Attacchi Dos

[suranero]

controllando un po opzioni del router note questi messaggi qualcuno me li po decifrare ...


[DoS attack: ACK Scan] from source: 193.28.147.146:80, Friday, May 03,2013 20:23:05
[admin login] from source 192.168.0.2, Friday, May 03,2013 20:22:14
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 20:20:08
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 20:20:08
[DoS attack: ACK Scan] from source: 79.92.11.129:58480, Friday, May 03,2013 20:17:21
[DoS attack: ACK Scan] from source: 89.129.244.120:57452, Friday, May 03,2013 20:16:21
[DoS attack: ACK Scan] from source: 217.225.5.11:57696, Friday, May 03,2013 20:09:50
[DoS attack: ACK Scan] from source: 105.226.110.156:56831, Friday, May 03,2013 20:04:42
[DoS attack: RST Scan] from source: 85.167.29.101:58851, Friday, May 03,2013 20:00:33
[DoS attack: RST Scan] from source: 84.142.22.230:62313, Friday, May 03,2013 19:55:49
[DoS attack: ACK Scan] from source: 212.225.217.76:58632, Friday, May 03,2013 19:54:26
[DoS attack: ACK Scan] from source: 151.52.8.102:26680, Friday, May 03,2013 19:50:09
[DoS attack: ACK Scan] from source: 151.25.204.196:24541, Friday, May 03,2013 19:49:48
[DoS attack: ACK Scan] from source: 78.15.78.164:19576, Friday, May 03,2013 19:49:05
[DoS attack: ACK Scan] from source: 151.25.204.196:24300, Friday, May 03,2013 19:44:12
[DoS attack: ACK Scan] from source: 78.15.78.164:19357, Friday, May 03,2013 19:43:48
[DoS attack: ACK Scan] from source: 31.13.77.42:443, Friday, May 03,2013 19:36:55
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 19:36:37
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 19:36:36
[DoS attack: RST Scan] from source: 93.45.74.230:59986, Friday, May 03,2013 19:16:37
[DoS attack: ACK Scan] from source: 31.13.77.58:443, Friday, May 03,2013 19:10:07
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 19:03:23
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 19:03:23
[DoS attack: ACK Scan] from source: 69.171.235.16:443, Friday, May 03,2013 18:47:28
[DoS attack: ACK Scan] from source: 213.22.61.17:57986, Friday, May 03,2013 18:42:09
[DoS attack: ACK Scan] from source: 81.81.20.11:56239, Friday, May 03,2013 18:24:34
[DoS attack: ACK Scan] from source: 85.0.100.230:56994, Friday, May 03,2013 18:24:13
[DoS attack: ACK Scan] from source: 62.149.140.251:80, Friday, May 03,2013 18:22:48
[DoS attack: ACK Scan] from source: 83.113.22.219:56875, Friday, May 03,2013 18:19:17
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 18:18:20
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 18:18:19
[UPnP set event:DeletePortMapping] from source 192.168.0.2, Friday, May 03,2013 18:18:18
[UPnP set event:DeletePortMapping] from source 192.168.0.2, Friday, May 03,2013 18:18:17
[DoS attack: ACK Scan] from source: 213.164.122.142:57605, Friday, May 03,2013 18:18:09
[DoS attack: ACK Scan] from source: 213.164.122.142:57605, Friday, May 03,2013 18:15:33
[DoS attack: ACK Scan] from source: 83.201.101.23:58552, Friday, May 03,2013 18:13:49
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 18:12:24
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 18:12:24
[DoS attack: ACK Scan] from source: 93.102.91.158:57537, Friday, May 03,2013 17:53:47
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 17:50:43
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 17:50:43
[DoS attack: IMAP Scan] from source: 126.244.3.105:60100, Friday, May 03,2013 17:48:21
[DoS attack: FIN Scan] from source: 126.244.3.105:60100, Friday, May 03,2013 17:47:30
[UPnP set event:AddPortMapping] from source 192.168.0.3, Friday, May 03,2013 17:46:43
[UPnP set event:AddPortMapping] from source 192.168.0.3, Friday, May 03,2013 17:46:42
[DHCP IP: (192.168.0.3)] to MAC address 4C:ED:DE:1A:AA:4A, Friday, May 03,2013 17:46:31
[DoS attack: ACK Scan] from source: 103.31.220.99:80, Friday, May 03,2013 17:34:39
[DoS attack: ACK Scan] from source: 103.31.220.99:80, Friday, May 03,2013 17:29:29
[DoS attack: ACK Scan] from source: 50.87.124.81:80, Friday, May 03,2013 17:29:08
[admin login] from source 192.168.0.2, Friday, May 03,2013 17:09:43
[DoS attack: ACK Scan] from source: 190.251.40.165:16415, Friday, May 03,2013 17:09:16
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 17:07:36
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 17:07:36
[DoS attack: ACK Scan] from source: 62.149.140.251:80, Friday, May 03,2013 17:05:29
[Time synchronized with NTP server time-g.netgear.com] Friday, May 03,2013 16:22:37
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 16:20:35
