound)
04/02/200408:56:26 **SYN Flood to Host** 218.68.245.74, 4425->> 218.68.245.152, 6129 (from PPPoE Inbound)
04/02/200408:47:42 NTP Date/Time updated
04/02/200408:47:18 PPPoE get IP:218.68.245.152
04/02/200408:47:18 PPPoE start PPP
04/02/200408:47:18 PPPoE receive PADS
04/02/200408:47:18 PPPoE send PADR
04/02/200408:47:18 PPPoE receive PADO
04/02/200408:47:18 PPPoE send PADI
04/02/200408:47:18 Dial On Demand(PPPoE)
.........................................
.........................................
"SYN Flood Stop"什么意思?
我的宽带路由接AD猫上网,现在局域网频繁断线上不了网,路由器各个端口的知识灯不停闪烁,发现有数据交换,但发现只要断开192.168.2.100这台机器,别的机器就可以正常上网了,路由器的指示灯也不再闪烁不停了。这是有人在利用什么攻击吗?我得怎么办?
[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
对不起!我也不会看啊!
[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
快去~~~~~杀毒~~~~~~~~[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
我用最新的瑞星杀了,没有发现病毒!咋办?[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
192.168.2.100这台机有问题,不是有病毒就是在跑扫描程序。。。用最新病毒库来查。。[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
用什么杀毒软件?我的瑞星已经升级到最新了。[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
“SYN FLOOD利用服务器的连接缓冲区(Backlog Queue),利用特殊的程序,设置TCP的Header,向服务器端不断地成倍发送只有SYN标志的TCP连接请求。当服务器接收的时候,都认为是没有建立起来的连接请求,于是为这些请求建立会话,排到缓冲区队列中。
如果你的SYN请求超过了服务器能容纳的限度,缓冲区队列满,那么服务器就不再接收新的请求了。其他合法用户的连接都被拒绝掉。”
杀毒可是要对192.168.2.100这台机的哟,你不是对自己的机子查吧。
看看路由中192.168.2.100这台机有没有被映射端口,被设为DMZ主机等,如果有,192.168.2.100那家伙又没水平的话,可能是被黑了,192.168.2.100上可能有木马,否则可能是病毒,实在不行就重装吧
[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
补充一下,要重装的话。。。最好format了再装。。。[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
还有,路由能检测到SYN FLOOD攻击,但似乎没有阻止,可能它的防火墙没打开,尤其是DOS Protection这项,按理说如果DOS Protection起作用即使192.168.2.100有问题也影响不太大[讨论]我的路由安全日志--高手帮忙看看我是不是中招了?
就算路由上有DOS Protection应该也没用,那些扫描直接作用于内网。。。那个路由器的lan口肯定是共享带宽的(等同HUB)。。。那些扫描造成了网络风暴
页:
[1]
2