[这个贴子最后由YES东在 2004/03/13 02:12am 第 1 次编辑]
没想到这里我的设备也频繁出现断流(几分钟一次),之前别人说出现频繁断流我却没问题。
我所使用的设备是G1,FW版本:138030917a26.0 使用地方:广州
今晚凌晨上网就出现了频繁的断流情况,即使我做了透明映射到我的电脑来并对设备的默认三个端口进行修改和打开ADSL的防火墙还是无法避免。登陆设备的防火墙日志内容:
Time: 2 hr,2 min,3 sec
Port Scan Type- RST scan, Src:219.145.93.110, Dst:61.144.142.47, Prot:TCP , DPort:4701 , Intf: ppp-0, ScanCnt:206
Time: 2 hr,1 min,56 sec
ViolationType- SYN DOS, Src:172.25.1.41, Dst:66.185.84.73, Prot:TCP , SPort: 4703, DPort:4220 , Intf: eth-0, ViolationCnt:4840
SessDeleted:325
Time: 2 hr,1 min,24 sec
Port Scan Type- ACK scan, Src:61.150.84.81, Dst:61.144.142.47, Prot:TCP , DPort:3002 , Intf: ppp-0, ScanCnt:35148
Time: 2 hr,1 min,23 sec
Port Scan Type- SYNACK Scan, Src:218.76.47.13, Dst:61.144.142.47, Prot:TCP , DPort:4300 , Intf: ppp-0, ScanCnt:1398
Time: 1 hr,37 min,19 sec
Port Scan Type-TCP Session scan, Src:172.25.1.41, Dst:218.79.246.27, Prot:TCP , DPort:30161, Intf: eth-0, ScanCnt:10813
Time: 1 hr,37 min,10 sec
ViolationType- SingleHost DOS, IP Address:172.25.1.41, Intf: (null)
Time: 1 hr,32 min,1 sec
Port Scan Type- RST scan, Src:219.145.93.110, Dst:61.144.142.47, Prot:TCP , DPort:3520 , Intf: ppp-0, ScanCnt:210
Time: 1 hr,31 min,24 sec
Port Scan Type- ACK scan, Src:82.32.33.166, Dst:61.144.142.47, Prot:TCP , DPort:3147 , Intf: ppp-0, ScanCnt:30790
Time: 1 hr,31 min,20 sec
ViolationType- SYN DOS, Src:172.25.1.41, Dst:61.145.213.178, Prot:TCP , SPort: 3194, DPort:6882 , Intf: eth-0, ViolationCnt:5034
SessDeleted:9
Time: 1 hr,31 min,20 sec
Port Scan Type- SYNACK Scan, Src:218.79.157.12, Dst:61.144.142.47, Prot:TCP , DPort:3070 , Intf: ppp-0, ScanCnt:1269
Time: 1 hr,7 min,19 sec
Port Scan Type-TCP Session scan, Src:67.71.17.185, Dst:61.144.142.47, Prot:TCP , DPort:24625, Intf: ppp-0, ScanCnt:9884
Time: 1 hr,6 min,39 sec
ViolationType- SingleHost DOS, IP Address:172.25.1.41, Intf: (null)
Time: 1 hr,1 min,24 sec
Port Scan Type- ACK scan, Src:220.112.64.232, Dst:61.144.142.47, Prot:TCP , DPort:3064 , Intf: ppp-0, ScanCnt:21882
Time: 1 hr,1 min,23 sec
Port Scan Type- RST scan, Src:212.242.211.145, Dst:61.144.142.47, Prot:TCP , DPort:3034 , Intf: ppp-0, ScanCnt:286
Time: 1 hr,1 min,20 sec
Port Scan Type- SYNACK Scan, Src:218.64.2.200, Dst:61.144.142.47, Prot:TCP , DPort:3313 , Intf: ppp-0, ScanCnt:1648
Time: 1 hr,1 min,20 sec
ViolationType- SYN DOS, Src:172.25.1.41, Dst:61.54.235.117, Prot:TCP , SPort: 3251, DPort:1884 , Intf: eth-0, ViolationCnt:4804
SessDeleted:5
Time: 0 hr,37 min,19 sec
Port Scan Type-TCP Session scan, Src:172.25.1.41, Dst:219.154.14.127, Prot:TCP , DPort:8881 , Intf: eth-0, ScanCnt:1551
Time: 0 hr,36 min,33 sec
ViolationType- SingleHost DOS, IP Address:172.25.1.41, Intf: (null)
Time: 0 hr,31 min,24 sec
Port Scan Type- ACK scan, Src:61.54.85.217, Dst:61.144.142.47, Prot:TCP , DPort:1231 , Intf: ppp-0, ScanCnt:0
Time: 0 hr,31 min,22 sec
Port Scan Type- RST scan, Src:219.145.93.110, Dst:61.144.142.47, Prot:TCP , DPort:1131 , Intf: ppp-0, ScanCnt:0
Time: 0 hr,31 min,20 sec
Port Scan Type- SYNACK Scan, Src:220.112.64.232, Dst:61.144.142.47, Prot:TCP , DPort:1179 , Intf: ppp-0, ScanCnt:0
Time: 0 hr,31 min,20 sec
ViolationType- SYN DOS, Src:172.25.1.41, Dst:61.235.82.224, Prot:TCP , SPort: 1216, DPort:9929 , Intf: eth-0, ViolationCnt:0
SessDeleted:2
Time: 0 hr,7 min,18 sec
Port Scan Type-TCP Session scan, Src:211.98.174.109, Dst:61.144.142.47, Prot:TCP , DPort:23140, Intf: ppp-0, ScanCnt:0
同时由于我透明映射到我的电脑中,我的电脑的诺顿网络防火墙接收到一个小时几千次的入侵记录。这次大规模的viking系列芯片的MODEM采用路由功能上网断流或断线的问题明显是受到了攻击导致,这个已经从自己的设备记录中还有电信和华硕那边得到了证实。但这次的起源是什么东西导致呢!同一时间内网络上大规模的搜索绝对不是人工操作的,只有一个原因:“网络病毒爆发”
我上了几个大型的安全网站和杀毒软件的网站了解了一下,个人认为这次的罪魁祸首应该是名为“网络天空”变种NETSKY.D,“雏鹰病毒”变种F,“桃色陷井”病毒变种还有“飞波”这几个病毒的可能性比较大。下面我把这几个病毒的资料文章发给大家看看。 |