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 16:20:34
[UPnP set event:DeletePortMapping] from source 192.168.0.2, Friday, May 03,2013 16:20:32
[UPnP set event:DeletePortMapping] from source 192.168.0.2, Friday, May 03,2013 16:20:31
[Internet connected] IP address: 84.220.40.79, Friday, May 03,2013 16:20:24
[Internet disconnected] Friday, May 03,2013 16:20:10
[admin login] from source 192.168.0.2, Friday, May 03,2013 16:19:53
[DoS attack: ACK Scan] from source: 93.108.38.49:56439, Friday, May 03,2013 16:11:48
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 16:01:19
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 16:01:18
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 15:54:18
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 15:54:18
[DoS attack: ACK Scan] from source: 84.209.90.239:58782, Friday, May 03,2013 15:44:28
[DoS attack: ACK Scan] from source: 85.22.120.66:56855, Friday, May 03,2013 15:29:29
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 15:28:03
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 15:28:03
[DoS attack: RST Scan] from source: 84.57.188.102:17991, Friday, May 03,2013 15:26:15
[DoS attack: RST Scan] from source: 88.67.205.181:10254, Friday, May 03,2013 15:22:19
[DoS attack: ACK Scan] from source: 62.72.227.140:57243, Friday, May 03,2013 15:10:33
[DoS attack: ACK Scan] from source: 62.72.227.140:57243, Friday, May 03,2013 15:09:37
[DoS attack: ACK Scan] from source: 93.173.91.175:57012, Friday, May 03,2013 14:57:10
[DoS attack: ACK Scan] from source: 93.173.91.175:57012, Friday, May 03,2013 14:48:42
[DoS attack: ACK Scan] from source: 93.108.38.49:56439, Friday, May 03,2013 14:48:18
[DoS attack: ACK Scan] from source: 109.122.181.90:58964, Friday, May 03,2013 14:37:06
[DoS attack: ACK Scan] from source: 95.175.138.81:58242, Friday, May 03,2013 14:35:09
[DoS attack: ACK Scan] from source: 62.72.227.140:57243, Friday, May 03,2013 14:32:23
[DoS attack: ACK Scan] from source: 77.125.88.171:58880, Friday, May 03,2013 14:28:17
[DoS attack: ACK Scan] from source: 109.122.181.90:58964, Friday, May 03,2013 14:13:17
[DoS attack: ACK Scan] from source: 109.122.181.90:58964, Friday, May 03,2013 14:12:35
[DoS attack: ACK Scan] from source: 95.223.124.109:57962, Friday, May 03,2013 14:12:13
[DoS attack: ACK Scan] from source: 109.122.181.90:58964, Friday, May 03,2013 14:08:43
[DoS attack: ACK Scan] from source: 141.2.176.121:56158, Friday, May 03,2013 14:07:52
[admin login] from source 192.168.0.2, Friday, May 03,2013 14:00:36
[DoS attack: ACK Scan] from source: 197.2.55.249:58885, Friday, May 03,2013 13:59:58
[DoS attack: RST Scan] from source: 208.78.158.105:80, Friday, May 03,2013 13:58:45
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:55:10
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:54:49
[DoS attack: ACK Scan] from source: 222.231.10.111:80, Friday, May 03,2013 13:54:15
[DoS attack: ACK Scan] from source: 95.223.124.109:57962, Friday, May 03,2013 13:53:53
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:53:07
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:52:23
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:51:34
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:50:37
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:50:16
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:49:44
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:48:07
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:46:56
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:46:35
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:43:19
[DoS attack: RST Scan] from source: 66.235.120.94:80, Friday, May 03,2013 13:42:48
[DoS attack: ACK Scan] from source: 41.135.175.209:57575, Friday, May 03,2013 13:41:44
[DoS attack: ACK Scan] from source: 208.72.28.10:443, Friday, May 03,2013 13:39:48
[DoS attack: ACK Scan] from source: 208.72.28.10:443, Friday, May 03,2013 13:38:44
[DoS attack: ACK Scan] from source: 208.72.28.10:443, Friday, May 03,2013 13:38:12
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 13:36:16
[UPnP set event:AddPortMapping] from source 192.168.0.2, Friday, May 03,2013 13:36:16
[DHCP IP: (192.168.0.2)] to MAC address 54:04:A6:B9:73:28, Friday, May 03,2013 13:35:49
[Time synchronized with NTP server time-g.netgear.com] Friday, May 03,2013 13:35:42
[Internet connected] IP address: 78.13.37.248, Friday, May 03,2013 13:34:19
[DSL: Up] Friday, May 03,2013 13:34:10
[Initialized, firmware version: V1.1.00.22_1.00.22 ] Friday, May 03,2013 13:33:28


