| Autore |
 Discussione  |
|
|
liaam83
New Member
37 Messaggi |
 Inserito il - 07/10/2006 : 12:39:35
|
Salve a tutti!
E' il mio primo post qui, anche se ho avuto modo di dare una letta in giro per il forum prima di scrivere.
Vi espongo il mio problema.
Ho un AccessPoint usr5462, che da un paio di settimane mi sta dando problemi, ad esempio non mi fa visualizzare google.
Ho pensato fosse un problema fisico della macchina, c'è da premettere che sono utente fastweb...
Se mi collego diretto all'hag invece, nessun problema.
Ieri notte per curiosità mi sono andato a vedere il security log dell'access point guardate che cosa è uscito fuori!
Security log:
2006/10/06 15:17:19 : Blocked access attempt from 23.241.64.126
2006/10/06 15:15:27 : Blocked access attempt from 207.68.178.61
2006/10/06 15:09:40 : Blocked access attempt from 36.244.101.187
2006/10/06 15:07:49 : 192.168.2.127 login successfully
2006/10/06 15:05:49 : Blocked access attempt from 65.54.239.140
2006/10/06 15:05:35 : Blocked access attempt from 64.4.12.201
2006/10/06 15:05:18 : Blocked access attempt from 65.54.239.140
2006/10/06 15:02:34 : Blocked access attempt from 23.241.64.126
2006/10/06 14:46:58 : Blocked access attempt from 5.5.100.50
2006/10/06 14:45:01 : Blocked access attempt from 41.253.112.178
2006/10/06 14:44:26 : Blocked access attempt from 23.243.85.21
2006/10/06 14:44:17 : Blocked access attempt from 5.241.21.6
2006/10/06 14:43:14 : Blocked access attempt from 23.249.38.97
2006/10/06 14:43:13 : Blocked access attempt from 1.38.140.75
2006/10/06 14:43:03 : Blocked access attempt from 23.243.85.21
2006/10/06 14:42:27 : Blocked access attempt from 41.241.154.191
2006/10/06 14:42:16 : Blocked access attempt from 23.254.122.31
2006/10/06 14:41:23 : Blocked access attempt from 23.241.64.126
2006/10/06 14:41:06 : Blocked access attempt from 23.231.161.250
2006/10/06 14:40:32 : Blocked access attempt from 39.240.130.13
2006/10/06 14:40:30 : Blocked access attempt from 39.237.10.250
2006/10/06 14:39:41 : Blocked access attempt from 37.240.93.198
2006/10/06 14:39:28 : Blocked access attempt from 39.237.10.250
2006/10/06 14:39:03 : Blocked access attempt from 1.12.84.99
2006/10/06 14:38:50 : Blocked access attempt from 37.254.20.166
2006/10/06 14:38:46 : Blocked access attempt from 41.242.185.247
2006/10/06 14:38:23 : Blocked access attempt from 23.229.132.211
2006/10/06 14:37:03 : Blocked access attempt from 41.22.179.98
2006/10/06 14:36:29 : Blocked access attempt from 1.255.56.119
2006/10/06 14:35:44 : Blocked access attempt from 5.5.100.50
2006/10/06 14:35:25 : Blocked access attempt from 41.235.121.174
2006/10/06 14:35:21 : Blocked access attempt from 37.240.92.125
2006/10/06 14:34:57 : Blocked access attempt from 39.235.48.229
2006/10/06 14:34:46 : Blocked access attempt from 5.2.13.210
2006/10/06 14:34:39 : Blocked access attempt from 37.241.149.93
2006/10/06 14:34:16 : Blocked access attempt from 37.0.141.180
2006/10/06 14:33:51 : Blocked access attempt from 5.5.100.50
2006/10/06 14:32:29 : Blocked access attempt from 37.243.96.135
2006/10/06 14:31:45 : Blocked access attempt from 23.240.183.122
2006/10/06 14:31:35 : Blocked access attempt from 37.255.214.87
2006/10/06 14:31:34 : Blocked access attempt from 23.252.59.202
2006/10/06 14:31:10 : Blocked access attempt from 1.31.20.145
2006/10/06 14:30:45 : Blocked access attempt from 41.19.152.146
2006/10/06 14:29:57 : Blocked access attempt from 1.242.189.19
2006/10/06 14:28:53 : Blocked access attempt from 23.241.64.126
2006/10/06 14:28:50 : Blocked access attempt from 39.234.130.11
2006/10/06 14:28:50 : Blocked access attempt from 23.241.64.126
2006/10/06 14:26:13 : Blocked access attempt from 39.2.120.65
2006/10/06 14:25:17 : Blocked access attempt from 41.233.50.187