grazie ax eventuale risposta

 

[tecnico24]

Ciao.
Visionando i vari attacchi , si può dedurre che vari client p2p (infatti UPnP è settato per lasciare aperte le porte al software peer to peer) cercano di attaccarti.
Il router fa il suo dovere (dovresti postare la marca) , è una prassi tranquilla , da qui ti pongo due domande:
Che firewall (software) utilizzi?
marca del router?
nota se gli attacchi avvengono con client p2p chiuso o meno.

 

[Poweredge]

Anche a me sembra attivitá p2p...

 

[suranero]

Ciao.
Visionando i vari attacchi , si può dedurre che vari client p2p (infatti UPnP è settato per lasciare aperte le porte al software peer to peer) cercano di attaccarti.
Il router fa il suo dovere (dovresti postare la marca) , è una prassi tranquilla , da qui ti pongo due domande:
Che firewall (software) utilizzi?
marca del router?
nota se gli attacchi avvengono con client p2p chiuso o meno.

ciao allora io uso dgn2200 v3 come modello (firewall=) ce lo disattivato, p2p uso raramente il torent. diciamo da 3 giorni mi va male la linea ho sbalzi di ping e dow e di solito devo riavviare router x sistemare tutto , deciso di scaricare misura internet e in alcuni casi non mi faceva fare misura in quanto x lui cera tropo traffico sulla rete anche se non facevo niente , guardando un po opzioni di router trovo quei messaggi ma precisamente non capisco cosa vogliono dire . (che firewall mi consigliate )

 

[tecnico24]

Attiva il firewall del router.
Avendo disattivato il firewall del router , hai lasciato che utenti malintenzionati utilizzassero le tue porte a proprio comodo , cioè in un vero e proprio bicchier d'acqua.
Difendersi è molto difficile , sopratutto quando l'attacco proviene da molteplici client(e non alcuni se avevi il firewall attivo).
Quindi ripeto attiva immediatamente il firewall e controlla nella sezione security sia attivato l'opzione di prevenzione contro questi attacchi e vedi se si ripetono.

 

[suranero]

Attiva il firewall del router.
Avendo disattivato il firewall del router , hai lasciato che utenti malintenzionati utilizzassero le tue porte a proprio comodo , cioè in un vero e proprio bicchier d'acqua.
Difendersi è molto difficile , sopratutto quando l'attacco proviene da molteplici client(e non alcuni se avevi il firewall attivo).
Quindi ripeto attiva immediatamente il firewall e controlla nella sezione security sia attivato l'opzione di prevenzione contro questi attacchi e vedi se si ripetono.

non so precisamente che devo fare chiudere le porte di default ?

Tabella servizi

# Nome servizio Ports

Servizi in uscita

# Attiva Nome servizio Azione Utenti LAN Server WAN Registro Predefinito Sì Qualsiasi CONSENTI sempre Qualsiasi Qualsiasi Mai

Servizi in entrata Click here to setup Inbound Firewall Rules for gaming or other applications

Instant Messaging(IM) Ports Close IM Ports Open IM Ports(IM ports are open by default)

 

[tecnico24]

Hai fatto/verificato quello che ho detto?

 

[suranero]

non saprei dove mettere le mani il firewall del router ce solo questo che ho postato

 

[tecnico24]

Ciao.
In servizi in uscita elimina quella regola.
Configura Utorrent per la porta TCP interessata (apri Utorrent opzioni-impostazioni) e la setti nella pagina del router scegliendo porta TCP.
Ovviamente il pc deve avere un IP statico.

 

[suranero]

Ciao.
In servizi in uscita elimina quella regola.
Configura Utorrent per la porta TCP interessata (apri Utorrent opzioni-impostazioni) e la setti nella pagina del router scegliendo porta TCP.
Ovviamente il pc deve avere un IP statico.

allora ho installato zone alarm x quando riguarda ip statico non so come impostarlo nel mio modem ce impostato Richiedi dinamicamente dall'ISP .....chiaramente ho chiuso porte tramite router ma attacchi continuano,

domanda questi attacchi possono portare all ping da 60 a 300 ? e calo di banda sulla linea infati di solito basta riavviare router x sistemare tutto .

 

[tecnico24]

Certo , l'obiettivo è proprio quello di rendere instabile la linea.
Poco puoi fare , l'importante che entrambi i firewall(hardware e software) sono attivi e che tutte le porte siano chiuse.

 

[suranero]

ma se tutte le porte sono chiuse come e possibile che attacchi continuano infatti router rivela attacchi dos

 

[tecnico24]

E' una normale prassi , l'importante è che TUTTI i servizi di protezione (incluso il firewall e il servizio di prevenzione degli attacchi Dos integrato nel router stesso) siano attivi.

 

[suranero]

E' una normale prassi , l'importante è che TUTTI i servizi di protezione (incluso il firewall e il servizio di prevenzione degli attacchi Dos integrato nel router stesso) siano attivi.[/QUOT

scusa ma da dove me lo manda attacco dos ? se e torent basta disinstallarlo no ?

 

[tecnico24]

No , sono le porte che vengono attaccate , non certo Utorrent.
Avendo disabilitato/rimosso il firewall mi sembra normale che un malintenzionato prendi di mira la tua macchina.
Dopo questi accorgimenti , verifica se la connessione e il pc sono stabili.