2006/10/06 14:25:04 : Blocked access attempt from 29.243.173.77
2006/10/06 14:24:43 : Blocked access attempt from 22.244.186.121
2006/10/06 14:23:57 : Blocked access attempt from 23.249.201.242
2006/10/06 14:23:44 : Blocked access attempt from 41.243.99.163
2006/10/06 14:23:27 : Blocked access attempt from 31.242.84.9
2006/10/06 14:23:06 : Blocked access attempt from 37.242.147.159
2006/10/06 14:22:28 : Blocked access attempt from 1.56.20.50
2006/10/06 14:21:24 : Blocked access attempt from 39.255.135.106
2006/10/06 14:21:19 : Blocked access attempt from 41.5.108.139
2006/10/06 14:20:35 : Blocked access attempt from 39.255.117.97
2006/10/06 14:20:24 : Blocked access attempt from 31.242.84.9
2006/10/06 14:19:37 : Blocked access attempt from 1.22.31.209
2006/10/06 14:18:36 : Blocked access attempt from 5.242.189.35
2006/10/06 14:18:22 : Blocked access attempt from 2.241.204.121
2006/10/06 14:18:10 : Blocked access attempt from 2.244.95.155
2006/10/06 14:17:51 : Blocked access attempt from 1.123.4.69
2006/10/06 14:17:44 : Blocked access attempt from 22.244.186.121
2006/10/06 14:17:25 : Blocked access attempt from 39.242.187.230
2006/10/06 14:17:21 : Blocked access attempt from 31.243.27.194
2006/10/06 14:17:19 : Blocked access attempt from 23.20.213.173
2006/10/06 14:16:55 : Blocked access attempt from 23.10.64.137
2006/10/06 14:16:47 : Blocked access attempt from 23.241.104.34
2006/10/06 14:16:21 : Blocked access attempt from 39.254.123.153
2006/10/06 14:16:03 : Blocked access attempt from 1.22.31.209
2006/10/06 14:16:01 : Blocked access attempt from 37.255.98.41
2006/10/06 14:15:52 : Blocked access attempt from 39.0.76.219
2006/10/06 14:15:45 : Blocked access attempt from 23.231.161.250
2006/10/06 14:15:44 : Blocked access attempt from 41.242.25.118
2006/10/06 14:15:07 : Blocked access attempt from 41.253.112.178
2006/10/06 14:14:49 : Blocked access attempt from 39.237.188.247
2006/10/06 14:14:47 : Blocked access attempt from 22.244.186.121
2006/10/06 14:13:39 : Blocked access attempt from 1.242.189.19
2006/10/06 14:13:26 : Blocked access attempt from 23.251.122.18
2006/10/06 14:12:45 : Blocked access attempt from 1.121.68.36
2006/10/06 14:12:22 : Blocked access attempt from 1.244.88.34
2006/10/06 14:12:16 : Blocked access attempt from 1.237.4.10
2006/10/06 14:12:06 : Blocked access attempt from 39.255.117.97
2006/10/06 14:11:25 : Blocked access attempt from 5.5.100.50
2006/10/06 14:11:09 : Blocked access attempt from 41.239.104.49
2006/10/06 14:11:06 : Blocked access attempt from 23.24.56.53
2006/10/06 14:10:46 : Blocked access attempt from 14.243.95.98
2006/10/06 14:10:10 : Blocked access attempt from 27.243.166.58
2006/10/06 14:10:08 : Blocked access attempt from 1.237.171.41
2006/10/06 14:10:02 : Blocked access attempt from 37.255.92.130
2006/10/06 14:09:53 : Blocked access attempt from 23.231.184.89
2006/10/06 14:09:47 : Blocked access attempt from 37.240.93.198
2006/10/06 14:09:40 : Blocked access attempt from 23.251.172.210
2006/10/06 14:09:32 : Blocked access attempt from 2.243.62.79
2006/10/06 14:09:32 : Blocked access attempt from 37.243.96.135
2006/10/06 14:09:32 : Blocked access attempt from 27.244.139.51
2006/10/06 14:09:22 : Blocked access attempt from 37.255.92.130
2006/10/06 14:09:07 : Blocked access attempt from 1.12.84.99
2006/10/06 14:08:42 : Blocked access attempt from 23.252.17.70
2006/10/06 14:08:13 : Blocked access attempt from 23.226.194.38
2006/10/06 14:06:10 : Blocked access attempt from 23.250.45.38
2006/10/06 14:05:58 : Blocked access attempt from 39.233.30.85
2006/10/06 14:05:41 : Blocked access attempt from 1.34.52.130
2006/10/06 14:05:35 : Blocked access attempt from 23.251.3.41
2006/10/06 14:04:45 : Blocked access attempt from 39.242.187.230
2006/10/06 14:04:28 : Blocked access attempt from 37.255.92.130
2006/10/06 14:04:14 : Blocked access attempt from 39.232.8.89
2006/10/06 14:04:04 : Blocked access attempt from 36.243.132.43
2006/10/06 14:04:02 : Blocked access attempt from 2.255.88.37
2006/10/06 14:03:47 : Blocked access attempt from 39.244.187.85
2006/10/06 14:03:17 : Blocked access attempt from 37.255.92.130
2006/10/06 14:02:33 : Blocked access attempt from 23.255.177.166
2006/10/06 14:01:47 : Blocked access attempt from 39.244.187.85
2006/10/06 14:01:18 : Blocked access attempt from 1.237.4.10
2006/10/06 14:01:01 : Blocked access attempt from 39.244.187.85
2006/10/06 14:00:39 : Blocked access attempt from 41.255.42.70
2006/10/06 13:58:50 : Blocked access attempt from 37.2.215.145
2006/10/06 13:58:44 : Blocked access attempt from 1.240.140.166
2006/10/06 13:58:35 : Blocked access attempt from 1.94.168.73
2006/10/06 13:57:58 : Blocked access attempt from 37.255.92.130
2006/10/06 13:57:55 : Blocked access attempt from 2.255.88.194
2006/10/06 13:57:48 : Blocked access attempt from 39.242.187.230
2006/10/06 13:57:43 : Blocked access attempt from 1.3.7.58
2006/10/06 13:57:42 : Blocked access attempt from 1.34.52.130
al chè mi sono un po' preoccupato! :D
Il ping dall'esterno è disabilitato e il controllo DoS invece è su.
Mi sapete spiegare che diavolo significa quel og?
Cercano solo di rompere le scatole o stanno effettivamente cercando di entrare nella rete?!
oggi poi come ulteriore prova, ho provato con nmap dall'esterno del router a scansionare le porte... in questo caso,il log cambia:
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:20020 Dest IP:indirizzo del router Port:997
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:14214 Dest IP:indirizzo del router Port:521
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:13417 Dest IP:indirizzo del router Port:637
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:21206 Dest IP:indirizzo del router Port:373
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:3333 Dest IP:indirizzo del router Port:537
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:7882 Dest IP:indirizzo del router Port:867
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:21799 Dest IP:indirizzo del router Port:1377
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:15423 Dest IP:indirizzo del router Port:1375
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:28526 Dest IP:indirizzo del router Port:1468
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:15140 Dest IP:indirizzo del router Port:579
2006/10/07 01:45:18 : Blocked intrusion "TCP SYN Flooding" from indirizzo esterno
2006/10/07 01:45:18 : **TCP SYN Flooding** <TCP> Source IP:indirizzo esterno Port:19970 Dest IP:indirizzo del router Port:997
Le porte sono tutte filtrate dal firewall
Cosa ne pensate? ho visto che c'era anche un altro post con qualcosa del genere riguardo ad un altro usr, ma preferirei spiegazioni specifiche al mio caso :) quindi scusate se magari posto qualcosa di trito e ritrito...
Thx!!
|
|
|
Gimli
Moderatore
.jpg)
Città: Belluno
1870 Messaggi |
Inserito il - 07/10/2006 : 13:06:03
|
Non e' che hai l'interfaccia di amministrazione dell'access point (telnet o web che sia) aperta al mondo? Non conosco il prodotto, ma sembra come se qualcuno avesse tentato di fare login. Sicuro che nmap non ti mostri le porte 23 e/o 80 aperte?
Ciao |
 |
|
|
liaam83
New Member
37 Messaggi |
Inserito il - 07/10/2006 : 13:55:49
|
Si si, sicurissimo... l'amministrazione remota è disabilitata e nmap mi ha detto esplicitamente che TUTTE le porte sono filtrate... io ho postato solo una parte dell syslog perchè completo era veramente lungo.
|
|
|
| |
Discussione |
|
Sono nel mirino di un ciclone?
Forum Bloccato
